Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple instances of mshta.exe running


  • This topic is locked This topic is locked
16 replies to this topic

#1 venuslight

venuslight

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 07 February 2011 - 10:31 PM

I've had up to as many as 12 instances. Currently have four. Also, in the process of trying to fix it, have managed to get a Google redirect issue too. Thanks in advance for any insight you all can provide!



Here are my logs:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Harvey at 22:09:23.92 on Mon 02/07/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1855 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zecter\ZumoCast\ZumoCast.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Documents and Settings\Harvey\Desktop\Fix Malware\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uWinlogon: Shell=explorer.exe,c:\documents and settings\harvey\application data\dwm.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ZumoCast] c:\program files\zecter\zumocast\ZumoLauncher.lnk
mRun: [DeltaIITaskbarApp] c:\windows\system32\DeltaIITray.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [<NO NAME>]
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\squeez~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {A35F605F-D7D6-449D-B5B0-AC64799E89D8} = 76.85.229.110,76.85.229.111
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\harvey\applic~1\mozilla\firefox\profiles\7edbedkr.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\harvey\application data\mozilla\firefox\profiles\7edbedkr.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\harvey\application data\mozilla\firefox\profiles\7edbedkr.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\harvey\application data\mozilla\firefox\profiles\7edbedkr.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\harvey\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\harvey\application data\mozilla\firefox\profiles\7edbedkr.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplalaDl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\harvey\application data\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-12 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-12 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-12 297752]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-6-21 10448]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-1-26 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-2 47640]
R2 MusicIP Server;MusicIP Server;c:\program files\musicip\musicip mixer\MusicMagicServer.exe [2008-7-12 2744320]
R2 ntk_dtv;ntk_dtv;c:\program files\directv\directv\kernel\dmp\ntk_dtv.sys [2009-3-2 72688]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~1\cache\my.cnf SqueezeMySQL [?]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [2008-7-12 302728]
R3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S2 AnyTrial;BugSoft AnyTrial;c:\windows\anytrial.exe --> c:\windows\AnyTrial.exe [?]
S2 CLDTVHNService;CLDTVHNService;c:\program files\directv\directv\kernel\dmp\CLDTVHNService.exe [2009-3-2 72736]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-7 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2010-9-15 140416]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-2 29744]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-7 27064]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== File Associations ===============

scrfile="%1" /S

=============== Created Last 30 ================

2011-02-08 02:32:00 -------- d-----w- c:\program files\CCleaner
2011-02-08 02:30:44 -------- d-----w- c:\docume~1\harvey\locals~1\applic~1\Temp
2011-02-08 02:23:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\SafeReturner
2011-02-08 02:23:34 -------- d-----w- c:\program files\Safe Returner
2011-02-08 00:56:25 -------- d-----w- c:\docume~1\harvey\locals~1\applic~1\VS Revo Group
2011-02-08 00:56:17 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-02-08 00:56:14 -------- d-----w- c:\program files\VS Revo Group
2011-02-07 22:22:56 -------- d-----w- C:\Malwarefix
2011-01-26 23:14:30 -------- d-----w- C:\updates
2011-01-26 23:14:00 -------- d-----w- c:\program files\Squeezebox
2011-01-26 23:14:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Squeezebox
2011-01-26 22:57:04 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-01-26 22:57:03 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-01-24 20:31:44 -------- d-----w- c:\docume~1\harvey\applic~1\Usoz
2011-01-24 20:31:44 -------- d-----w- c:\docume~1\harvey\applic~1\Ezadni

==================== Find3M ====================

2010-12-15 18:36:29 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-15 18:36:28 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-15 18:36:28 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-15 18:36:26 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-25 00:22:21 869608 ----a-w- c:\windows\system32\SpoonUninstall.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500630AS rev.3.AAK -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A0F6555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a0fc7b0]; MOV EAX, [0x8a0fc82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8A206AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E37C5] -> [0x8A152B10]
\Driver\atapi[0x8A200F38] -> IRP_MJ_CREATE -> 0x8A0F6555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskST3500630AS_____________________________3.AAK___#5&16025139&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A0F639B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 22:10:23.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:03 AM

Posted 11 February 2011 - 12:30 PM

=Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 venuslight

venuslight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 12 February 2011 - 09:56 AM

Thanks so much for your assistance with this, ST.

Here are your requested logs:

