Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constantly being hit by Trojans.


  • This topic is locked This topic is locked
23 replies to this topic

#1 Necroscope84

Necroscope84

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 04 February 2011 - 09:31 PM

Hello, I have been having problems with Trojans and other Maleware for a while now. About a month ago I came here for help for a Java Trojan I had and you'll helped me clean it up really well, but last week I got another JAVA/exploit Trojan and Avira got rid of it. I scanned for maleware and rootkits and found two more Trojans. I read up on your being prepared topic and created the dds log and tried to run Gmer but everytime I try Gmer my pc hangs up and I have to reset it. It just keeps spinning like it's loading and earlier while I was stuck I tried to close it using Ctrl-Alt-Delete but I got an error that said: Logon process has failed to create the security options dialog (X-Failure - Security Options) but now it's working normal and not doing that. Also I noticed some of my security settings were changed and I cannot create any kind of internet shortcuts on my desktop by right clicking on my desktop to do it. Nothing happens. I was able to run Gmer in safe mode but don't know if it did everything you'll need it to do that way.

The weird thing is that both viruses were found in my C:program files for two games: Icewind Dale and The Witcher, neither of which I have played in a long time and Icewind dale has absolutely no downloaded user content. Plus I've scanned my pc over and over and they have always been clean. Could that be a false positive or someone trying to steal cd codes? I just don't get how I keep getting popped. I no longer surf the internet at all and only play World of warcraft and visit their site. I don't click on links from the forums and do not open ANY email anymore so I don't see how I keep getting these. I also am bothered by the fact that I keep getting these Java exploit trojans when my java is up to date. I have even used JavaRA to get rid of all old stuff. Anyway I hope you'll can help me. I'm posting my Avira logs, the dds logs and the Gmer log that I ran in safe mode. Thank you so much and hopefully we can get to the bottom of this and find a way to keep it from happening over and over again. Thank you.

Here's my avira log:



Avira AntiVir Personal
Report file date: Thursday, February 03, 2011 21:34

Scanning for 2453406 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : Jamie
Computer name : JAMIE-PC

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/12/2010 05:03:20
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/12/2010 05:03:21
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 01:04:41
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 01:04:41
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 01:04:41
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 01:04:41
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 01:04:41
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 01:04:41
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 01:04:41
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 01:04:41
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 01:04:41
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 01:04:41
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 01:04:41
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 01:04:41
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 01:04:42
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 01:53:12
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 16:42:52
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 16:42:52
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 01:18:08
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 01:18:09
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 01:18:09
VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 22:51:29
VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 22:51:29
VBASE022.VDF : 7.11.1.87 225280 Bytes 1/11/2011 22:51:30
VBASE023.VDF : 7.11.1.124 125440 Bytes 1/14/2011 22:51:31
VBASE024.VDF : 7.11.1.155 132096 Bytes 1/17/2011 22:51:32
VBASE025.VDF : 7.11.1.189 451072 Bytes 1/20/2011 22:51:33
VBASE026.VDF : 7.11.1.230 138752 Bytes 1/24/2011 22:51:34
VBASE027.VDF : 7.11.2.12 164352 Bytes 1/27/2011 22:51:37
VBASE028.VDF : 7.11.2.43 178176 Bytes 2/1/2011 03:27:35
VBASE029.VDF : 7.11.2.44 2048 Bytes 2/1/2011 03:27:35
VBASE030.VDF : 7.11.2.45 2048 Bytes 2/1/2011 03:27:35
VBASE031.VDF : 7.11.2.68 158720 Bytes 2/3/2011 03:27:35
Engineversion : 8.2.4.162
AEVDF.DLL : 8.1.2.1 106868 Bytes 11/7/2010 20:16:42
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 2/4/2011 03:31:23
AESCN.DLL : 8.1.7.2 127349 Bytes 11/25/2010 04:40:45
AESBX.DLL : 8.1.3.2 254324 Bytes 11/25/2010 04:40:56
AERDL.DLL : 8.1.9.2 635252 Bytes 11/7/2010 20:16:39
AEPACK.DLL : 8.2.4.9 512374 Bytes 2/4/2011 03:30:44
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/4/2011 03:30:22
AEHEUR.DLL : 8.1.2.73 3207541 Bytes 2/4/2011 03:30:11
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/4/2011 03:27:35
AEGEN.DLL : 8.1.5.2 397683 Bytes 1/29/2011 22:51:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/25/2010 04:40:06
AECORE.DLL : 8.1.19.2 196983 Bytes 1/29/2011 22:51:41
AEBB.DLL : 8.1.1.0 53618 Bytes 11/7/2010 20:16:28
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 19:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 23:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 11/10/2010 23:09:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/12/2010 05:03:20
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/12/2010 05:03:18
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 16:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/10/2010 23:09:31

Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +PFS,+SPR,

Start of the scan: Thursday, February 03, 2011 21:34

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\firefox.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'logon.scr' - '16' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '93' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '49' Module(s) have been scanned
Scan process 'NvXDSync.exe' - '34' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '36' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '29' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '74' Module(s) have been scanned
Scan process 'unsecapp.exe' - '28' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '35' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '35' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '46' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '7' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '31' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '20' Module(s) have been scanned
Scan process 'SeaPort.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '27' Module(s) have been scanned
Scan process 'McciCMService.exe' - '32' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'avguard.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'BelkinService.exe' - '45' Module(s) have been scanned
Scan process 'BelkinSetup.exe' - '111' Module(s) have been scanned
Scan process 'avgnt.exe' - '62' Module(s) have been scanned
Scan process 'BelkinRouterMonitor.exe' - '40' Module(s) have been scanned
Scan process 'taskeng.exe' - '78' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'spoolsv.exe' - '79' Module(s) have been scanned
Scan process 'Explorer.EXE' - '138' Module(s) have been scanned
Scan process 'Dwm.exe' - '49' Module(s) have been scanned
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '84' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '149' Module(s) have been scanned
Scan process 'svchost.exe' - '117' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1835' files ).


Starting the file scan:

Begin scan in 'C:' <COMPAQ>
C:\hp\bin\Python\Lib\test\testtar.tar
[0] Archive type: TAR (tape archiver)
--> 0-REGTYPE-TEXT
[WARNING] Internal error!
[WARNING] Internal error!
C:\Program Files\Black Isle\Icewind Dale II\Config.exe
[DETECTION] Is the TR/Expl.Nuker.NSNuke.t Trojan
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar
[0] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
[WARNING] Internal error!
C:\Program Files\The Witcher\Data\TLK_from_backup.exe
[DETECTION] Is the TR/Dldr.Vxidl.89 Trojan

Beginning disinfection:
C:\Program Files\The Witcher\Data\TLK_from_backup.exe
[DETECTION] Is the TR/Dldr.Vxidl.89 Trojan
[NOTE] The file was moved to the quarantine directory under the name '49d21240.qua'.
C:\Program Files\Black Isle\Icewind Dale II\Config.exe
[DETECTION] Is the TR/Expl.Nuker.NSNuke.t Trojan
[NOTE] The file was moved to the quarantine directory under the name '516a3c02.qua'.


End of the scan: Friday, February 04, 2011 02:19
Used time: 4:38:02 Hour(s)

The scan has been done completely.

31014 Scanned directories
1263815 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1263813 Files not concerned
5158 Archives were scanned
4 Warnings
2 Notes
974426 Objects were scanned with rootkit scan
3 Hidden objects were found

======

Here's my gmer log> i don't know why it's putting them all in the same window. I'm trying to seperate them for easy reading.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-04 19:42:29
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\00000059 ST336032 rev.3.CH
Running: gmer.exe; Driver: C:\Users\Jamie\AppData\Local\Temp\kwlcypod.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? B13C1A50
INT 0x52 ? B19A9A50
INT 0x62 ? B19A9CD0
INT 0x71 ? B13C12D0
INT 0x72 ? B13C1050
INT 0x82 ? B13C1550
INT 0x92 ? B13C17D0
INT 0xB1 ? B13C1CD0

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\drivers\SSHDRV85.sys section is writeable [0xB6601000, 0x24A24, 0xE8000020]
.pklstb C:\Windows\system32\drivers\SSHDRV85.sys entry point in ".pklstb" section [0xB6634000]
.relo2 C:\Windows\system32\drivers\SSHDRV85.sys unknown last section [0xB664A000, 0x8E, 0x42000040]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0xB1 0xB8 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD6 0xA9 0x2A 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x34 0x8E 0xA5 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0xB1 0xB8 0x7F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD6 0xA9 0x2A 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x34 0x8E 0xA5 0xEE ...

