Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojen


  • This topic is locked This topic is locked
40 replies to this topic

#1 zazzer

zazzer

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 28 March 2011 - 07:45 AM

Hello, i did the preperation. here's a list of what ms security essentials said it removed. and the DDS text.
i think i've removed it all. i did run combofix before i had come here for help. also smith fraud , hijack this. clean up. i probably made it worse i suppose but the computer is running better. also i've spotexd some stuff in the startup that is wierd no explainiton of the exe files on google and i don't have the names handy now. also when i load office mailing program outlook i get an error that outlook needs outlook expres 4.1 or greater to you can install by running IE5setup.exe. and it's not where it's supposed to be and i get more errors when it trys to install, it never happens. but i can run outlook fine when i ok the error message.
ms security essentials removed the folowing>>

TrojanDownloader:QT/Wack.B
Exploit:Java?CVE-20100-840.BV
Exploit:Java?CVE-2010-0840.AS
TrojanDownloader:QT/Wack A
Exploit:Java?CVE-20100-840.BF
Trojan:JS/Tracur.gen.!B
TrojanDownloader:Java/openStreamAQ
TrojanDownloader:Java/openStreamAM
TrojanDownloader:Win32/Murlo.S


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Gerard at 11:44:55.07 on Mon 03/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2303.1520 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Documents and Settings\Gerard\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxps://picasaweb.google.com/s/v/71.25/uploader2.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301264034359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl45612a48;MpKsl45612a48;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c47e4062-7ed4-429b-82ac-7d5f65253f52}\MpKsl45612a48.sys [2011-3-28 28752]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2010-10-14 302472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-12-25 27632]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\amdtools.sys [?]
S1 MpKsl49a62867;MpKsl49a62867;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8202b91-680b-471a-85d9-b2d73f11d650}\mpksl49a62867.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8202b91-680b-471a-85d9-b2d73f11d650}\MpKsl49a62867.sys [?]
S2 LmHosts32;TCP/IP NetBIOS Helper ;c:\windows\system32\mciseq32.exe [2011-3-25 1409024]
S3 FXDRV;FXDRV;\??\i:\fxdrv.sys --> i:\Fxdrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-12-25 13224]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2004-3-30 118106]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-3-10 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-3-10 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-3-10 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-3-10 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-3-10 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-3-10 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-3-10 109864]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\winfast\wftvfm\wfioctl.sys --> c:\program files\winfast\wftvfm\WFIOCTL.SYS [?]
S4 gupdate1c94aaa4f423baa;Google Update Service (gupdate1c94aaa4f423baa);c:\program files\google\update\GoogleUpdate.exe [2008-11-19 133104]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2011-3-10 90112]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-3-10 155344]
.
=============== Created Last 30 ================
.
2011-03-28 15:10:52 -------- d-----w- c:\program files\Cobian Backup 8
2011-03-28 15:01:03 -------- d-----w- c:\docume~1\gerard\locals~1\applic~1\Safe mirror
2011-03-28 14:59:23 -------- d-----w- c:\program files\Cobian Backup 10
2011-03-28 12:17:00 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c47e4062-7ed4-429b-82ac-7d5f65253f52}\MpKsl45612a48.sys
2011-03-28 12:16:51 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c47e4062-7ed4-429b-82ac-7d5f65253f52}\mpengine.dll
2011-03-28 01:44:28 -------- d-----w- c:\program files\Microsoft
2011-03-28 01:44:27 -------- d-----w- c:\program files\MSN Toolbar