2011/02/12 08:33:30.0562 3652 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/12 08:33:30.0953 3652 ================================================================================
2011/02/12 08:33:30.0953 3652 SystemInfo:
2011/02/12 08:33:30.0953 3652
2011/02/12 08:33:30.0953 3652 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/12 08:33:30.0953 3652 Product type: Workstation
2011/02/12 08:33:30.0953 3652 ComputerName: BIGCHILL
2011/02/12 08:33:30.0953 3652 UserName: Harvey
2011/02/12 08:33:30.0953 3652 Windows directory: C:\WINDOWS
2011/02/12 08:33:30.0953 3652 System windows directory: C:\WINDOWS
2011/02/12 08:33:30.0953 3652 Processor architecture: Intel x86
2011/02/12 08:33:30.0953 3652 Number of processors: 1
2011/02/12 08:33:30.0953 3652 Page size: 0x1000
2011/02/12 08:33:30.0953 3652 Boot type: Normal boot
2011/02/12 08:33:30.0953 3652 ================================================================================
2011/02/12 08:33:47.0593 3652 Initialize success
2011/02/12 08:33:53.0156 0320 ================================================================================
2011/02/12 08:33:53.0156 0320 Scan started
2011/02/12 08:33:53.0156 0320 Mode: Manual;
2011/02/12 08:33:53.0156 0320 ================================================================================
2011/02/12 08:33:53.0640 0320 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/02/12 08:33:53.0781 0320 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/12 08:33:53.0828 0320 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/12 08:33:53.0953 0320 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/12 08:33:54.0015 0320 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/02/12 08:33:54.0062 0320 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/12 08:33:54.0328 0320 AnyDVD (198938a4c2b165e1778740a01c2f0690) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/02/12 08:33:54.0375 0320 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/12 08:33:54.0531 0320 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/12 08:33:54.0625 0320 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/12 08:33:54.0718 0320 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/12 08:33:54.0796 0320 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/12 08:33:54.0843 0320 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/02/12 08:33:54.0921 0320 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/02/12 08:33:54.0984 0320 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/12 08:33:55.0031 0320 bkn50USB (6d39682a1051a5be7437ec99f1bf9921) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
2011/02/12 08:33:55.0062 0320 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/12 08:33:55.0093 0320 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/12 08:33:55.0203 0320 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/12 08:33:55.0265 0320 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/12 08:33:55.0328 0320 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/12 08:33:55.0640 0320 DELTAII (20a04d8077cccba1711070eb01f02afb) C:\WINDOWS\system32\DRIVERS\deltaII.sys
2011/02/12 08:33:55.0718 0320 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/12 08:33:55.0781 0320 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/12 08:33:55.0812 0320 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/12 08:33:55.0859 0320 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/12 08:33:55.0921 0320 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/12 08:33:56.0000 0320 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/02/12 08:33:56.0031 0320 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/02/12 08:33:56.0062 0320 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2011/02/12 08:33:56.0125 0320 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/12 08:33:56.0187 0320 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/12 08:33:56.0250 0320 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/02/12 08:33:56.0328 0320 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/12 08:33:56.0359 0320 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/12 08:33:56.0406 0320 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/12 08:33:56.0468 0320 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/12 08:33:56.0515 0320 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/12 08:33:56.0546 0320 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/12 08:33:56.0593 0320 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/12 08:33:56.0656 0320 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/12 08:33:56.0703 0320 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/12 08:33:56.0765 0320 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/02/12 08:33:56.0828 0320 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/12 08:33:56.0953 0320 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/12 08:33:57.0109 0320 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/12 08:33:57.0171 0320 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/12 08:33:57.0265 0320 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/12 08:33:57.0328 0320 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/12 08:33:57.0390 0320 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/12 08:33:57.0453 0320 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/12 08:33:57.0515 0320 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/12 08:33:57.0546 0320 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/12 08:33:57.0593 0320 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/12 08:33:57.0640 0320 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/12 08:33:57.0703 0320 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/12 08:33:57.0750 0320 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/12 08:33:57.0812 0320 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/12 08:33:57.0875 0320 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/12 08:33:57.0921 0320 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/02/12 08:33:57.0984 0320 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/02/12 08:33:58.0093 0320 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/02/12 08:33:58.0203 0320 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/02/12 08:33:58.0265 0320 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/02/12 08:33:58.0359 0320 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/02/12 08:33:58.0421 0320 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/02/12 08:33:58.0500 0320 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/12 08:33:58.0546 0320 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/12 08:33:58.0609 0320 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/12 08:33:58.0656 0320 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/12 08:33:58.0703 0320 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/12 08:33:58.0812 0320 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/12 08:33:58.0875 0320 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/12 08:33:59.0187 0320 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/02/12 08:33:59.0265 0320 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/12 08:33:59.0312 0320 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/12 08:33:59.0359 0320 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/12 08:33:59.0390 0320 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/12 08:33:59.0437 0320 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/12 08:33:59.0500 0320 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/12 08:33:59.0562 0320 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
2011/02/12 08:33:59.0609 0320 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/12 08:33:59.0687 0320 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/12 08:33:59.0750 0320 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/12 08:33:59.0781 0320 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/12 08:33:59.0843 0320 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/12 08:33:59.0890 0320 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/12 08:33:59.0906 0320 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/12 08:33:59.0937 0320 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/12 08:33:59.0968 0320 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/12 08:34:00.0000 0320 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/12 08:34:00.0125 0320 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/12 08:34:00.0156 0320 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/12 08:34:00.0203 0320 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/12 08:34:00.0328 0320 ntk_dtv (eb5b633318e7e217b8a85ac476b4270f) C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys
2011/02/12 08:34:00.0390 0320 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/12 08:34:00.0562 0320 nv (34c114da0a5e03219444e46f122ff5a3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/12 08:34:00.0734 0320 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/12 08:34:00.0765 0320 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/12 08:34:00.0812 0320 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/12 08:34:00.0859 0320 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/12 08:34:00.0890 0320 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/12 08:34:00.0921 0320 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/12 08:34:00.0968 0320 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/12 08:34:01.0031 0320 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/12 08:34:01.0078 0320 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/12 08:34:01.0390 0320 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/12 08:34:01.0468 0320 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/02/12 08:34:01.0500 0320 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/12 08:34:01.0546 0320 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/12 08:34:01.0593 0320 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/12 08:34:01.0656 0320 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/12 08:34:01.0875 0320 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/12 08:34:01.0937 0320 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/12 08:34:02.0000 0320 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/12 08:34:02.0031 0320 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/12 08:34:02.0093 0320 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/12 08:34:02.0140 0320 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/12 08:34:02.0203 0320 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/12 08:34:02.0281 0320 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/12 08:34:02.0328 0320 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/12 08:34:02.0484 0320 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2011/02/12 08:34:02.0578 0320 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/02/12 08:34:02.0671 0320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/12 08:34:02.0734 0320 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/12 08:34:02.0765 0320 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/12 08:34:02.0812 0320 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/12 08:34:02.0937 0320 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/12 08:34:03.0031 0320 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/12 08:34:03.0125 0320 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/12 08:34:03.0125 0320 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/02/12 08:34:03.0125 0320 sptd - detected Locked file (1)
2011/02/12 08:34:03.0187 0320 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/12 08:34:03.0218 0320 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/12 08:34:03.0312 0320 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/12 08:34:03.0343 0320 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/12 08:34:03.0406 0320 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/12 08:34:03.0640 0320 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/12 08:34:03.0718 0320 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/12 08:34:03.0781 0320 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/12 08:34:03.0859 0320 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/12 08:34:03.0921 0320 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/12 08:34:04.0093 0320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/12 08:34:04.0156 0320 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/12 08:34:04.0250 0320 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/12 08:34:04.0296 0320 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/12 08:34:04.0343 0320 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/12 08:34:04.0390 0320 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/12 08:34:04.0421 0320 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/12 08:34:04.0484 0320 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/12 08:34:04.0546 0320 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/12 08:34:04.0593 0320 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/12 08:34:04.0656 0320 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/02/12 08:34:04.0734 0320 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/12 08:34:04.0812 0320 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/12 08:34:04.0875 0320 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/12 08:34:04.0937 0320 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/02/12 08:34:05.0046 0320 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/12 08:34:05.0187 0320 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/12 08:34:05.0250 0320 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/12 08:34:05.0312 0320 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/12 08:34:05.0359 0320 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/12 08:34:05.0468 0320 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/12 08:34:05.0796 0320 ================================================================================
2011/02/12 08:34:05.0796 0320 Scan finished
2011/02/12 08:34:05.0796 0320 ================================================================================
2011/02/12 08:34:05.0812 1104 Detected object count: 2
2011/02/12 08:34:27.0390 1104 Locked file(sptd) - User select action: Skip
2011/02/12 08:34:27.0421 1104 \HardDisk0 - will be cured after reboot
2011/02/12 08:34:27.0421 1104 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/12 08:34:41.0687 2764 Deinitialize success







OTL logfile created on: 2/12/2011 9:42:47 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Harvey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 236.04 Gb Total Space | 157.75 Gb Free Space | 66.83% Space Free | Partition Type: NTFS
Drive D: | 229.72 Gb Total Space | 19.96 Gb Free Space | 8.69% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 411.04 Gb Free Space | 44.13% Space Free | Partition Type: NTFS
Drive I: | 153.38 Gb Total Space | 0.56 Gb Free Space | 0.37% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 14.68 Gb Free Space | 3.15% Space Free | Partition Type: NTFS

Computer Name: BIGCHILL | User Name: Harvey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/12 09:41:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harvey\Desktop\OTL.exe
PRC - [2011/01/26 17:57:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/01/26 17:57:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/24 07:33:46 | 010,494,037 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\Squeezebox\server\SqueezeSvr.exe
PRC - [2011/01/24 07:33:04 | 002,351,191 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\Squeezebox\SqueezeTray.exe
PRC - [2011/01/24 07:32:32 | 004,149,248 | ---- | M] () -- C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/15 13:36:57 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/15 13:36:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/30 16:50:06 | 000,179,384 | ---- | M] (Zecter Inc.) -- C:\Program Files\Zecter\ZumoCast\ZumoCast.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/05/18 15:41:50 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/05/06 04:32:28 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/03/01 17:26:26 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 17:26:24 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/05/25 12:14:52 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/03/02 18:55:46 | 000,072,736 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/03 09:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS\system32\DeltaIITray.exe
PRC - [2008/02/28 14:31:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/10/08 07:56:04 | 002,744,320 | ---- | M] () -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe
PRC - [2007/04/05 20:35:40 | 001,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2007/02/08 12:55:22 | 000,032,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2005/01/15 04:31:00 | 000,782,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe


========== Modules (SafeList) ==========

MOD - [2011/02/12 09:41:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harvey\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AnyTrial)
SRV - [2011/01/24 07:32:32 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/15 13:36:57 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/15 13:36:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/06 04:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/03/01 17:26:24 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/03/02 18:55:46 | 000,072,736 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2008/08/02 13:06:58 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/08/02 12:23:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/08 07:56:04 | 002,744,320 | ---- | M] () [Auto | Running] -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe -- (MusicIP Server)
SRV - [2007/04/05 20:35:40 | 001,543,614 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/02/05 09:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/15 04:31:00 | 000,782,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)