---- EOF - GMER 1.0.15 ----

Okay, got it sepereated, here's that dds log, I was trying to put this second but messed up or something. sorry if it's a bit confusing.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Jamie at 12:45:53.82 on Fri 02/04/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1738 [GMT -6:00]

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jamie\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\g3wogpra.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\g3wogpra.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Prism for Firefox: refractor@developer.mozilla.org - %profile%\extensions\refractor@developer.mozilla.org
FF - Ext: VTzilla: vtzilla@virustotal.com - %profile%\extensions\vtzilla@virustotal.com

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-27 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-6-25 78848]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-6-17 21504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-7 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-7 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-7 61960]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-23 12672]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-7-15 20328]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\dragon age\tools\toolssql\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-6-17 809296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1402272]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-2 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 LiveTurbineMessageService;Turbine Message Service - Live; [x]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-2-12 99152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-02 00:45:56 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{22a95e9e-cc34-4bfb-ba6c-53f33ab1b004}\mpengine.dll
2011-01-25 19:32:32 -------- d-----w- C:\Sony
2011-01-14 20:07:23 -------- d-----w- c:\program files\Stunlock Studios
2011-01-14 20:06:12 -------- d-----w- c:\program files\Microsoft XNA
2011-01-11 18:35:30 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-11 18:35:30 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-11 18:35:30 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 18:35:30 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-11 18:35:30 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-11 18:35:30 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-11 18:35:26 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-09 01:01:46 -------- d-----w- c:\users\jamie\appdata\roaming\Wal-Mart
2011-01-09 01:01:46 -------- d-----w- c:\program files\Wal-Mart
2011-01-09 01:01:46 -------- d-----w- c:\progra~2\Wal-Mart
2011-01-08 19:15:41 -------- d-----w- c:\progra~2\Blizzard Entertainment

==================== Find3M ====================

2010-12-21 01:44:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-11 00:29:30 64864 ----a-w- c:\windows\system32\sqlctr90.dll
2010-12-11 00:29:30 2248032 ----a-w- c:\windows\system32\sqlncli.dll
2010-12-02 03:05:37 0 ----a-w- c:\windows\system32\RENBCBC.tmp
2010-12-02 03:05:37 0 ----a-w- c:\windows\system32\RENBCBB.tmp
2010-12-02 03:05:37 0 ----a-w- c:\windows\system32\RENBCBA.tmp

============= FINISH: 12:46:42.27 =========

Ok, I just got a windows update saying I need Vista SP2 which I downloaded over a year ago, I don't understand what's going on here. Could these trojans have gotten rid of my sp2, i had a horrible time getting it installed in the first place and now the download for it keeps failing over and over. I don't even remember anymore how I got it to update in the first freaking place. I found 2 more trojan traces using spybot and now this, maybe spybot messed up, I might just go back and restore what they found, I don't know I'm at a complete lost here. Please help me.

Merged 4 posts. ~ OB

Edited by Orange Blossom, 06 February 2011 - 01:57 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:16 PM

Posted 07 February 2011 - 05:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.


Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 08 February 2011 - 05:01 PM

Hello, thanks so much for responding. It's ok that it took a while, I know you'll are very busy and I appreciate you'll taking the time to help me. Before I post the logs let me explain what's happening a bit better. I have been getting Java exploit type trojans for a while now, You'll helped me clean them up about a month ago but I got another one last week, I also got two more trojans that Avira found and another one with some registry changes that Spybot found. I'll post them below also. I thought I'd had Vista sp2 but remembered that I was never able to install it without an error and gave up on it and I just found out that Microsoft is no longer supporting Vista users without SP2 therefore I can't get any more security updates which is why I think I keep getting trojans. I've updated every program I can think of, I've used Secunia PSI to help and JavaRA to update java but still got a JAVA trojan somehow. I cannot update to sp2, I keep getting the 0x80073712 ERROR_SXS_Component_Store_Corrupt. I contacted Microsoft and we tried everthing. The SP2 prepardness tool, Microsoft Fix and ran a Sfc /scannow which found a problem with the Microsoft store that It could not fix. I have alot of corrupt system files. I just tried to run World of Warcraft and it told me the updater was corrupt and to run their repair tool which I haven't done yet. I just keep getting trojans and my system files keep getting worse and worse. I can't even create a internet shortcut on my desktop anymore so I came here. Microsoft told me I'd have to get a Vista disc and do an Inhouse update or something like that. My PC didn't come with a disc so I may just upgrade to windows 7 if I can't get the SP2 to install but first I want to get this crud out of my system. Sorry for the long post but I don't know how else to explain things. Here's MY Logs you'll asked for:


OTL logfile created on: 2/8/2011 3:47:05 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 12000 15000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.87 Gb Total Space | 104.62 Gb Free Space | 32.10% Space Free | Partition Type: NTFS
Drive D: | 9.48 Gb Total Space | 1.28 Gb Free Space | 13.48% Space Free | Partition Type: NTFS

Computer Name: JAMIE-PC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/08 15:29:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2010/12/26 20:59:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/26 20:59:32 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/22 03:04:14 | 000,936,712 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/12/22 03:04:06 | 001,402,272 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/11 23:03:19 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010/11/10 17:09:32 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/10 17:09:31 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/16 11:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 10:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009/11/06 13:13:20 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009/11/06 13:13:16 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/07/30 13:45:38 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 01:33:39 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


========== Modules (SafeList) ==========

MOD - [2011/02/08 15:29:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
MOD - [2011/02/05 20:44:30 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/31 09:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010/03/13 17:29:17 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/03/13 17:29:17 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineMessageService)
SRV - [2011/01/10 08:24:20 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/05 19:49:48 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/12/22 03:04:06 | 001,402,272 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/12/11 23:03:19 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2010/11/10 17:09:32 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/16 10:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 14:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/11/06 13:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/02/06 17:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/07/30 13:45:38 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (Lavasoft Kernexplorer)
DRV - [2010/12/20 19:53:56 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/30 14:42:09 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/16 12:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/12 17:45:22 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/08/12 06:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/09 12:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/30 16:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 16:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/12 19:34:58 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/09/15 13:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/08/04 08:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/17 10:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 10:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 10:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 10:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/02/06 17:08:52 | 000,055,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/25 10:52:38 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SSHDRV85.sys -- (SSHDRV85)
DRV - [2008/06/20 15:14:44 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/06/20 15:14:44 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/03/11 02:00:35 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/03/11 02:00:35 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/03/11 02:00:35 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 23:49:39 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2007/10/26 05:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/08/28 17:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/12/07 09:04:40 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/12/07 09:04:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/12/07 09:03:32 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2006/11/28 10:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3177060753-589307236-2942547930-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3177060753-589307236-2942547930-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3177060753-589307236-2942547930-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3
FF - prefs.js..extensions.enabledItems: refractor@developer.mozilla.org:1.0b3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: vtzilla@virustotal.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/05 20:44:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/05 20:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/05 20:44:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/05 20:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/05 20:44:40 | 000,000,000 | ---D | M]