2011-03-28 01:42:21 -------- d-----w- c:\program files\Bing Bar Installer
2011-03-26 18:35:56 -------- d-----w- c:\docume~1\gerard\applic~1\WinPatrol
2011-03-26 17:59:41 388096 ----a-r- c:\docume~1\gerard\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-25 19:37:19 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-25 17:41:41 -------- dc-h--w- c:\windows\ie8
2011-03-25 16:40:32 -------- d-----w- c:\docume~1\gerard\applic~1\PCFix
2011-03-25 13:34:42 203264 ----a-w- c:\windows\system32\kbdycc32.exe
2011-03-25 11:46:40 203776 --sh--w- c:\windows\system32\unrar.exe
2011-03-25 11:46:30 -------- d-sh--w- c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59
2011-03-25 11:46:15 1409024 ----a-w- c:\windows\system32\dplay32.exe
2011-03-25 11:46:11 258048 ----a-w- c:\windows\system32\kbdycl32.dll
2011-03-25 11:46:07 1409024 ----a-w- c:\windows\system32\mciseq32.exe
2011-03-25 11:46:05 408064 ----a-w- c:\windows\system32\atrace32.dll
2011-03-23 01:54:35 -------- d-----w- c:\program files\ilivid
2011-03-20 16:30:45 -------- d-----w- c:\docume~1\gerard\locals~1\applic~1\Sunbelt Software
2011-03-20 16:21:23 -------- d-----w- c:\program files\CleanUp!
2011-03-14 21:20:35 49152 ----a-w- c:\windows\system32\pscVSWIA.dll
2011-03-14 21:20:35 40960 ----a-w- c:\windows\system32\pscND106.exe
2011-03-14 21:20:35 339968 ----a-w- c:\windows\system32\pscUD106.dll
2011-03-14 21:20:34 94208 ----a-w- c:\windows\system32\PSCLU106.dll
2011-03-11 01:47:32 -------- d-----w- c:\docume~1\gerard\locals~1\applic~1\Sony Ericsson
2011-03-11 00:58:51 -------- d-----w- c:\program files\common files\Sony Shared
2011-03-11 00:56:44 -------- d-----w- c:\program files\Sony Media Go Install
2011-03-11 00:32:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2011-03-11 00:16:22 109864 ----a-w- c:\windows\system32\drivers\s1018unic.sys
2011-03-11 00:16:22 10792 ----a-w- c:\windows\system32\drivers\s1018cr.sys
2011-03-11 00:16:21 106208 ----a-w- c:\windows\system32\drivers\s1018mgmt.sys
2011-03-11 00:16:21 104744 ----a-w- c:\windows\system32\drivers\s1018obex.sys
2011-03-11 00:16:20 86824 ----a-w- c:\windows\system32\drivers\s1018bus.sys
2011-03-11 00:16:20 26024 ----a-w- c:\windows\system32\drivers\s1018nd5.sys
2011-03-11 00:16:20 15016 ----a-w- c:\windows\system32\drivers\s1018mdfl.sys
2011-03-11 00:16:20 12200 ----a-w- c:\windows\system32\drivers\s1018whnt.sys
2011-03-11 00:16:20 12200 ----a-w- c:\windows\system32\drivers\s1018wh.sys
2011-03-11 00:16:20 12200 ----a-w- c:\windows\system32\drivers\s1018cmnt.sys
2011-03-11 00:16:20 12200 ----a-w- c:\windows\system32\drivers\s1018cm.sys
2011-03-11 00:16:20 114728 ----a-w- c:\windows\system32\drivers\s1018mdm.sys
2011-02-26 15:48:46 -------- d-----w- c:\docume~1\gerard\locals~1\applic~1\TopoGrafix
.
==================== Find3M ====================
.
2011-03-11 01:07:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-11 01:07:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-11-06 17:26:22 99917048 ----a-w- c:\program files\mediago_setup.exe
.
============= FINISH: 11:46:37.87 ===============

EDIT: Topics merged ~BP

Edited by Budapest, 29 March 2011 - 04:16 PM.
Since a log is posted, I am moving this to the Malware Removal forum ~Elise


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:15 AM

Posted 03 April 2011 - 08:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 zazzer

zazzer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 04 April 2011 - 03:12 PM

Hello and thank you for your reply no apology needed, I could imagine how busy you are, and thanks again.
My computer seems to be running good. I will provide you with the suggested scan log perhaps at your leisure you would take a look-see to make sure?
Yes I have my system cd handy. It’s windows Xp professional version 2002 service pack 3, amd athlon 64 processor 3500+ 2.21 GHz. 2.25GB of ram

The computer was running slowly. Then I had combo fix that did it I think.
But there I’m running office 2000 and when I open outlook I get an error outlook requires outlook express 4.1 or greater to run. Ect. I ok it and can run outlook no problem but it’s annoying.