========== Driver Services (SafeList) ==========

DRV - [2010/12/15 13:36:29 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/04/29 12:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/03/18 04:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 04:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 04:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/03/10 22:48:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/04/26 16:27:30 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/02 18:55:52 | 000,072,688 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2008/10/17 21:01:13 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/05/09 12:56:13 | 000,099,264 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/04/13 23:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 23:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 23:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/03/03 09:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\deltaII.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV - [2008/02/28 14:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/08/07 14:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/04/19 12:26:00 | 003,988,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/16 10:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (bkn50USB)
DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/11/21 18:35:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2009/11/21 18:35:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/12 08:39:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/26 17:57:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/26 17:57:13 | 000,000,000 | ---D | M]

[2008/07/12 14:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Extensions
[2011/02/12 09:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions
[2011/01/26 18:01:09 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/10/31 23:08:28 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/01/26 18:01:08 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/11/08 08:58:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/26 18:01:06 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010/12/18 16:20:10 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009/03/21 09:05:15 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\LogMeInClient@logmein.com
[2010/01/25 23:16:04 | 000,000,000 | ---D | M] ("mReplay Live") -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\mreplaylive@mreplay.com
[2009/12/29 21:57:51 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\YoutubeDownloader@PeterOlayev.com
[2011/02/09 18:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/21 18:35:43 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/11/21 18:35:43 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/11/21 18:35:43 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/12/15 19:45:56 | 000,416,584 | ---- | M] (Lala Media) -- C:\Program Files\Mozilla Firefox\plugins\nplalaDl.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/09/12 13:49:11 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1957994488-179605362-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1957994488-179605362-839522115-1003..\Run: [ZumoCast] C:\Program Files\Zecter\ZumoCast\ZumoLauncher.lnk ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Squeezebox Server Tray Tool.lnk = C:\Program Files\Squeezebox\SqueezeTray.exe (SlimDevices - A Logitech Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1957994488-179605362-839522115-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1957994488-179605362-839522115-1003 Winlogon: Shell - (C:\Documents and Settings\Harvey\Application Data\dwm.exe) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Harvey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Harvey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/11 17:34:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 02:01:46 | 000,000,113 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/02/25 14:27:00 | 000,000,141 | ---- | M] () - K:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5f22c961-a00f-11df-970f-000cf17b0edb}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{aa51bc04-5041-11dd-bf49-806d6172696f}\Shell\AutoRun\command - "" = WD_Windows_Tools\setup.exe
O33 - MountPoints2\{aa51bc07-5041-11dd-bf49-80123fa158a1}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 04:42:36 | 000,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\H\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 04:42:36 | 000,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\K\Shell\AutoRun\command - "" = "Launch.exe" /run
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dpnsdial - (C:\WINDOWS\calcetup.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/12 09:42:18 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Harvey\Desktop\OTL.exe
[2011/02/12 08:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Application Data\AVG10
[2011/02/12 08:40:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/12 08:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/02/12 08:39:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/12 08:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/12 08:38:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/09 18:40:22 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/02/09 18:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/07 21:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/02/07 21:34:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Harvey\Recent
[2011/02/07 21:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/02/07 21:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/02/07 21:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Local Settings\Application Data\Temp
[2011/02/07 21:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2011/02/07 21:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safe Returner
[2011/02/07 21:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[2011/02/07 19:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Local Settings\Application Data\VS Revo Group
[2011/02/07 19:56:17 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/02/07 19:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/02/07 19:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/02/07 17:22:56 | 000,000,000 | ---D | C] -- C:\Malwarefix
[2011/02/04 09:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Desktop\SS logs
[2011/01/26 18:14:30 | 000,000,000 | ---D | C] -- C:\updates
[2011/01/26 18:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Squeezebox Server
[2011/01/26 18:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Squeezebox
[2011/01/26 18:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Squeezebox
[2011/01/26 17:25:19 | 051,472,885 | ---- | C] (Logitech ) -- C:\Documents and Settings\Harvey\Desktop\SqueezeboxServer-7.5.3.exe
[2011/01/25 08:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/01/24 20:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/01/24 15:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Application Data\Usoz
[2011/01/24 15:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Application Data\Ezadni
[2011/01/24 15:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/01/24 13:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/01/24 13:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/01/24 13:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2004/11/30 00:08:30 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/12 09:41:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harvey\Desktop\OTL.exe
[2011/02/12 08:43:04 | 106,017,596 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/12 08:36:35 | 000,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/12 08:36:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/12 08:35:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/12 08:35:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/12 00:50:52 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/11 07:16:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/07 21:35:39 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/07 21:31:55 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 18:09:17 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/02/07 17:26:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/07 17:22:38 | 000,003,159 | ---- | M] () -- C:\Documents and Settings\Harvey\Desktop\mshta.rtf
[2011/02/04 17:19:09 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Harvey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/26 18:14:23 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Harvey\Desktop\Squeezebox Server.lnk
[2011/01/26 18:14:22 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Squeezebox Server Tray Tool.lnk
[2011/01/26 17:27:37 | 051,472,885 | ---- | M] (Logitech ) -- C:\Documents and Settings\Harvey\Desktop\SqueezeboxServer-7.5.3.exe
[2011/01/26 12:00:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/25 08:15:01 | 000,011,034 | ---- | M] () -- C:\WINDOWS\System32\345.js
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/12 08:43:04 | 106,017,596 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/07 21:31:55 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/07 21:31:55 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 21:30:22 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/07 21:30:22 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/07 17:22:38 | 000,003,159 | ---- | C] () -- C:\Documents and Settings\Harvey\Desktop\mshta.rtf
[2011/01/26 18:14:23 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Harvey\Desktop\Squeezebox Server.lnk
[2011/01/26 18:14:22 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Squeezebox Server Tray Tool.lnk
[2011/01/24 06:15:02 | 000,011,034 | ---- | C] () -- C:\WINDOWS\System32\345.js
[2010/12/05 17:05:32 | 000,004,512 | ---- | C] () -- C:\Documents and Settings\Harvey\Application Data\DD8A.BBF
[2010/09/22 22:22:19 | 000,021,998 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SlingSetup.log
[2010/08/27 18:01:05 | 000,617,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ITFW.log
[2010/03/10 22:48:14 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/24 21:57:35 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2010/02/24 21:57:35 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2010/02/24 21:57:34 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2010/02/24 21:57:34 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2010/02/24 21:57:34 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2010/02/24 21:57:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/02/24 21:57:34 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2010/02/24 21:57:34 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2010/02/24 21:57:34 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2010/02/24 21:37:17 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Harvey\Application Data\default.rss
[2010/02/24 21:33:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/10 18:57:17 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/02/10 18:57:17 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/02/10 18:57:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/02/10 18:56:06 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/02/10 18:56:02 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/01/10 16:50:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/14 17:04:45 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/01/19 13:30:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/11/16 14:44:21 | 000,015,003 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/10/06 22:29:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/09/16 20:59:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/22 18:41:00 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/08/21 22:10:50 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Harvey\Application Data\$_hpcst$.hpc
[2008/08/05 22:03:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/08/02 13:31:59 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\Harvey\Application Data\iPod Access v4 Prefs
[2008/08/02 13:30:57 | 000,000,046 | -H-- | C] () -- C:\Documents and Settings\Harvey\Application Data\iPodAccessv4_OwnerName
[2008/08/02 13:30:14 | 000,000,011 | -H-- | C] () -- C:\Documents and Settings\Harvey\Application Data\iPodAccess_Time
[2008/07/30 19:04:20 | 000,074,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/07/20 17:29:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/12 19:09:29 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Harvey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/12 14:23:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/07/11 13:26:33 | 000,004,537 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/05/16 13:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 13:01:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/06/24 00:20:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >







OTL Extras logfile created on: 2/12/2011 9:42:47 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Harvey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 236.04 Gb Total Space | 157.75 Gb Free Space | 66.83% Space Free | Partition Type: NTFS
Drive D: | 229.72 Gb Total Space | 19.96 Gb Free Space | 8.69% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 411.04 Gb Free Space | 44.13% Space Free | Partition Type: NTFS
Drive I: | 153.38 Gb Total Space | 0.56 Gb Free Space | 0.37% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 14.68 Gb Free Space | 3.15% Space Free | Partition Type: NTFS

Computer Name: BIGCHILL | User Name: Harvey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.scr [@ = scrfile] -- "%1" /S

[HKEY_USERS\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [tralih] -- "C:\Program Files\Trader's Little Helper\tralih.exe" /0 "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:RPC port
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"9092:TCP" = 9092:TCP:*:Enabled:Squeezebox Server 9092 tcp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe" = C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe:*:Enabled:DIRECTV2PC™ -- (DIRECTV Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dmremote.exe" = C:\WINDOWS\system32\dmremote.exe:*:Enabled:dmremote -- (Microsoft Corp.)
"C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicMixer.exe" = C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicMixer.exe:*:Enabled:MusicIP Mixer -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\Simplify Media\SimplifyMedia.exe" = C:\Program Files\Simplify Media\SimplifyMedia.exe:*:Enabled:Simplify Media
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe" = C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe:*:Enabled:DIRECTV2PC™ -- (DIRECTV Corp.)
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe" = C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe" = C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide -- ()
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe" = C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"G:\CDROMBB\SomBB.exe" = G:\CDROMBB\SomBB.exe:*:Enabled:SomBB
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\eMusic Download Manager\xulrunner\xulrunner.exe" = C:\Program Files\eMusic Download Manager\xulrunner\xulrunner.exe:*:Enabled:eMusic Download Manager -- (Mozilla Foundation)
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe" = C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer -- (Sling Media Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"c:\documents and settings\harvey\local settings\application data\asam.exe" = c:\documents and settings\harvey\local settings\application data\asam.exe:*:Enabled:enable
"C:\Program Files\AirVideoServer\AirVideoServer.exe" = C:\Program Files\AirVideoServer\AirVideoServer.exe:*:Enabled:Air Video Server -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe" = C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe:*:Enabled:Spiceworks Desktop Webserver by Apache -- (Apache Software Foundation)
"C:\Program Files\Spiceworks\bin\spiceworks-finder.exe" = C:\Program Files\Spiceworks\bin\spiceworks-finder.exe:*:Enabled:spiceworks-finder -- ()
"C:\Documents and Settings\Harvey\Desktop\TiVO Hacking\TyTool10r4\TyTool10r4\TyTool10r4.exe" = C:\Documents and Settings\Harvey\Desktop\TiVO Hacking\TyTool10r4\TyTool10r4\TyTool10r4.exe:*:Enabled:TyTool10r4 -- ()
"J:\CDROMBB\SomBB.exe" = J:\CDROMBB\SomBB.exe:*:Enabled:SomBB
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Disabled:Java™ Web Start Launcher -- (Sun Microsystems, Inc.)
"C:\Program Files\Zecter\ZumoCast\zumocast.exe" = C:\Program Files\Zecter\ZumoCast\zumocast.exe:*:Enabled:ZumoCast -- (Zecter Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.05
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8429A3E7-F308-47D5-9025-9823848D724C}" = Lala Music Mover
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{877e9b9a-212b-4f57-9ed9-58c12a8984c1}" = Nero 9
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC1E0881-66E8-4884-9B5B-580F957F5B9A}" = Sony DVD Architect Studio 4.5
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E26B7916-0201-45C3-8415-2FA24DDAEE37}" = iTunesFolderWatch
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5874895-A35A-4EF9-8720-8FA946AF842F}_is1" = Safe Returner version 1.27.9
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC™
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Air Video Server" = Air Video Server 2.2.7-update1
"AnyDVD" = AnyDVD
"At-Large Recorder 2" = At-Large Recorder 2
"AVG" = AVG 2011
"Belarc Advisor" = Belarc Advisor 7.2
"CCleaner" = CCleaner
"CD Wave Editor_is1" = CD Wave Editor 1.98
"CDRoller_is1" = CDRoller version 7.61
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Shorten Codec" = dBpowerAMP Shorten Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"dMC Sveta Portable Audio" = dMC Sveta Portable Audio
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"EPSON Printer and Utilities" = EPSON Printer Software
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"exPressit S.E. 2.1" = exPressit S.E. 2.1
"ExtractNow_is1" = ExtractNow
"FileZilla Client" = FileZilla Client 3.3.4.1
"FLAC" = FLAC 1.2.1b (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"foobar2000" = foobar2000 v0.9.5.4
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GameCenter" = GameCenter
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Handbrake" = Handbrake 0.9.4
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"InFlac" = InFlac 1.1.1
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC™
"iPod Access for Windows_is1" = iPod Access for Windows v4.0.5
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MusicIP Mixer_is1" = MusicIP Mixer 1.8.1
"MyDJ iTunes Plugin" = MusicIP MyDJ iTunes Plugin 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Orb" = Orb
"Picasa 3" = Picasa 3
"Pocket Player" = Pocket Player
"PROSet" = Intel® PRO Network Adapters and Drivers
"Rhapsody" = Rhapsody
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SP6" = Logitech SetPoint 6.1
"Spiceworks" = Spiceworks
"Squeezebox Server_is1" = Squeezebox Server 7.5.3
"Strat-O-Matic CD-ROM Ver15.0J" = Strat-O-Matic CD-ROM Ver15.0J
"SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008)
"Tag&Rename_is1" = Tag&Rename 3.5.2
"TradersLittleHelper_is1" = Trader's Little Helper 2.4.1
"Trillian" = Trillian
"VLC media player" = VLC media player 1.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebSlingPlayer ActiveX" = WebSlingPlayer ActiveX
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZumoCast" = ZumoCast

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2011 9:41:48 AM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 9:41:48 AM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 9:41:48 AM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 9:41:53 AM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 9:41:54 AM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 9:46:16 AM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/12/2011 9:46:18 AM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 10:40:35 AM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/12/2011 10:40:56 AM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 10:41:18 AM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 2/7/2011 6:37:23 PM | Computer Name = BIGCHILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/7/2011 6:37:59 PM | Computer Name = BIGCHILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/7/2011 6:38:17 PM | Computer Name = BIGCHILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/7/2011 6:40:34 PM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7000
Description = The BugSoft AnyTrial service failed to start due to the following
error: %%2

Error - 2/7/2011 7:03:25 PM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The MD Simple Burner Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/7/2011 7:06:57 PM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7000
Description = The BugSoft AnyTrial service failed to start due to the following
error: %%2

Error - 2/7/2011 10:25:06 PM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The CLDTVHNService service terminated unexpectedly. It has done this
1 time(s).

Error - 2/7/2011 10:25:06 PM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The SqueezeMySQL service terminated unexpectedly. It has done this
1 time(s).