[2010/10/18 12:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions
[2010/10/18 12:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2011/02/05 20:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\g3wogpra.default\extensions
[2010/12/26 20:58:53 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\g3wogpra.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/05/10 11:46:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\g3wogpra.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/18 12:10:24 | 000,000,000 | ---D | M] (Prism for Firefox) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\g3wogpra.default\extensions\refractor@developer.mozilla.org
[2010/12/26 21:22:58 | 000,000,000 | ---D | M] (VTzilla) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\g3wogpra.default\extensions\vtzilla@virustotal.com
[2010/10/18 12:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\g3wogpra.default\extensions\refractor@developer.mozilla.org\prism\extensions
[2010/12/26 21:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/20 19:44:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/05 20:44:30 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/12/20 19:44:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/05 19:33:51 | 000,429,019 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14795 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3177060753-589307236-2942547930-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKU\S-1-5-21-3177060753-589307236-2942547930-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3177060753-589307236-2942547930-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3177060753-589307236-2942547930-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3177060753-589307236-2942547930-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/11 02:53:38 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/08 15:43:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\New Virus help
[2011/02/08 15:29:13 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2011/02/07 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Canneverbe Limited
[2011/02/07 13:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011/02/07 13:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011/02/06 18:02:20 | 000,000,000 | ---D | C] -- C:\67fa8964a913682267d93bec5a70ed4b
[2011/02/06 01:34:14 | 000,000,000 | ---D | C] -- C:\f7e41d3800a87eb5013ac5f432fbe718
[2011/02/06 00:16:46 | 498,580,680 | ---- | C] (Microsoft Corporation) -- C:\Users\Jamie\Desktop\Windows6.0-KB948465-X86.exe
[2011/02/05 20:45:31 | 000,000,000 | ---D | C] -- C:\SwSetup
[2011/02/05 20:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/02/05 20:44:26 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/02/05 20:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/02/05 20:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2011/02/05 20:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/05 20:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/02/05 20:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/02/05 20:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/02/05 20:00:21 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Secunia PSI
[2011/02/05 20:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/02/04 12:44:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\My Virus Stuff
[2011/01/25 14:52:54 | 104,920,656 | ---- | C] (NVIDIA Corporation) -- C:\Users\Jamie\Desktop\266.58_desktop_win7_winvista_32bit_english_whql.exe
[2011/01/25 13:32:32 | 000,000,000 | ---D | C] -- C:\Sony
[2011/01/14 14:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Stunlock Studios
[2011/01/14 14:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/01/11 12:35:30 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/11 12:35:26 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/08 15:48:32 | 000,691,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/08 15:48:32 | 000,139,624 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/08 15:42:35 | 000,589,824 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/02/08 15:42:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/08 15:42:31 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/08 15:42:31 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 15:42:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/08 15:39:59 | 000,296,448 | ---- | M] () -- C:\Users\Jamie\Desktop\4k9uoj4n.exe
[2011/02/08 15:29:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2011/02/08 15:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/07 13:35:58 | 000,001,692 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011/02/06 20:13:28 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/02/06 01:11:39 | 119,875,047 | ---- | M] () -- C:\Users\Jamie\Desktop\Windows6.0-KB947821-v11-x86.msu
[2011/02/06 00:44:02 | 498,580,680 | ---- | M] (Microsoft Corporation) -- C:\Users\Jamie\Desktop\Windows6.0-KB948465-X86.exe
[2011/02/05 23:52:22 | 000,000,000 | ---- | M] () -- C:\Users\Jamie\Desktop\wireless_wep.exe
[2011/02/05 21:28:08 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/05 20:55:27 | 000,000,816 | ---- | M] () -- C:\Users\Jamie\Desktop\psi.exe - Shortcut.lnk
[2011/02/05 20:44:36 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/02/05 20:44:26 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/02/05 20:44:16 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/02/05 20:44:16 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/02/05 20:44:16 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/02/05 20:39:13 | 000,001,692 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/05 20:36:03 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/02/05 19:33:51 | 000,429,019 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/03 19:53:38 | 000,000,755 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/01/31 14:54:19 | 000,000,000 | ---- | M] () -- C:\Users\Jamie\defogger_reenable
[2011/01/29 16:54:29 | 000,428,490 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110205-193351.backup
[2011/01/25 14:58:40 | 104,920,656 | ---- | M] (NVIDIA Corporation) -- C:\Users\Jamie\Desktop\266.58_desktop_win7_winvista_32bit_english_whql.exe
[2011/01/25 13:14:56 | 000,216,952 | ---- | M] () -- C:\Users\Jamie\Desktop\DCUO_System32.jpg
[2011/01/12 13:31:08 | 000,427,930 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110129-165429.backup
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/08 15:39:58 | 000,296,448 | ---- | C] () -- C:\Users\Jamie\Desktop\4k9uoj4n.exe
[2011/02/07 13:35:58 | 000,001,692 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011/02/07 13:35:58 | 000,001,650 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011/02/06 01:04:46 | 119,875,047 | ---- | C] () -- C:\Users\Jamie\Desktop\Windows6.0-KB947821-v11-x86.msu
[2011/02/05 23:52:21 | 000,000,000 | ---- | C] () -- C:\Users\Jamie\Desktop\wireless_wep.exe
[2011/02/05 20:55:27 | 000,000,816 | ---- | C] () -- C:\Users\Jamie\Desktop\psi.exe - Shortcut.lnk
[2011/02/05 20:54:23 | 000,000,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/02/05 20:44:36 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/02/05 20:39:13 | 000,001,692 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/05 20:36:03 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/01/31 14:54:19 | 000,000,000 | ---- | C] () -- C:\Users\Jamie\defogger_reenable
[2011/01/25 13:14:56 | 000,216,952 | ---- | C] () -- C:\Users\Jamie\Desktop\DCUO_System32.jpg
[2010/08/30 15:36:33 | 000,000,173 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\D2Info0
[2010/08/12 17:45:22 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/08/10 21:52:19 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/03/23 20:43:49 | 000,001,238 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\CompatAdmin.log
[2009/11/13 14:05:02 | 000,000,000 | ---- | C] () -- C:\Users\Jamie\AppData\Local\prvlcl.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/08 19:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/01/17 08:15:22 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/12/28 17:45:13 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/02 09:49:24 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/09/17 18:26:56 | 000,000,062 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/08/17 06:57:35 | 000,001,234 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\wklnhst.dat
[2008/07/16 19:33:37 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/07/01 13:17:29 | 000,000,000 | ---- | C] () -- C:\Windows\nwcontbuild.INI
[2008/06/26 08:39:45 | 000,012,800 | ---- | C] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/25 10:52:38 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV85.sys
[2008/06/24 10:34:58 | 000,000,093 | ---- | C] () -- C:\Users\Jamie\AppData\Local\fusioncache.dat
[2008/06/20 15:14:44 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/06/20 15:14:44 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/06/20 12:08:45 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2008/06/17 11:30:21 | 000,002,032 | ---- | C] () -- C:\Users\Jamie\AppData\Local\d3d9caps.dat
[2008/03/11 02:46:15 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/03/11 02:29:29 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/03/11 02:29:29 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Files - Unicode (All) ==========
[2010/11/23 13:05:07 | 000,000,000 | ---D | M](C:\Users\Jamie\Documents\?? ???) -- C:\Users\Jamie\Documents\넥슨 플러그
[2010/11/23 13:05:07 | 000,000,000 | ---D | C](C:\Users\Jamie\Documents\?? ???) -- C:\Users\Jamie\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 772 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk
@Alternate Data Stream - 691 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Register Baldur's Gate: Tales of the Sword Coast.lnk
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BEB15613

< End of report >

#4 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 08 February 2011 - 05:03 PM

Here's the second OTL report. Would it be better for me to attach them or just copy and paste them like this? They're pretty big??? I'll post the GMER log once it's through running. Thank you.