OTL logfile created on: 4/4/2011 1:11:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Gerard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.28 Gb Total Space | 31.89 Gb Free Space | 44.74% Space Free | Partition Type: NTFS
Drive H: | 70.94 Gb Total Space | 63.40 Gb Free Space | 89.37% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 372.61 Gb Free Space | 80.00% Space Free | Partition Type: NTFS

Computer Name: ACERXP | User Name: Gerard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 12:50:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gerard\Desktop\OTL.exe
PRC - [2011/04/04 07:40:17 | 000,521,216 | -HS- | M] () -- C:\WINDOWS\nvrszhcwow.exe
PRC - [2011/04/01 22:51:30 | 001,077,248 | -HS- | M] () -- C:\WINDOWS\system32\1.tmp
PRC - [2011/03/22 22:07:27 | 001,409,024 | ---- | M] () -- C:\WINDOWS\system32\mciseq32.exe
PRC - [2011/03/22 22:07:27 | 001,409,024 | ---- | M] () -- C:\WINDOWS\system32\dplay32.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/09/29 10:14:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/21 15:01:34 | 008,835,124 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE
PRC - [2002/06/07 17:29:59 | 000,061,490 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
PRC - [2000/08/08 16:00:00 | 000,073,784 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\msworks.exe


========== Modules (SafeList) ==========

MOD - [2011/04/04 12:50:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gerard\Desktop\OTL.exe
MOD - [2008/04/13 20:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/22 22:07:27 | 001,409,024 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\mciseq32.exe -- (LmHosts32)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/26 17:05:24 | 000,155,344 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2007/08/09 17:39:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/04 07:53:01 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B4D700D-29D8-4837-8503-2E1691CA60F7}\MpKsla5e15248.sys -- (MpKsla5e15248)
DRV - [2010/12/25 22:00:24 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/12/25 22:00:13 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/12/25 22:00:13 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/07/15 18:55:43 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/07/27 13:44:46 | 000,302,472 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2007/10/26 19:37:57 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/07/04 09:48:34 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2007/07/04 09:48:32 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2007/06/26 13:15:00 | 000,262,912 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/10/18 11:38:38 | 000,009,728 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cxavxbar.sys -- (CXAVXBAR)
DRV - [2006/10/18 11:37:56 | 000,050,816 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88tune.sys -- (CXTUNE)
DRV - [2006/10/18 11:37:26 | 000,162,944 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880)
DRV - [2006/06/28 17:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 04:09:26 | 004,284,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/01/11 08:25:10 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/12/23 17:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/30 12:29:36 | 000,118,106 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 15 1D 06 AA 16 4A 48 A4 91 75 DE B9 49 8F BA [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 15 1D 06 AA 16 4A 48 A4 91 75 DE B9 49 8F BA [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 15 1D 06 AA 16 4A 48 A4 91 75 DE B9 49 8F BA [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 15 1D 06 AA 16 4A 48 A4 91 75 DE B9 49 8F BA [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 AF EC 50 D0 60 CB 01 [binary data]
IE - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 15 1D 06 AA 16 4A 48 A4 91 75 DE B9 49 8F BA [binary data]
IE - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


[2011/03/25 07:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\wemszjn6.default\extensions
[2011/03/25 07:46:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\wemszjn6.default\extensions\{0be63c06-9662-4fd3-bf54-3928548836b7}
[2008/06/06 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF

O1 HOSTS File: ([2011/03/28 08:12:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nvrszhcwow.exe] C:\WINDOWS\nvrszhcwow.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-1085031214-1580818891-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.google.com/s/v/71.25/uploader2.cab (UploadListView Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301264034359 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.28.0.136 72.28.2.10 72.28.0.33
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/18 18:04:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/08 20:10:38 | 000,000,000 | ---D | M] - K:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/04 12:50:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gerard\Desktop\OTL.exe
[2011/04/01 22:57:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1532074092
[2011/04/01 22:51:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1992583828
[2011/03/31 16:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Musicnotes
[2011/03/29 16:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Desktop\ebay
[2011/03/29 16:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Desktop\dette
[2011/03/29 16:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Desktop\msg pics
[2011/03/29 16:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Desktop\New Folder
[2011/03/29 16:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Desktop\New Folder (3)
[2011/03/29 16:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Desktop\songs
[2011/03/29 16:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Desktop\Sagovia scales
[2011/03/29 16:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Desktop\wedding songs
[2011/03/29 08:15:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/29 08:10:42 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/03/28 20:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/03/28 11:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 8
[2011/03/28 11:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2011/03/28 11:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Local Settings\Application Data\Safe mirror
[2011/03/28 10:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/03/28 08:15:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/28 08:03:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/28 07:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/27 21:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/03/27 21:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/27 13:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/03/27 12:33:59 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/03/26 14:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Application Data\WinPatrol
[2011/03/25 15:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/25 13:41:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/25 12:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Application Data\PCFix
[2011/03/25 07:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2011/03/25 07:46:30 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\1C0334EB05FFA3BA9207D9D2B0890A59
[2011/03/25 07:46:11 | 000,258,048 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\kbdycl32.dll
[2011/03/25 07:46:05 | 000,408,064 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\atrace32.dll
[2011/03/22 21:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\ilivid
[2011/03/20 12:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Local Settings\Application Data\Sunbelt Software
[2011/03/20 12:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Start Menu\Programs\CleanUp!
[2011/03/20 12:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/03/14 17:20:35 | 000,339,968 | ---- | C] (Canon, Inc.) -- C:\WINDOWS\System32\pscUD106.dll
[2011/03/14 17:20:35 | 000,049,152 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\pscVSWIA.dll
[2011/03/14 17:20:35 | 000,040,960 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\pscND106.exe
[2011/03/14 17:20:34 | 000,094,208 | ---- | C] (Canon. Inc) -- C:\WINDOWS\System32\PSCLU106.dll
[2011/03/11 03:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\My Documents\Sony Ericsson
[2011/03/10 21:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gerard\Local Settings\Application Data\Sony Ericsson
[2011/03/10 21:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/10 21:08:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/10 21:08:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/10 21:08:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/10 21:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/03/10 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2011/03/10 20:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Media Go Install
[2011/03/10 20:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony Ericsson
[2011/03/10 20:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2011/03/10 20:16:22 | 000,109,864 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018unic.sys
[2011/03/10 20:16:22 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cr.sys
[2011/03/10 20:16:21 | 000,106,208 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mgmt.sys
[2011/03/10 20:16:21 | 000,104,744 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018obex.sys
[2011/03/10 20:16:20 | 000,114,728 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mdm.sys
[2011/03/10 20:16:20 | 000,086,824 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018bus.sys
[2011/03/10 20:16:20 | 000,026,024 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018nd5.sys
[2011/03/10 20:16:20 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mdfl.sys
[2011/03/10 20:16:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018whnt.sys