Error - 2/12/2011 9:34:45 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The MD Simple Burner Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/12/2011 9:36:25 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7000
Description = The BugSoft AnyTrial service failed to start due to the following
error: %%2


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:03 AM

Posted 12 February 2011 - 10:20 AM

venuslight,

2011/02/12 08:34:27.0421 1104 \HardDisk0 - will be cured after reboot
2011/02/12 08:34:27.0421 1104 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/12 08:34:41.0687 2764 Deinitialize success


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (AnyTrial)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992
    IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    O4 - HKLM..\Run: [] File not found
    O20 - HKU\S-1-5-21-1957994488-179605362-839522115-1003 Winlogon: Shell - (C:\Documents and Settings\Harvey\Application Data\dwm.exe) - File not found
    O33 - MountPoints2\{5f22c961-a00f-11df-970f-000cf17b0edb}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
    O33 - MountPoints2\{aa51bc04-5041-11dd-bf49-806d6172696f}\Shell\AutoRun\command - "" = WD_Windows_Tools\setup.exe
    O33 - MountPoints2\{aa51bc07-5041-11dd-bf49-80123fa158a1}\Shell\AutoRun\command - "" = setupSNK.exe
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 04:42:36 | 000,023,040 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 04:42:36 | 000,023,040 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\K\Shell\AutoRun\command - "" = "Launch.exe" /run
    O36 - AppCertDlls: dpnsdial - (C:\WINDOWS\calcetup.dll) - File not found
    [2011/01/24 15:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Application Data\Usoz
    [2011/01/24 15:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Application Data\Ezadni
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/01/25 08:15:01 | 000,011,034 | ---- | M] () -- C:\WINDOWS\System32\345.js
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/01/24 06:15:02 | 000,011,034 | ---- | C] () -- C:\WINDOWS\System32\345.js
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Please be sure to include an update on how things are currently running.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 venuslight

venuslight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 12 February 2011 - 11:20 AM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service AnyTrial stopped successfully!
Service AnyTrial deleted successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1957994488-179605362-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Harvey\Application Data\dwm.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f22c961-a00f-11df-970f-000cf17b0edb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f22c961-a00f-11df-970f-000cf17b0edb}\ not found.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa51bc04-5041-11dd-bf49-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa51bc04-5041-11dd-bf49-806d6172696f}\ not found.
File WD_Windows_Tools\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa51bc07-5041-11dd-bf49-80123fa158a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa51bc07-5041-11dd-bf49-80123fa158a1}\ not found.
File setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
C:\WINDOWS\system32\setup.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
File C:\WINDOWS\System32\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
File "Launch.exe" /run not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\dpnsdial:C:\WINDOWS\calcetup.dll deleted successfully.
C:\Documents and Settings\Harvey\Application Data\Usoz folder moved successfully.
C:\Documents and Settings\Harvey\Application Data\Ezadni folder moved successfully.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\002656_.tmp deleted successfully.
C:\WINDOWS\S1E008818.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1BF.tmp deleted successfully.
C:\WINDOWS\System32\SET1C4.tmp deleted successfully.
C:\WINDOWS\System32\SET1CB.tmp deleted successfully.
C:\WINDOWS\system32\345.js moved successfully.
File C:\WINDOWS\System32\345.js not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Harvey\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Harvey\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 32945167 bytes
->Flash cache emptied: 1294 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Harvey
->Temp folder emptied: 22073246 bytes
->Temporary Internet Files folder emptied: 91420 bytes
->Java cache emptied: 86853061 bytes
->FireFox cache emptied: 89185553 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 1150 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 15602441 bytes
->Java cache emptied: 28768 bytes
->Flash cache emptied: 64294 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 819602 bytes
->Java cache emptied: 8119 bytes
->Flash cache emptied: 15903 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 791321 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 46424 bytes
RecycleBin emptied: 4476003 bytes

Total Files Cleaned = 242.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Harvey
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02122011_103540

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...







Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/12/2011 11:16:41 AM
mbam-log-2011-02-12 (11-16-41).txt

Scan type: Quick scan
Objects scanned: 133682
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:03 AM

Posted 12 February 2011 - 02:30 PM

venuslight,

Please be sure to include an update on how things are currently running.


Your using an outdated version of MBAM.

Please update it to the latest version:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 venuslight

venuslight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 12 February 2011 - 06:11 PM

I thought I had updated Malwarebytes. It installed the update, but didn't relaunch. I assumed it had updated. Apparently it had not. I uninstalled, and reinstalled the most recent version. It found one issue and fixed it. The log is pasted below.

As far as PC performance, it seems to be doing okay. The google browser redirect seems to be fixed. The reason I realized there was a problem was with the Squeezebox Server app. It needs to access the internet to retrieve some settings and it was unable to. When I went to their tech support, they saw this:

I had another look at your
> processes, and the port used by the proxy and found something rather
> discouraging.
>
> 127.0.0.1:54586
>
> This is a local Proxy, meaning it's redirecting web traffic to something
> locally installed on your PC.
>
> mshta.exe 5992 N/A
> mshta.exe 4712 N/A
> mshta.exe 5772 N/A
> mshta.exe 5544 N/A
> mshta.exe 4352 N/A
> mshta.exe 1396 N/A
> mshta.exe 3288 N/A
> mshta.exe 6128 N/A
> mshta.exe 452 N/A
> mshta.exe 5272 N/A
> mshta.exe 5740 N/A
> mshta.exe 4616 N/A
> mshta.exe 4752 N/A
> mshta.exe 4412 N/A
> mshta.exe 5888 N/A
>
> The above, are processes running on your computer designed to host local
> HTML content, usually used for those Active Desktop for those News Tickers
> on Windows, but it can also be used for Ad-Ware. We usually don't see so
> many of them running..
>
> You might want to run a Virus and Adware scan..AVG is good, but it's by no
> means perfect. I would suggest running this, on top of AVG:
>

That clued me into the issue. Even after the fixes that we have done, the app is still unable to access the internet.


Thanks again for all your help. The MBAM log is below.




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5750

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/12/2011 6:06:48 PM
mbam-log-2011-02-12 (18-06-48).txt

Scan type: Quick scan
Objects scanned: 168651
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Harvey\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:03 AM

Posted 12 February 2011 - 06:19 PM

That clued me into the issue. Even after the fixes that we have done, the app is still unable to access the internet.

I will grab a new OTL log a little later in this post, so we can see if we can figure out why it's unable to connect to the internet.


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:




Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 venuslight

venuslight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 February 2011 - 11:07 AM

Thanks for your continued assistance, ST. Here are your requested logs. Let me know if you need anything else.





C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudVirusResponseLab.zip Win32/Bagle.gen.zip worm
C:\WINDOWS\system32\333.js JS/TrojanDownloader.Agent.NWG trojan
C:\_OTL\MovedFiles\02122011_103540\C_WINDOWS\system32\345.js JS/TrojanDownloader.Agent.NWG trojan
D:\MY STUFF\Downloaded Programs\Nero+Vision Express+ImageDrive+Serials+Plugins.zip multiple threats
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE.rar probably a variant of Win32/Agent.GLKVOBP trojan
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\keygen.exe probably a variant of Win32/Agent.GLKVOBP trojan
D:\MY STUFF\Downloaded Programs\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
D:\MY STUFF\Downloads\Instant Cake 6.2\instantcake-dvr40-6[1].2-01-2-321.iso INF/Autorun.gen trojan
D:\MY STUFF\Downloads\ptvnet62-1.10.iso\ptvnet62-1.10.iso INF/Autorun.gen trojan
K:\FROM EXT FIREWIRE\downloaded stuff\helium_2007.zip probably a variant of Win32/Agent.EAFMSSF trojan
K:\FROM EXT FIREWIRE\downloaded stuff\OrangeCD.Suite.v6.0.8.10916.zip probably a variant of Win32/Agent.MTLAOGF trojan




Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 13
Out of date Java installed!
Adobe Flash Player 10.0.22.87
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Harvey Desktop Fix Malware SecurityCheck.exe
``````````End of Log````````````






OTL logfile created on: 2/13/2011 9:16:44 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Harvey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 236.04 Gb Total Space | 157.70 Gb Free Space | 66.81% Space Free | Partition Type: NTFS
Drive D: | 229.72 Gb Total Space | 19.95 Gb Free Space | 8.68% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 408.32 Gb Free Space | 43.83% Space Free | Partition Type: NTFS
Drive I: | 153.38 Gb Total Space | 0.56 Gb Free Space | 0.37% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 14.68 Gb Free Space | 3.15% Space Free | Partition Type: NTFS

Computer Name: BIGCHILL | User Name: Harvey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/12 09:41:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harvey\Desktop\OTL.exe
PRC - [2011/01/26 17:57:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/01/26 17:57:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/24 07:33:46 | 010,494,037 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\Squeezebox\server\SqueezeSvr.exe
PRC - [2011/01/24 07:33:04 | 002,351,191 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\Squeezebox\SqueezeTray.exe
PRC - [2011/01/24 07:32:32 | 004,149,248 | ---- | M] () -- C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/15 13:36:57 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/15 13:36:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/30 16:50:06 | 000,179,384 | ---- | M] (Zecter Inc.) -- C:\Program Files\Zecter\ZumoCast\ZumoCast.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/02 18:55:46 | 000,072,736 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 07:56:04 | 002,744,320 | ---- | M] () -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe
PRC - [2007/04/05 20:35:40 | 001,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2007/02/08 12:55:22 | 000,032,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/01/15 04:31:00 | 000,782,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe


========== Modules (SafeList) ==========

MOD - [2011/02/12 09:41:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harvey\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/01/24 07:32:32 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/15 13:36:57 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/15 13:36:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/06 04:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/03/01 17:26:24 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/03/02 18:55:46 | 000,072,736 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2008/08/02 13:06:58 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/08/02 12:23:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/08 07:56:04 | 002,744,320 | ---- | M] () [Auto | Running] -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe -- (MusicIP Server)
SRV - [2007/04/05 20:35:40 | 001,543,614 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/02/05 09:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/15 04:31:00 | 000,782,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)


========== Driver Services (SafeList) ==========

DRV - [2010/12/15 13:36:29 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/04/29 12:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/03/18 04:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 04:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 04:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/03/10 22:48:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/04/26 16:27:30 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/02 18:55:52 | 000,072,688 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2008/10/17 21:01:13 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/05/09 12:56:13 | 000,099,264 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/04/13 23:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 23:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 23:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/03/03 09:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\deltaII.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV - [2008/02/28 14:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/08/07 14:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/04/19 12:26:00 | 003,988,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/16 10:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (bkn50USB)
DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-179605362-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/11/21 18:35:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2009/11/21 18:35:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/12 08:39:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/26 17:57:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/26 17:57:13 | 000,000,000 | ---D | M]

[2008/07/12 14:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Extensions
[2011/02/12 22:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions
[2011/01/26 18:01:09 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/10/31 23:08:28 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/01/26 18:01:08 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/11/08 08:58:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/26 18:01:06 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010/12/18 16:20:10 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009/03/21 09:05:15 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\LogMeInClient@logmein.com
[2010/01/25 23:16:04 | 000,000,000 | ---D | M] ("mReplay Live") -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\mreplaylive@mreplay.com
[2009/12/29 21:57:51 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\Harvey\Application Data\Mozilla\Firefox\Profiles\7edbedkr.default\extensions\YoutubeDownloader@PeterOlayev.com
[2011/02/12 22:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/21 18:35:43 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/11/21 18:35:43 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/11/21 18:35:43 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/12/15 19:45:56 | 000,416,584 | ---- | M] (Lala Media) -- C:\Program Files\Mozilla Firefox\plugins\nplalaDl.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/02/12 10:35:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1957994488-179605362-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1957994488-179605362-839522115-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1957994488-179605362-839522115-1003..\Run: [ZumoCast] C:\Program Files\Zecter\ZumoCast\ZumoLauncher.lnk ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Squeezebox Server Tray Tool.lnk = C:\Program Files\Squeezebox\SqueezeTray.exe (SlimDevices - A Logitech Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1957994488-179605362-839522115-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Harvey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Harvey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/11 17:34:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 02:01:46 | 000,000,113 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/02/25 14:27:00 | 000,000,141 | ---- | M] () - K:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/12 22:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/12 18:02:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/12 18:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/12 18:02:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/12 18:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/12 10:35:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/12 09:42:18 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Harvey\Desktop\OTL.exe
[2011/02/12 08:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Application Data\AVG10
[2011/02/12 08:40:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/12 08:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/02/12 08:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/12 08:38:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/09 18:40:22 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/02/09 18:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/07 21:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/02/07 21:34:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Harvey\Recent
[2011/02/07 21:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/02/07 21:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/02/07 21:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Local Settings\Application Data\Temp
[2011/02/07 21:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2011/02/07 21:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safe Returner
[2011/02/07 21:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[2011/02/07 19:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Local Settings\Application Data\VS Revo Group
[2011/02/07 19:56:17 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/02/07 19:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/02/07 19:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/02/07 17:22:56 | 000,000,000 | ---D | C] -- C:\Malwarefix
[2011/02/04 09:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harvey\Desktop\SS logs
[2011/01/26 18:14:30 | 000,000,000 | ---D | C] -- C:\updates
[2011/01/26 18:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Squeezebox Server
[2011/01/26 18:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Squeezebox
[2011/01/26 18:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Squeezebox
[2011/01/26 17:25:19 | 051,472,885 | ---- | C] (Logitech ) -- C:\Documents and Settings\Harvey\Desktop\SqueezeboxServer-7.5.3.exe
[2011/01/25 08:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/01/24 20:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/01/24 15:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/01/24 13:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/01/24 13:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/01/24 13:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2004/11/30 00:08:30 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll

========== Files - Modified Within 30 Days ==========

[2011/02/12 21:35:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/12 18:45:32 | 106,018,717 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/12 18:12:47 | 000,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/12 18:12:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/12 18:02:23 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/12 10:35:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/12 09:41:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harvey\Desktop\OTL.exe