OTL Extras logfile created on: 2/8/2011 3:47:05 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 12000 15000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.87 Gb Total Space | 104.62 Gb Free Space | 32.10% Space Free | Partition Type: NTFS
Drive D: | 9.48 Gb Total Space | 1.28 Gb Free Space | 13.48% Space Free | Partition Type: NTFS

Computer Name: JAMIE-PC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05282E8E-A038-4DD8-B166-E8E4D64A877E}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{11B7C4F0-C18A-4ED6-844D-546881C2E549}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12E1C861-641D-4D54-87F1-B902D3194B8D}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{187660C2-F3AB-43EB-946B-422EBC1730F9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{19162D7D-B051-4B83-A8F3-88E3A0D38CE5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{19D81478-A9CD-4824-A50E-A557253F5D27}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{493A1BBA-0EE8-441D-9564-1D09DA8F484B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64CFC161-9711-40E9-A159-A19CFB2BDDA7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6BAF205A-BDBE-461F-803E-9D6EB800276B}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{6F7289D6-7B92-4542-8942-8671D8E50F38}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{8351D42E-633E-4D5A-AC6D-F034B73F89FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8625B459-2E05-4F83-B9D7-798BF3F92636}" = lport=49231 | protocol=6 | dir=in | name=akamai netsession interface |
"{87252CBD-658B-4567-86BA-6F49D7089413}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{8F93AFB4-C7AD-4C1E-A49E-6D374F71CF4D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9C4E2332-71A4-4367-8EA4-F43089E28A94}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9FF2A4BF-CF47-4794-9E91-31A5E99C67BE}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{AE818A4A-BBA2-4F7C-A6C0-2E8387C09F34}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{B3E0A518-CEC3-4F21-8CBC-9CDABBB7405D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D831B857-4DA0-40F6-B5D3-E3EDA74B1FD7}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{ED29A684-4EF2-462D-BADB-DD8431569CCA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F12EFCFB-043B-4CE3-8AA2-CAD00185E7D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A08596A-C171-44BE-B911-59CA857846C0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0C0EF970-C788-412D-8CF9-723823227E25}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0C563555-4F81-4BCD-B829-C20500999363}" = protocol=17 | dir=in | app=c:\program files\dreamcatcher\loki\autorun\autorun.exe |
"{0FE47B20-F98E-4A58-86C8-C3288DDC119A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-enus-downloader.exe |
"{10FC2C0D-E2B3-428B-87F6-E1B517C5A0F3}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{159CF304-8A7F-41DE-9918-F5DC638F853B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{16A71998-0162-489D-AF9D-DFD6F12387E1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-enus-downloader.exe |
"{19AA42EE-113B-436C-8A6A-FDE00235E875}" = protocol=6 | dir=in | app=c:\program files\dragon age\tools\gffeditor.exe |
"{1E814AC5-7811-45E3-A26F-CB7C7EB3A9F5}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{1FD35D40-CFC3-4DF4-BE48-A835210BCA12}" = protocol=6 | dir=in | app=c:\program files\cdv software entertainment usa\sacred 2 - fallen angel\system\sacred2.exe |
"{22BF79D4-1851-48CE-B48A-284A4C0CC327}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{2401750C-C6AE-4E80-B15C-D067A27EE283}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{24C92062-4A2E-4CBE-ABA7-D4F1494D9A9C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2620FA67-5D82-44EB-B200-AF03595416D8}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{2748CB45-0F4F-4A70-A653-1EFEEA5B4AFE}" = protocol=17 | dir=in | app=c:\program files\dragon age\tools\gffeditor.exe |
"{2BF4E0EE-67AD-42FE-9178-7E7342224D6C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{2DED2044-56F2-4BC5-AE83-EBBEEAC9DE3D}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{2E9F4476-8D99-4502-893C-EC36DF4F23D5}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{33B75CF0-9F56-4D23-B47F-53B5D69EC624}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{3586F5F5-B8C6-45FF-AC92-9EB93BAE91F3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3B86E777-7D38-42AF-97CB-DBE4B6922B64}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3E8D7507-FF0F-4073-B96E-29379ADEC349}" = protocol=6 | dir=in | app=c:\program files\dragon age\tools\lightmapper\eclipseray.exe |
"{438FBCE4-9CB8-4187-94B7-689CA888DE31}" = protocol=6 | dir=in | app=c:\program files\dreamcatcher\loki\autorun\autorun.exe |
"{443A53F7-3864-467A-8AA1-9812BBF9CF48}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4A2674A1-8184-464D-8D89-89C9FCCE0DFF}" = protocol=17 | dir=in | app=c:\program files\cdv software entertainment usa\sacred 2 - fallen angel\system\s2gs.exe |
"{4D302B99-BF56-47B9-B9C0-A0A9E86DA590}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5781BAB3-F20D-49EA-9F84-9F1425BC367D}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{597AC12D-B4A3-4AF6-A436-FC9D7ECA778F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{59916C40-5B35-4524-BE1E-C429482BEB21}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{5AC4BA7C-D3C8-4D68-AF5F-374E33A2992C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5CB18748-4E2C-4CA9-977B-167B3B7AABDD}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{5DE05CBD-1B9B-4D8D-9CAA-F7E9848F1875}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{6717FBBA-8519-47BE-B8EE-072A1968C156}" = protocol=6 | dir=in | app=c:\program files\dragon age\tools\dragonagetoolset.exe |
"{67CF523F-F608-452D-8DF1-E10B7984398A}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{6CF9C06E-7F86-4C99-BCED-EF7F73D4FBFC}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{6E14C4D9-5BB3-49CC-9407-C9D0E2CE1DFD}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{6EFCAAF2-3DDC-431F-8F61-CF4B9CCAEEAF}" = protocol=6 | dir=in | app=c:\program files\dragon age\tools\rpu.exe |
"{77EFA8AF-CF30-4A11-A29B-79547E2D0BE3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8356D1E5-A1A7-49C9-9DFF-222FFBC926A2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{8A16E4D6-294C-4C93-874F-34FBABED689C}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{8A5DE01E-A5C9-4A41-972E-BF6688D0F360}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8B6AE7D8-BAE3-4262-9DBB-FE97E5106C3D}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{941402D9-2C74-4336-AC75-BB893C3A3855}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{969CBBD1-2473-4210-A445-51A6516076D8}" = protocol=17 | dir=in | app=c:\program files\dragon age\tools\erfeditor.exe |
"{97AAB99C-B296-41D9-9A62-1A341566567A}" = protocol=6 | dir=in | app=c:\program files\cdv software entertainment usa\sacred 2 - fallen angel\system\s2gs.exe |
"{9971714C-83DD-48D1-9103-D3B2FAF08D08}" = protocol=17 | dir=in | app=c:\program files\dreamcatcher\loki\loki.exe |
"{A066B8B4-813F-43CB-973B-A6C36FEFD179}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{A0CA7DB8-FC03-4938-B6C1-27C8CF646A80}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{A1129FEA-EBF7-4F0A-ACA0-A3FE2A41CF98}" = protocol=17 | dir=in | app=c:\users\jamie\desktop\lolinstaller.exe |
"{A1D0BF7F-B162-4BA1-B0C2-D29056416149}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{A4F5B12D-B886-43C5-9F5C-178994075CCF}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{A7DB35C0-F6A8-496F-A2C9-7C1AD02F6BB8}" = protocol=17 | dir=in | app=c:\program files\cdv software entertainment usa\sacred 2 - fallen angel\system\sacred2.exe |
"{AA6790C9-ECD6-48D5-B422-35AB9F066E6D}" = protocol=6 | dir=in | app=c:\users\jamie\desktop\lolinstaller.exe |
"{ABFDC788-0CA5-4D77-A025-835AA459382E}" = protocol=17 | dir=in | app=c:\program files\dragon age\tools\dragonagetoolset.exe |
"{B274248A-7FF8-4C2F-9670-4087585FC0F4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B310A31C-5013-4D46-98B9-01943AADE438}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{B3C45411-2C9B-4909-ADE9-5D079D46E993}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B5F76613-B0A9-4D72-A167-884770B85884}" = protocol=6 | dir=in | app=c:\program files\dreamcatcher\loki\loki.exe |
"{B6D2C728-7295-4479-B0D2-7CDD114255BE}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{B6FBF03F-F01E-4958-BE1A-5D11589349DC}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{B8E3B923-A01E-47BE-9ACE-873EE38066FB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C6A3FAA0-9349-4A27-B858-D15C34BE806E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C854A7CF-FDA4-4BCC-94AD-043C736D9E6F}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{C9685203-5221-4EB0-AF42-C9CC370A6DDD}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CC319BA1-BBC4-4B41-8E55-7D4911BFC363}" = dir=in | app=c:\gpotato.com\allods online\bin\launcher-broken.exe |
"{D0030C7C-41A8-4FF0-8AC5-12A4447399C2}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{D338EBB6-1683-42BC-9A2E-6F6EB95107F4}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{D52C2C49-5C95-4283-9F50-CF41EDB91F92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBC13624-22D9-41A3-84FE-92D04765EA38}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{DCCCB81D-4CD1-45A4-859C-4625FE06EF2D}" = protocol=17 | dir=in | app=c:\program files\dragon age\tools\rpu.exe |
"{E2B9DFD4-463D-4ACB-9B0A-653DBBF8B754}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E5161646-1297-4E27-9D6C-9CC1B522A371}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{E56B2611-B556-4635-BF9A-F421C8E78167}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{E8FE34C7-1FF6-4A83-84D9-072381A286BE}" = protocol=17 | dir=in | app=c:\program files\dragon age\tools\lightmapper\eclipseray.exe |