[2011/02/12 08:35:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/12 00:50:52 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/11 07:16:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/07 21:35:39 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/07 21:31:55 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 18:09:17 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/02/07 17:26:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/07 17:22:38 | 000,003,159 | ---- | M] () -- C:\Documents and Settings\Harvey\Desktop\mshta.rtf
[2011/02/04 17:19:09 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Harvey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/26 18:14:23 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Harvey\Desktop\Squeezebox Server.lnk
[2011/01/26 18:14:22 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Squeezebox Server Tray Tool.lnk
[2011/01/26 17:27:37 | 051,472,885 | ---- | M] (Logitech ) -- C:\Documents and Settings\Harvey\Desktop\SqueezeboxServer-7.5.3.exe
[2011/01/26 12:00:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/02/12 18:45:32 | 106,018,717 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/12 18:02:23 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/07 21:31:55 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/07 21:31:55 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 21:30:22 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/07 21:30:22 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/07 17:22:38 | 000,003,159 | ---- | C] () -- C:\Documents and Settings\Harvey\Desktop\mshta.rtf
[2011/01/26 18:14:23 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Harvey\Desktop\Squeezebox Server.lnk
[2011/01/26 18:14:22 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Squeezebox Server Tray Tool.lnk
[2010/12/05 17:05:32 | 000,004,512 | ---- | C] () -- C:\Documents and Settings\Harvey\Application Data\DD8A.BBF
[2010/09/22 22:22:19 | 000,021,998 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SlingSetup.log
[2010/08/27 18:01:05 | 000,617,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ITFW.log
[2010/03/10 22:48:14 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/24 21:57:35 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2010/02/24 21:57:35 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2010/02/24 21:57:34 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2010/02/24 21:57:34 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2010/02/24 21:57:34 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2010/02/24 21:57:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/02/24 21:57:34 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2010/02/24 21:57:34 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2010/02/24 21:57:34 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2010/02/24 21:37:17 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Harvey\Application Data\default.rss
[2010/02/24 21:33:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/10 18:57:17 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/02/10 18:57:17 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/02/10 18:57:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/02/10 18:56:06 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/02/10 18:56:02 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/01/10 16:50:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/14 17:04:45 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/01/19 13:30:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/11/16 14:44:21 | 000,015,003 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/10/06 22:29:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/09/16 20:59:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/22 18:41:00 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/08/21 22:10:50 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Harvey\Application Data\$_hpcst$.hpc
[2008/08/05 22:03:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/08/02 13:31:59 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\Harvey\Application Data\iPod Access v4 Prefs
[2008/08/02 13:30:57 | 000,000,046 | -H-- | C] () -- C:\Documents and Settings\Harvey\Application Data\iPodAccessv4_OwnerName
[2008/08/02 13:30:14 | 000,000,011 | -H-- | C] () -- C:\Documents and Settings\Harvey\Application Data\iPodAccess_Time
[2008/07/30 19:04:20 | 000,074,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/07/20 17:29:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/12 19:09:29 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Harvey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/12 14:23:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/07/11 13:26:33 | 000,004,537 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/05/16 13:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 13:01:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/06/24 00:20:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >







OTL Extras logfile created on: 2/13/2011 9:16:44 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Harvey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 236.04 Gb Total Space | 157.70 Gb Free Space | 66.81% Space Free | Partition Type: NTFS
Drive D: | 229.72 Gb Total Space | 19.95 Gb Free Space | 8.68% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 408.32 Gb Free Space | 43.83% Space Free | Partition Type: NTFS
Drive I: | 153.38 Gb Total Space | 0.56 Gb Free Space | 0.37% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 14.68 Gb Free Space | 3.15% Space Free | Partition Type: NTFS

Computer Name: BIGCHILL | User Name: Harvey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.scr [@ = scrfile] -- "%1" /S

[HKEY_USERS\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [tralih] -- "C:\Program Files\Trader's Little Helper\tralih.exe" /0 "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:RPC port
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"9092:TCP" = 9092:TCP:*:Enabled:Squeezebox Server 9092 tcp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe" = C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe:*:Enabled:DIRECTV2PC™ -- (DIRECTV Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dmremote.exe" = C:\WINDOWS\system32\dmremote.exe:*:Enabled:dmremote -- (Microsoft Corp.)
"C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicMixer.exe" = C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicMixer.exe:*:Enabled:MusicIP Mixer -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\Simplify Media\SimplifyMedia.exe" = C:\Program Files\Simplify Media\SimplifyMedia.exe:*:Enabled:Simplify Media
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe" = C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe:*:Enabled:DIRECTV2PC™ -- (DIRECTV Corp.)
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe" = C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe" = C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide -- ()
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe" = C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"G:\CDROMBB\SomBB.exe" = G:\CDROMBB\SomBB.exe:*:Enabled:SomBB
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\eMusic Download Manager\xulrunner\xulrunner.exe" = C:\Program Files\eMusic Download Manager\xulrunner\xulrunner.exe:*:Enabled:eMusic Download Manager -- (Mozilla Foundation)
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe" = C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer -- (Sling Media Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"c:\documents and settings\harvey\local settings\application data\asam.exe" = c:\documents and settings\harvey\local settings\application data\asam.exe:*:Enabled:enable
"C:\Program Files\AirVideoServer\AirVideoServer.exe" = C:\Program Files\AirVideoServer\AirVideoServer.exe:*:Enabled:Air Video Server -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe" = C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe:*:Enabled:Spiceworks Desktop Webserver by Apache -- (Apache Software Foundation)
"C:\Program Files\Spiceworks\bin\spiceworks-finder.exe" = C:\Program Files\Spiceworks\bin\spiceworks-finder.exe:*:Enabled:spiceworks-finder -- ()
"C:\Documents and Settings\Harvey\Desktop\TiVO Hacking\TyTool10r4\TyTool10r4\TyTool10r4.exe" = C:\Documents and Settings\Harvey\Desktop\TiVO Hacking\TyTool10r4\TyTool10r4\TyTool10r4.exe:*:Enabled:TyTool10r4 -- ()
"J:\CDROMBB\SomBB.exe" = J:\CDROMBB\SomBB.exe:*:Enabled:SomBB
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Disabled:Java™ Web Start Launcher -- (Sun Microsystems, Inc.)
"C:\Program Files\Zecter\ZumoCast\zumocast.exe" = C:\Program Files\Zecter\ZumoCast\zumocast.exe:*:Enabled:ZumoCast -- (Zecter Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.05
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8429A3E7-F308-47D5-9025-9823848D724C}" = Lala Music Mover
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{877e9b9a-212b-4f57-9ed9-58c12a8984c1}" = Nero 9
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC1E0881-66E8-4884-9B5B-580F957F5B9A}" = Sony DVD Architect Studio 4.5
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E26B7916-0201-45C3-8415-2FA24DDAEE37}" = iTunesFolderWatch
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5874895-A35A-4EF9-8720-8FA946AF842F}_is1" = Safe Returner version 1.27.9
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC™
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Air Video Server" = Air Video Server 2.2.7-update1
"AnyDVD" = AnyDVD
"At-Large Recorder 2" = At-Large Recorder 2
"AVG" = AVG 2011
"Belarc Advisor" = Belarc Advisor 7.2
"CCleaner" = CCleaner
"CD Wave Editor_is1" = CD Wave Editor 1.98
"CDRoller_is1" = CDRoller version 7.61
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Shorten Codec" = dBpowerAMP Shorten Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"dMC Sveta Portable Audio" = dMC Sveta Portable Audio
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"exPressit S.E. 2.1" = exPressit S.E. 2.1
"ExtractNow_is1" = ExtractNow
"FileZilla Client" = FileZilla Client 3.3.4.1
"FLAC" = FLAC 1.2.1b (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"foobar2000" = foobar2000 v0.9.5.4
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GameCenter" = GameCenter
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Handbrake" = Handbrake 0.9.4
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"InFlac" = InFlac 1.1.1
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC™
"iPod Access for Windows_is1" = iPod Access for Windows v4.0.5
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MusicIP Mixer_is1" = MusicIP Mixer 1.8.1