"{EAE978DD-FB1F-4B2E-BC30-1B35E324A7F9}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EE1B3FA5-32F5-4433-AB0E-220623056CE9}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{F3DE2446-FADB-4D47-AC96-C2109FC8888C}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{F4974432-DC0D-49F2-8E1E-A3C9BBBA4BE1}" = dir=in | app=c:\gpotato.eu\allods online\bin\launcher-broken.exe |
"{F94A103C-548C-4F1A-998E-F2941BBB40BE}" = protocol=6 | dir=in | app=c:\program files\dragon age\tools\erfeditor.exe |
"{F94AB15F-CA04-4991-AD66-B8A02CAD8790}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{F9732291-26B0-43CF-BFFA-84DAF2166A0B}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{FEC5740E-1FC8-478A-B93D-2679CB657874}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{00A5B0A7-79A2-4383-AAE9-16D8FB9590D6}C:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe |
"TCP Query User{1C623B0D-20C8-4DAB-8D2A-B77A72D1C15A}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{211DFF61-AA69-4D9B-86E0-A02003912356}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{225B34E5-53DE-48DD-BBD2-99915C119AF7}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{281CC1A6-F403-40C6-836D-9F255AFE3D69}C:\sony\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=c:\sony\everquest\eqvoiceservice.exe |
"TCP Query User{360CC6B0-6F71-4E24-9CFE-723BCF3E3092}C:\dimension4\d4.exe" = protocol=6 | dir=in | app=c:\dimension4\d4.exe |
"TCP Query User{3E727CAD-CF80-4CE7-8F1D-89E7D7792213}C:\program files\codemasters\rf online;\rf.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\rf online;\rf.exe |
"TCP Query User{42486E6B-DCD2-49DA-B453-DEE688A866AB}C:\neverwinternights\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\neverwinternights\nwn\nwmain.exe |
"TCP Query User{42C6BBEB-7E06-4201-8DB9-CA4A8D0773DC}C:\neverwinternights\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\neverwinternights\nwn\nwmain.exe |
"TCP Query User{4822C9DD-5213-45AE-B38D-F80FE67565DD}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{51576E34-B3F6-4874-AA0D-A9278833EAD3}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{652E7453-3CCA-4D1D-B84C-EF13C9CB6D85}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{6B2166D0-D9A0-4FF8-807D-A306B344F981}C:\windows\system32\regsvr32.exe" = protocol=6 | dir=in | app=c:\windows\system32\regsvr32.exe |
"TCP Query User{9E25D3AA-5E7A-43BE-98BD-224941857100}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"TCP Query User{A2808C30-724C-4FA0-8659-15F4970A44F1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AD798EF5-19A6-4D65-8FAF-1F6DB37E115E}C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe |
"TCP Query User{C124E905-0E0C-4014-9980-F1C3D1797A0F}C:\program files\ascaron entertainment\sacred underworld\sacred.exe" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred underworld\sacred.exe |
"TCP Query User{C646522A-D22C-49C8-9DE6-67BE0BB5EF13}C:\gamepotusa\brightshadow\brightshadow.exe" = protocol=6 | dir=in | app=c:\gamepotusa\brightshadow\brightshadow.exe |
"TCP Query User{D9784CE4-9E8E-46A4-B6F5-4FBD0027DEC9}C:\my downloads\anarchyonline_17.9.1-large.exe" = protocol=6 | dir=in | app=c:\my downloads\anarchyonline_17.9.1-large.exe |
"TCP Query User{DEA37364-3894-4458-AD49-1DE815E1765F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E5048FBE-8627-4063-9885-6FF610D5D8CF}C:\aeriagames\kingdomheroes\game\kh2.exe" = protocol=6 | dir=in | app=c:\aeriagames\kingdomheroes\game\kh2.exe |
"TCP Query User{EB4FFD6E-9735-44D3-84F2-2BA2712D7E08}C:\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\ccp\eve\bin\exefile.exe |
"TCP Query User{FD51040D-524D-4FD4-8527-76D1B684A51F}C:\sony\launchpad.exe" = protocol=6 | dir=in | app=c:\sony\launchpad.exe |
"TCP Query User{FE772197-F01B-4AF6-97C6-35440E7032E4}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{FEC67C7B-AAFF-47FF-9131-727B44623293}C:\program files\darkfall\lobby.exe" = protocol=6 | dir=in | app=c:\program files\darkfall\lobby.exe |
"UDP Query User{05A6234F-1278-4BAD-BD65-A55DF595A92A}C:\dimension4\d4.exe" = protocol=17 | dir=in | app=c:\dimension4\d4.exe |
"UDP Query User{133568D5-4E21-4CA1-AB30-F4137A0279DE}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{214DE61D-2D12-4760-ABA2-A118A24FB34D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{266ED4BA-CE28-4229-BC60-63DB97AFE038}C:\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\ccp\eve\bin\exefile.exe |
"UDP Query User{2AF933CD-F1D3-4634-9578-F575BD54D07D}C:\neverwinternights\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\neverwinternights\nwn\nwmain.exe |
"UDP Query User{2FDA7C2F-3735-4DE6-A103-1B6F171187A7}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{41A9C561-8C32-430D-B6EF-4A8699BB4618}C:\program files\darkfall\lobby.exe" = protocol=17 | dir=in | app=c:\program files\darkfall\lobby.exe |
"UDP Query User{4336FCD2-8471-4E26-9E3F-67CBBC081986}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{43713435-656D-43E3-8587-AF7BC171FE72}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{43D38445-C98A-4940-BF86-58ED3932BBB3}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{44F2B120-C7C2-4CF9-BD6A-A6DE0921F96B}C:\program files\codemasters\rf online;\rf.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\rf online;\rf.exe |
"UDP Query User{455AA01E-472C-41CC-BFE5-46726EBA3F76}C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe |
"UDP Query User{4E9D22C4-F646-4F73-BA6B-3DDC10E1C5C1}C:\gamepotusa\brightshadow\brightshadow.exe" = protocol=17 | dir=in | app=c:\gamepotusa\brightshadow\brightshadow.exe |
"UDP Query User{5BD95B4F-4687-41D3-927C-EBE57C63468A}C:\neverwinternights\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\neverwinternights\nwn\nwmain.exe |
"UDP Query User{623B9F36-660E-4B09-AF8A-558C897970F3}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"UDP Query User{6B3883F9-0BFC-45AD-AC2C-F8890C605E29}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{6D32A0F2-4E9D-408A-AF58-8CBC2C40C208}C:\my downloads\anarchyonline_17.9.1-large.exe" = protocol=17 | dir=in | app=c:\my downloads\anarchyonline_17.9.1-large.exe |
"UDP Query User{6E07712E-8A43-4E62-8ABB-B1A762A716D1}C:\program files\ascaron entertainment\sacred underworld\sacred.exe" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred underworld\sacred.exe |
"UDP Query User{9A33AC90-D9DE-4B37-BB07-7DD75A66BC5B}C:\sony\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=c:\sony\everquest\eqvoiceservice.exe |
"UDP Query User{9C772798-D46E-4D19-B145-4C34EA531236}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{A22F6F76-0EE6-4D07-9C9A-1BEDB6F3F899}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B43DBDAA-003C-45E0-AD12-EB05C9E0CC67}C:\sony\launchpad.exe" = protocol=17 | dir=in | app=c:\sony\launchpad.exe |
"UDP Query User{DBC0701C-7360-40FE-B348-91048E5D16E9}C:\windows\system32\regsvr32.exe" = protocol=17 | dir=in | app=c:\windows\system32\regsvr32.exe |
"UDP Query User{ED4E84C7-AF1D-451B-85F1-74E40F038544}C:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe |
"UDP Query User{ED501A6D-CBF0-4332-9384-1D613D411D5C}C:\aeriagames\kingdomheroes\game\kh2.exe" = protocol=17 | dir=in | app=c:\aeriagames\kingdomheroes\game\kh2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0A053D60-9267-11D5-8A2B-0050DA8B7D89}" = Planescape - Torment
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D601240-1E3C-11DE-8C30-0800200C9A66}" = Walmart Photo Manager
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{588C135F-0B15-4A02-8F2D-04697BE2904E}" = Icewind Dale II
"{5D834606-A4CB-4B38-A289-1B3443FF8B8B}" = Rift BETA Patcher
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D93BD2D-BA71-491A-926C-37FE1580CEE0}" = The Witcher Enhanced Edition - "Side Effects"
"{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}" = Windows Live Movie Maker Beta
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ada8473b-3748-495d-95f7-33f9e912e104}.sdb" = Tormentfixes
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate™ II - Throne of Bhaal ™
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C90DF572-23A1-4725-A84E-809D020C048A}" = The Witcher Adventure Editor
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F50BF3E1-99C8-4908-A2C7-B19B2C6FEA47}" = The Witcher Enhanced Edition - "The Price of Neutrality"
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online™: Stormreach™ v04.01.33.0131
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Baldur's Gate" = Baldur's Gate
"Baldur's Gate Tutu" = Baldur's Gate Tutu
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battle for Wesnoth 1.9.3" = Battle for Wesnoth 1.9.3
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Divine Divinity" = Divine Divinity
"Download Manager" = Download Manager 2.3.9
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Neverwinter Nights™ Kingmaker" = BioWare Premium Module: Neverwinter Nights™ Kingmaker
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Precision" = EVGA Precision 1.9.6
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.91
"Runic Games Torchlight" = Torchlight
"Sacred Underworld_is1" = Sacred Underworld
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SystemRequirementsLab" = System Requirements Lab
"The Witcher - Flash Mod 1.0.1_is1" = Flash Mod ver 1.0.1 Polish + English
"TreeSize Free_is1" = TreeSize Free V2.3.3
"VLC media player" = VLC media player 1.1.7
"Warlords III: Darklords Rising 1.0" = Warlords III: Darklords Rising
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wizardry 8" = Wizardry 8
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"RJM Pops Address Book" = RJM Pops Address Book