"MyDJ iTunes Plugin" = MusicIP MyDJ iTunes Plugin 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Orb" = Orb
"Picasa 3" = Picasa 3
"Pocket Player" = Pocket Player
"PROSet" = Intel® PRO Network Adapters and Drivers
"Rhapsody" = Rhapsody
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SP6" = Logitech SetPoint 6.1
"Spiceworks" = Spiceworks
"Squeezebox Server_is1" = Squeezebox Server 7.5.3
"Strat-O-Matic CD-ROM Ver15.0J" = Strat-O-Matic CD-ROM Ver15.0J
"SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008)
"Tag&Rename_is1" = Tag&Rename 3.5.2
"TradersLittleHelper_is1" = Trader's Little Helper 2.4.1
"Trillian" = Trillian
"VLC media player" = VLC media player 1.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebSlingPlayer ActiveX" = WebSlingPlayer ActiveX
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZumoCast" = ZumoCast

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2011 12:06:33 PM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/12/2011 6:56:27 PM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/12/2011 6:56:37 PM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 6:56:37 PM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 11:00:49 PM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/12/2011 11:00:49 PM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 11:00:52 PM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 11:00:52 PM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2011 11:01:16 PM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/12/2011 11:01:45 PM | Computer Name = BIGCHILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 2/12/2011 11:35:48 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/12/2011 11:35:48 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/12/2011 11:35:48 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The CLDTVHNService service terminated unexpectedly. It has done this
1 time(s).

Error - 2/12/2011 11:35:48 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The iPAHelper.exe service terminated unexpectedly. It has done this
1 time(s).

Error - 2/12/2011 11:35:48 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The LMIGuardianSvc service terminated unexpectedly. It has done this
1 time(s).

Error - 2/12/2011 11:35:48 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Maintenance Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/12/2011 11:35:48 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 2/12/2011 11:35:48 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The SqueezeMySQL service terminated unexpectedly. It has done this
1 time(s).

Error - 2/12/2011 11:35:48 AM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/12/2011 7:10:40 PM | Computer Name = BIGCHILL | Source = Service Control Manager | ID = 7034
Description = The MD Simple Burner Service service terminated unexpectedly. It
has done this 1 time(s).


< End of report >

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:03 AM

Posted 13 February 2011 - 12:32 PM

Hello venuslight,

Lets review your ESET Online Scanner log:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudVirusResponseLab.zip Win32/Bagle.gen.zip worm
C:\WINDOWS\system32\333.js JS/TrojanDownloader.Agent.NWG trojan
D:\MY STUFF\Downloaded Programs\Nero+Vision Express+ImageDrive+Serials+Plugins.zip multiple threats
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE.rar probably a variant of Win32/Agent.GLKVOBP trojan
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\keygen.exe probably a variant of Win32/Agent.GLKVOBP trojan
D:\MY STUFF\Downloaded Programs\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
D:\MY STUFF\Downloads\Instant Cake 6.2\instantcake-dvr40-6[1].2-01-2-321.iso INF/Autorun.gen trojan
D:\MY STUFF\Downloads\ptvnet62-1.10.iso\ptvnet62-1.10.iso INF/Autorun.gen trojan
K:\FROM EXT FIREWIRE\downloaded stuff\helium_2007.zip probably a variant of Win32/Agent.EAFMSSF trojan
K:\FROM EXT FIREWIRE\downloaded stuff\OrangeCD.Suite.v6.0.8.10916.zip probably a variant of Win32/Agent.MTLAOGF trojan

We will remove the above files in a little while.

C:\_OTL\MovedFiles\02122011_103540\C_WINDOWS\system32\345.js JS/TrojanDownloader.Agent.NWG trojan

This will be removed once we clean-up our tools later.


A proxy was set for Internet Explorer which is most likely the cause for the issue your experiencing with not being able to connet.



NEXT:



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    
    :Reg
    
    :Files
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudVirusResponseLab.zip
    C:\WINDOWS\system32\333.js
    D:\MY STUFF\Downloaded Programs\Nero+Vision Express+ImageDrive+Serials+Plugins.zip
    D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\
    D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\
    D:\MY STUFF\Downloaded Programs\Nero 7.10.1.0\
    K:\FROM EXT FIREWIRE\downloaded stuff\helium_2007.zip
    K:\FROM EXT FIREWIRE\downloaded stuff\OrangeCD.Suite.v6.0.8.10916.zip
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Please be sure to include an update on how things are currently running.

Edited by SweetTech, 13 February 2011 - 12:51 PM.
removed 2 files from OTL script.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 venuslight

venuslight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 February 2011 - 12:47 PM

ST, I'm pretty sure the files in bold are not infected. Can I zip those apps up and then run the OTL fix code without those 2 lines?

Thanks


Hello venuslight,

Lets review your ESET Online Scanner log:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudVirusResponseLab.zip Win32/Bagle.gen.zip worm
C:\WINDOWS\system32\333.js JS/TrojanDownloader.Agent.NWG trojan
D:\MY STUFF\Downloaded Programs\Nero+Vision Express+ImageDrive+Serials+Plugins.zip multiple threats
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE.rar probably a variant of Win32/Agent.GLKVOBP trojan
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\keygen.exe probably a variant of Win32/Agent.GLKVOBP trojan
D:\MY STUFF\Downloaded Programs\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
D:\MY STUFF\Downloads\Instant Cake 6.2\instantcake-dvr40-6[1].2-01-2-321.iso INF/Autorun.gen trojan
D:\MY STUFF\Downloads\ptvnet62-1.10.iso\ptvnet62-1.10.iso INF/Autorun.gen trojan

K:\FROM EXT FIREWIRE\downloaded stuff\helium_2007.zip probably a variant of Win32/Agent.EAFMSSF trojan
K:\FROM EXT FIREWIRE\downloaded stuff\OrangeCD.Suite.v6.0.8.10916.zip probably a variant of Win32/Agent.MTLAOGF trojan

We will remove the above files in a little while.

C:\_OTL\MovedFiles\02122011_103540\C_WINDOWS\system32\345.js JS/TrojanDownloader.Agent.NWG trojan

This will be removed once we clean-up our tools later.



:Services
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudVirusResponseLab.zip
C:\WINDOWS\system32\333.js
D:\MY STUFF\Downloaded Programs\Nero+Vision Express+ImageDrive+Serials+Plugins.zip
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\
D:\MY STUFF\Downloaded Programs\Nero 7.10.1.0\
[b]D:\MY STUFF\Downloads\Instant Cake 6.2\
D:\MY STUFF\Downloads\ptvnet62-1.10.iso\[/b]
K:\FROM EXT FIREWIRE\downloaded stuff\helium_2007.zip
K:\FROM EXT FIREWIRE\downloaded stuff\OrangeCD.Suite.v6.0.8.10916.zip
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

[*]Push Posted Image
[*]OTL may ask to reboot the machine. Please do so if asked.
[*]Click Posted Image.
[*]A report will open. Copy and Paste that report in your next reply.
[*]If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
[/list]

NEXT:



Please be sure to include an update on how things are currently running.



#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:03 AM

Posted 13 February 2011 - 12:51 PM

I've edited my script in this post: http://www.bleepingcomputer.com/forums/topic378205.html/page__view__findpost__p__2132719

to remove those two files. I'd still suggest removing them, because they are being detected as infected, but it's your choice.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 venuslight

venuslight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 February 2011 - 01:22 PM

Here is the OTL log. The Squeezebox Server is still having trouble accessing the internet.


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudVirusResponseLab.zip moved successfully.
C:\WINDOWS\system32\333.js moved successfully.
D:\MY STUFF\Downloaded Programs\Nero+Vision Express+ImageDrive+Serials+Plugins.zip moved successfully.
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\More Downloads & Additional Resources folder moved successfully.
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE folder moved successfully.
D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE folder moved successfully.
Folder D:\MY STUFF\Downloaded Programs\IPod.Access.for.Windows.v4.0.5.Incl.Keymaker-CORE not found.
D:\MY STUFF\Downloaded Programs\Nero 7.10.1.0 folder moved successfully.
K:\FROM EXT FIREWIRE\downloaded stuff\helium_2007.zip moved successfully.
K:\FROM EXT FIREWIRE\downloaded stuff\OrangeCD.Suite.v6.0.8.10916.zip moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Harvey\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Harvey\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Harvey
->Temp folder emptied: 11947574 bytes
->Temporary Internet Files folder emptied: 6462006 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97358947 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 705 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 228 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 306876303 bytes

Total Files Cleaned = 403.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Harvey
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02132011_131154

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:03 AM

Posted 13 February 2011 - 01:35 PM

The Squeezebox Server is still having trouble accessing the internet.

I'm not familiar with Squeezebox Server, so I don't really know what type of settings it has. But you may want to check to see if you can find anything about a Proxy, and if you do uncheck it.

If your still not able to connect then after we finish up here you'll need to post in the Application forum here.

Are you experiencing any other issues with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 venuslight

venuslight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 February 2011 - 02:09 PM

So, do we think that we've gotten rid of all the gremlins?

What do I need to find out about the proxy? I'm not sure I understand what I am looking for. The Squeezebox people have really good support, so I can go to them. I just am not sure I know what to tell them.

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users