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2010 1:34:19 PM | Computer Name = Jamie-PC | Source = VSS | ID = 8194
Description =

Error - 4/9/2010 11:51:12 AM | Computer Name = Jamie-PC | Source = VSS | ID = 8194
Description =

Error - 4/9/2010 11:52:30 AM | Computer Name = Jamie-PC | Source = VSS | ID = 8194
Description =

Error - 4/9/2010 12:57:50 PM | Computer Name = Jamie-PC | Source = VSS | ID = 8194
Description =

Error - 4/9/2010 7:47:49 PM | Computer Name = Jamie-PC | Source = Application Error | ID = 1000
Description = Faulting application darkwindClient.exe, version 0.0.0.0, time stamp
0x4b460365, faulting module darkwindClient.exe, version 0.0.0.0, time stamp 0x4b460365,
exception code 0xc0000005, fault offset 0x0004d614, process id 0x644, application
start time 0x01cad83ce3aa8ff1.

Error - 4/11/2010 10:51:05 AM | Computer Name = Jamie-PC | Source = Google Update | ID = 20
Description =

Error - 4/11/2010 12:10:49 PM | Computer Name = Jamie-PC | Source = VSS | ID = 8194
Description =

Error - 4/11/2010 12:48:43 PM | Computer Name = Jamie-PC | Source = Application Error | ID = 1000
Description = Faulting application LaunchPad.exe, version 0.0.0.0, time stamp 0x47bc829c,
faulting module mshtml.dll, version 8.0.6001.18904, time stamp 0x4b837769, exception
code 0xc0000005, fault offset 0x0002b8f7, process id 0x814, application start time
0x01cad9966b4d300d.

Error - 4/11/2010 3:10:41 PM | Computer Name = Jamie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/13/2010 8:12:53 PM | Computer Name = Jamie-PC | Source = Application Error | ID = 1000
Description = Faulting application LaunchPad.exe, version 0.0.0.0, time stamp 0x47bc829c,
faulting module mshtml.dll, version 8.0.6001.18904, time stamp 0x4b837769, exception
code 0xc0000005, fault offset 0x0002b8f7, process id 0x118c, application start time
0x01cadb67338eaf18.

[ Media Center Events ]
Error - 11/7/2008 8:44:05 PM | Computer Name = Jamie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/20/2008 8:45:26 PM | Computer Name = Jamie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/4/2009 10:42:29 AM | Computer Name = Jamie-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 3/4/2009 11:03:12 AM | Computer Name = Jamie-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 3/4/2009 11:38:23 AM | Computer Name = Jamie-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/27/2009 3:24:35 PM | Computer Name = Jamie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 11:43:00 PM | Computer Name = Jamie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/13/2009 4:20:57 PM | Computer Name = Jamie-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 3/13/2010 11:30:26 PM | Computer Name = Jamie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/7/2011 3:50:33 PM | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =

Error - 2/7/2011 5:32:06 PM | Computer Name = Jamie-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/7/2011 5:32:13 PM | Computer Name = Jamie-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/7/2011 5:32:16 PM | Computer Name = Jamie-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/7/2011 5:32:20 PM | Computer Name = Jamie-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 2/7/2011 5:32:28 PM | Computer Name = Jamie-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/7/2011 5:32:32 PM | Computer Name = Jamie-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/7/2011 5:33:07 PM | Computer Name = Jamie-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 2/8/2011 2:18:37 PM | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =

Error - 2/8/2011 5:42:27 PM | Computer Name = Jamie-PC | Source = HTTP | ID = 15016
Description =


< End of report >

#5 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 08 February 2011 - 10:59 PM

I'm still doing the Gmer scan. Am I supposed to have the IAT/EAT box checked? The last time I did this I think I was told to uncheck that box. I'm just wondering because it's been going on 8 or 9 hours now that it's still scanning and without that checked it only took me around 2 hours. Just seems like an awfully long scan. If it's supposed to be checked then no biggie. Oh yeah, I also had to uncheck the Devices because I kept getting a blue screen and crashing. Well, it's getting late. I was hoping to have this up tonight but it looks like it'll be tomorrow since it's taking so long. I'll post the Gmer first thing in the morning. Thank you.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 09 February 2011 - 11:58 AM

Hello

My name is gringo and I will be Helping you from this point forward

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes unless I tell you so.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

If you have not done so please Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Here is the first thing I would like you to do.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 09 February 2011 - 04:16 PM

Here's my Combofix Log. While combofix was running it was deleting a file from local/temp called F_In_BOX.dll then all of a sudden an error popped up saying The Application Failed to Initialize and there was an error code but I couldn't write it down fast enough because the pc restarted and when it rebooted combofix came back up and finished it's log. Things seem to be running fine but I think all the viruses keep corrupting my System files or something. Also the trojans keep getting in somehow and I no longer surf the internet or open email anymore so I came here because I keep getting more trojans and don't know if I still have something left over that keeps letting them in or if it's because I'm unable to get Vista SP2 installed and now Microsoft isn't supporting Vista users without SP2 so without the security updates I don't know if that's how they're getting in or not. Anyway heres the log.

Did you also want the Gmer log I ran last night or not?

ComboFix 11-02-09.02 - Jamie 02/09/2011 14:54:08.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1852 [GMT -6:00]
Running from: c:\users\Jamie\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jamie\AppData\Local\temp\1.tmp\F_IN_BOX.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-08 22:11 . 2011-02-08 22:11 94848 ----a-w- C:\kwlcypod.sys
2011-02-07 19:36 . 2011-02-07 19:36 -------- d-----w- c:\users\Jamie\AppData\Roaming\Canneverbe Limited
2011-02-07 19:36 . 2011-02-07 19:36 -------- d-----w- c:\programdata\Canneverbe Limited
2011-02-07 19:35 . 2011-02-07 19:35 -------- d-----w- c:\program files\CDBurnerXP
2011-02-07 00:02 . 2011-02-07 00:24 -------- d-----w- C:\67fa8964a913682267d93bec5a70ed4b
2011-02-06 07:34 . 2011-02-06 07:34 -------- d-----w- C:\f7e41d3800a87eb5013ac5f432fbe718
2011-02-06 02:45 . 2011-02-06 02:45 -------- d-----w- C:\SwSetup
2011-02-06 02:44 . 2011-02-06 02:44 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-02-06 02:44 . 2011-02-06 02:44 -------- d-----w- c:\program files\Common Files\xing shared
2011-02-06 02:44 . 2011-02-06 02:44 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-02-06 02:44 . 2011-02-06 02:44 100864 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-02-06 02:44 . 2011-02-06 02:44 -------- d-----w- c:\program files\real
2011-02-06 02:38 . 2011-02-06 02:38 -------- d-----w- c:\programdata\Apple Computer
2011-02-06 02:00 . 2011-02-06 02:00 -------- d-----w- c:\users\Jamie\AppData\Local\Secunia PSI
2011-02-06 02:00 . 2011-02-06 02:00 -------- d-----w- c:\program files\Secunia
2011-02-05 22:27 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8EA4440-03F1-4650-A832-D6FF7EAC6CBD}\mpengine.dll
2011-01-25 19:32 . 2011-01-25 19:32 -------- d-----w- C:\Sony
2011-01-14 20:07 . 2011-02-07 19:08 -------- d-----w- c:\program files\Stunlock Studios
2011-01-14 20:06 . 2011-01-14 20:06 -------- d-----w- c:\program files\Microsoft XNA
2011-01-11 18:35 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 18:35 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 18:35 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 18:35 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 18:35 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 18:35 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 18:35 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-06 02:44 . 2008-03-11 08:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-21 01:53 . 2010-11-07 20:10 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-21 01:44 . 2010-05-10 01:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-21 00:09 . 2010-10-18 17:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-10-18 17:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 00:29 . 2010-12-11 00:29 64864 ----a-w- c:\windows\system32\sqlctr90.dll
2010-12-11 00:29 . 2010-12-11 00:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
2010-12-10 19:32 . 2010-12-10 19:32 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-06 14:07 . 2010-01-06 01:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-03 00:41 . 2010-03-13 23:31 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-02 03:05 . 2010-12-02 03:05 0 ----a-w- c:\windows\system32\RENBCBC.tmp
2010-12-02 03:05 . 2010-12-02 03:05 0 ----a-w- c:\windows\system32\RENBCBB.tmp
2010-12-02 03:05 . 2010-12-02 03:05 0 ----a-w- c:\windows\system32\RENBCBA.tmp
2010-11-30 20:42 . 2010-11-07 20:10 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

------- Sigcheck -------

[-] 2008-01-19 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll
[-] 2008-01-19 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiaservc.dll
[7] 2006-11-02 . A941E099EF46E3CC12F898CBE1C39910 . 451584 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6000.16386_none_305d7915b6684b33\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-31 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jamie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD Lite.lnk]
path=c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE Gamer HUD Lite.lnk
backup=c:\windows\pss\GIGABYTE Gamer HUD Lite.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-10-12 22:34 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 ALSysIO;ALSysIO;c:\users\Jamie\AppData\Local\Temp\ALSysIO.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 LiveTurbineMessageService;Turbine Message Service - Live; [x]
R3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-02-13 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-12 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-06-25 78848]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-10 135336]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-22 1402272]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 16:41]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 16:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\g3wogpra.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Prism for Firefox: refractor@developer.mozilla.org - %profile%\extensions\refractor@developer.mozilla.org
FF - Ext: VTzilla: vtzilla@virustotal.com - %profile%\extensions\vtzilla@virustotal.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lavasoft Kernexplorer]
"ImagePath"="\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,a7,52,ae,a4,b6,d2,45,8f,21,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,a7,52,ae,a4,b6,d2,45,8f,21,ad,\

[HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7f,08,16,3f,19,a8,80,67,83,9e,c4,9c,ff,0e,0f,05,64,40,e5,23,be,a5,fc,
da,00,bc,3d,2f,3b,78,e4,64,1e,c7,e8,b3,aa,84,79,fd,5f,ee,a5,96,f4,4a,76,03,\
"??"=hex:6e,af,73,41,78,1c,c8,aa,45,dc,4e,03,b3,67,6c,ad

[HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:bb,bd,bf,bd,bf,3b,c4,f9,30,a4,a3,07,16,54,70,10,3e,04,69,2a,22,
08,2d,26,8b,b3,93,d3,38,5a,46,81,b3,a0,75,42,86,1e,a0,cf,3a,1e,24,e0,ca,fa,\
"rkeysecu"=hex:1e,14,01,fb,38,b5,93,26,5c,9c,25,da,3d,40,a1,70
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-02-09 15:09:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-09 21:09
ComboFix2.txt 2010-12-31 01:18

Pre-Run: 101,293,412,352 bytes free
Post-Run: 101,256,187,904 bytes free

- - End Of File - - 23C681C25448FEB9140B340EDE4B877E

#8 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 09 February 2011 - 05:35 PM

These were all the problems I'd found this last week, also when trying to run the Sfc /scannow to fix my corrupt system files it keeps finding a corrupt file in Microsoft/Store that it cannot fix which might be why I can't get SP2 to install. Also I was getting an error from some string path being too long, I think it's that one below which shows all the 132/132/132/132

Sorry for posting without specifically being asked but I wanted to point these out to show what all has happened this last week, two of the trojans were in The Witcher and Icewind Dale, two games I haven't played in a long long time. I also do not surf the internet anymore except for several extremely trusted sites, I check all links with LinkScanner and I haven't been opening any email for a long time now, I just don't know how I keep getting these. I also had another Java/exploit type Trojan that Avira got rid of a couple of weeks ago, unfortunately I can't find that log right now.




Spybot found the Opachki.ru Trojan and 2 registry problems in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\



Starting the file scan:

Begin scan in 'C:' <COMPAQ>
C:\hp\bin\Python\Lib\test\testtar.tar
[0] Archive type: TAR (tape archiver)
--> 0-REGTYPE-TEXT
[WARNING] Internal error!
[WARNING] Internal error!
C:\Program Files\Black Isle\Icewind Dale II\Config.exe
[DETECTION] Is the TR/Expl.Nuker.NSNuke.t Trojan
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar
[0] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
[WARNING] Internal error!
C:\Program Files\The Witcher\Data\TLK_from_backup.exe
[DETECTION] Is the TR/Dldr.Vxidl.89 Trojan

Beginning disinfection:
C:\Program Files\The Witcher\Data\TLK_from_backup.exe
[DETECTION] Is the TR/Dldr.Vxidl.89 Trojan
[NOTE] The file was moved to the quarantine directory under the name '49d21240.qua'.
C:\Program Files\Black Isle\Icewind Dale II\Config.exe
[DETECTION] Is the TR/Expl.Nuker.NSNuke.t Trojan
[NOTE] The file was moved to the quarantine directory under the name '516a3c02.qua'.

#9 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 12 February 2011 - 01:28 PM

/Bump

It's been about 72 hours so I thought I'd bump it like you said to do, I understand you're all very busy so when you get a chance just take a look at everything for me. Thank you.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 13 February 2011 - 02:42 AM

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 13 February 2011 - 05:01 PM

I ran the ESET Online scanner, it found another 5 Java trojans butthere is no logfile. I went to path and this is all that log file shows:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK


That is the only log file there. I did copy to notepad the viruses it found and they are:

C:\found.000\file0000.chk PDF/Exploit.Pidief.PDS.Gen trojan
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\199bb91d-7423972d probably a variant of Win32/TrojanDownloader.Agent.FTYZNM trojan
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-4c390072 multiple threats
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\59774da8-5d7f86e4 a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-6c87fdd1 multiple threats

Is this the info you wanted? I did everything you said but don't see any other log files there. Why do these Java trojans keep getting in? I've used Java/RA to get rid of all the old JAVA files over and over yet they keep popping back up. I deleted all these old JAVA 6.0 folders several times now. What is going on here?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 13 February 2011 - 05:06 PM

Greetings

There are somethings in the online scan I want to remove so run this scrript for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Folder::
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 13 February 2011 - 05:15 PM

I didn't realize that windows defender was still active so that might be why I didn't get a log file. I just disabled it and if you want I will run eset again. I tested it out and stopped it and it did create a better log file so if you want I can do it again. Sorry, I never used defender and didn't even know it was enabled. sigh.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 13 February 2011 - 05:22 PM

yes go ahead and run it again and give me the report when complete



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Necroscope84

Necroscope84
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 13 February 2011 - 05:41 PM

Here's the Combofix Log, I'm sorry about having to run eset again. I just didn't even think about Defender. I should get a proper log this time. Here's the combofix log. Thank you so much for helping me. I'll post the ESET log as soon as it gets through running. That first run took about 3 to 4 hours so it'll probably be later on tonight or first thing in the morning if I have to go in to work tonight. Thanks again.

ComboFix 11-02-12.02 - Jamie 02/13/2011 16:22:35.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1985 [GMT -6:00]
Running from: c:\users\Jamie\Desktop\ComboFix.exe
Command switches used :: c:\users\Jamie\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jamie\AppData\Local\temp\1.tmp\F_IN_BOX.dll
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1834cd9d-5787483c
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1834cd9d-5787483c.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\199bb91d-7423972d
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\199bb91d-7423972d.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1f86049d-7df35fee
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1f86049d-7df35fee.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20fc93dd-3ac42288
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20fc93dd-3ac42288.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\51bdd05d-4a873d64
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\51bdd05d-4a873d64.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5cad709d-5ecbee82
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5cad709d-5ecbee82.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5fd068dd-3f77b9e4
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5fd068dd-3f77b9e4.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7798b09d-7f91a982
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7798b09d-7f91a982.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-4c390072
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-4c390072.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\104ae4a8-258e2a7f
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\104ae4a8-258e2a7f.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\1d8cdf68-7ae8f92f
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\1d8cdf68-7ae8f92f.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\20c70068-23b2c64f
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\20c70068-23b2c64f.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\270d7528-554acb1f
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\270d7528-554acb1f.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\507558a8-5b5c20a4
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\507558a8-5b5c20a4.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\53f1f728-303acd5c
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\53f1f728-303acd5c.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\579428-4b791840
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\579428-4b791840.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\59774da8-5d7f86e4
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\59774da8-5d7f86e4.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5b1c8328-23335305
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5b1c8328-23335305.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5be1fee8-7ef77097
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5be1fee8-7ef77097.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\719adca8-6dd5d7c2
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\719adca8-6dd5d7c2.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\fe0f4a8-1790a2da
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\fe0f4a8-1790a2da.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1660f4ec-1bf1948a
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1660f4ec-1bf1948a.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1b1e42ac-779feac6
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1b1e42ac-779feac6.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1ea6ad6c-5c50e1ff
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1ea6ad6c-5c50e1ff.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\210697ac-6bb6e87d
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\210697ac-6bb6e87d.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\28b7a12c-6bbe25e8
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\28b7a12c-6bbe25e8.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\2e6faeac-5ef314e7
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\2e6faeac-5ef314e7.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\34fa3d6c-5b5b9bae
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\34fa3d6c-5b5b9bae.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3561dc2c-6b002f52
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3561dc2c-6b002f52.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\50f3f12c-725f795b
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\50f3f12c-725f795b.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-6c87fdd1
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-6c87fdd1.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5e9610ac-39d08f7a
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5e9610ac-39d08f7a.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\60af1dec-69565ec9
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\60af1dec-69565ec9.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\62c2fdec-5013c828
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\62c2fdec-5013c828.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6cae91ac-2a37a143
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6cae91ac-2a37a143.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6cae91ac-36af559e
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6cae91ac-36af559e.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6cae91ac-49b76c0d
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6cae91ac-49b76c0d.idx
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6cae91ac-7ba55021
c:\users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6cae91ac-7ba55021.idx

.
((((((((((((((((((((((((( Files Created from 2011-01-13 to 2011-02-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-06 02:44 . 2008-03-11 08:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-28 14:57 . 2011-01-11 18:35 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-21 01:53 . 2010-11-07 20:10 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-21 01:44 . 2010-05-10 01:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-21 00:09 . 2010-10-18 17:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-10-18 17:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 15:49 . 2011-01-11 18:35 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-11 00:29 . 2010-12-11 00:29 64864 ----a-w- c:\windows\system32\sqlctr90.dll
2010-12-11 00:29 . 2010-12-11 00:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
2010-12-10 19:32 . 2010-12-10 19:32 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-06 14:07 . 2010-01-06 01:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-03 00:41 . 2010-03-13 23:31 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-02 03:05 . 2010-12-02 03:05 0 ----a-w- c:\windows\system32\RENBCBC.tmp
2010-12-02 03:05 . 2010-12-02 03:05 0 ----a-w- c:\windows\system32\RENBCBB.tmp
2010-12-02 03:05 . 2010-12-02 03:05 0 ----a-w- c:\windows\system32\RENBCBA.tmp
2010-11-30 20:42 . 2010-11-07 20:10 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

------- Sigcheck -------

[-] 2008-01-19 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll
[-] 2008-01-19 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiaservc.dll
[7] 2006-11-02 . A941E099EF46E3CC12F898CBE1C39910 . 451584 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6000.16386_none_305d7915b6684b33\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-31 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jamie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD Lite.lnk]
path=c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE Gamer HUD Lite.lnk
backup=c:\windows\pss\GIGABYTE Gamer HUD Lite.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-10-12 22:34 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 ALSysIO;ALSysIO;c:\users\Jamie\AppData\Local\Temp\ALSysIO.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-22 1402272]
R3 LiveTurbineMessageService;Turbine Message Service - Live; [x]
R3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-02-13 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-12 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-06-25 78848]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-10 135336]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 16:41]

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 16:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\g3wogpra.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Prism for Firefox: refractor@developer.mozilla.org - %profile%\extensions\refractor@developer.mozilla.org
FF - Ext: VTzilla: vtzilla@virustotal.com - %profile%\extensions\vtzilla@virustotal.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-13 16:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,a7,52,ae,a4,b6,d2,45,8f,21,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,a7,52,ae,a4,b6,d2,45,8f,21,ad,\

[HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7f,08,16,3f,19,a8,80,67,83,9e,c4,9c,ff,0e,0f,05,64,40,e5,23,be,a5,fc,
da,00,bc,3d,2f,3b,78,e4,64,1e,c7,e8,b3,aa,84,79,fd,5f,ee,a5,96,f4,4a,76,03,\
"??"=hex:6e,af,73,41,78,1c,c8,aa,45,dc,4e,03,b3,67,6c,ad

[HKEY_USERS\S-1-5-21-3177060753-589307236-2942547930-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:bb,bd,bf,bd,bf,3b,c4,f9,30,a4,a3,07,16,54,70,10,3e,04,69,2a,22,
08,2d,26,8b,b3,93,d3,38,5a,46,81,b3,a0,75,42,86,1e,a0,cf,3a,1e,24,e0,ca,fa,\
"rkeysecu"=hex:1e,14,01,fb,38,b5,93,26,5c,9c,25,da,3d,40,a1,70
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-02-13 16:38:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-13 22:38
ComboFix2.txt 2011-02-09 21:09
ComboFix3.txt 2010-12-31 01:18

Pre-Run: 82,544,472,064 bytes free
Post-Run: 82,547,798,016 bytes free

- - End Of File - - 59783887628BDDBC0C43323C8E5A8A77




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users