[2011/03/10 20:16:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018wh.sys
[2011/03/10 20:16:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cmnt.sys
[2011/03/10 20:16:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cm.sys
[2010/11/06 13:26:22 | 099,917,048 | ---- | C] (Sony Media Software and Services Inc.) -- C:\Program Files\mediago_setup.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/04 13:11:24 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\881620623
[2011/04/04 12:50:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gerard\Desktop\OTL.exe
[2011/04/04 07:46:07 | 000,000,182 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/04 07:45:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/04 07:40:17 | 000,521,216 | -HS- | M] () -- C:\WINDOWS\nvrszhcwow.exe
[2011/04/04 07:40:13 | 000,073,451 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/04 07:40:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/04 07:40:08 | 000,000,144 | -HS- | M] () -- C:\WINDOWS\System32\346447267
[2011/04/04 07:39:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/02 09:39:47 | 001,637,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/01 18:20:23 | 000,219,285 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\griz.jpg
[2011/04/01 18:19:29 | 000,176,289 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\badger.jpg
[2011/03/31 18:36:12 | 000,012,043 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\Lala tablature.rtf
[2011/03/31 16:54:25 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Guitar Guru.lnk
[2011/03/31 16:54:25 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Musicnotes Player.lnk
[2011/03/31 08:44:44 | 000,011,490 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\desprado5.mid
[2011/03/31 08:30:53 | 000,019,083 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\desperado4.mid
[2011/03/31 08:26:43 | 000,033,733 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\desperado3.mid
[2011/03/31 08:23:51 | 000,047,027 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\desperado2.mid
[2011/03/31 08:12:53 | 000,007,514 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\desperado.mid
[2011/03/30 21:22:41 | 000,010,611 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\yesterday.mid
[2011/03/30 20:26:36 | 000,007,551 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\beatlesyesterday.mid
[2011/03/30 19:05:19 | 000,006,860 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\yesterdy.zip
[2011/03/30 19:03:55 | 000,005,355 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\Beatles_-_Yesterday.mid
[2011/03/30 14:27:21 | 000,299,838 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\5.jpg
[2011/03/30 14:26:35 | 000,238,907 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\4.jpg
[2011/03/30 14:26:12 | 000,276,744 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\3.jpg
[2011/03/30 14:25:41 | 000,299,853 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\2.jpg
[2011/03/30 14:25:00 | 000,416,408 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\1.jpg
[2011/03/30 07:22:58 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Gerard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 12:11:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3056713D-027E-4CAF-A429-A27AE193B4E2}.job
[2011/03/28 21:29:42 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/03/28 20:01:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Gerard\Desktop\~$rus on my computer.rtf
[2011/03/28 12:06:13 | 000,000,465 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\virus on my computer.rtf
[2011/03/28 11:42:03 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\dds.scr
[2011/03/28 11:36:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Gerard\defogger_reenable
[2011/03/28 08:12:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/27 21:06:08 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/03/27 20:51:00 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Gerard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/03/27 15:44:20 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Gerard\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/27 12:48:08 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/27 12:48:08 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/27 12:33:38 | 000,012,016 | ---- | M] () -- C:\Documents and Settings\Gerard\My Documents\wpdmtp.PNF
[2011/03/27 09:57:53 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1580818891-839522115-1003Core.job
[2011/03/27 09:57:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cbb741b1230c54.job
[2011/03/27 00:34:01 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\Shortcut to liehap.lnk
[2011/03/26 14:04:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Gerard\Local Settings\Application Data\housecall.guid.cache
[2011/03/26 13:59:41 | 000,002,789 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\HiJackThis.lnk
[2011/03/25 17:19:39 | 000,002,146 | ---- | M] () -- C:\WINDOWS\System32\GnuHashes.ini
[2011/03/25 15:37:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/25 14:53:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/25 14:47:04 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Gerard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/25 09:34:42 | 000,203,264 | ---- | M] () -- C:\WINDOWS\System32\kbdycc32.exe
[2011/03/25 07:46:40 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2011/03/25 07:46:14 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\1045961348
[2011/03/25 07:46:11 | 000,258,048 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\kbdycl32.dll
[2011/03/25 07:46:05 | 000,408,064 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\atrace32.dll
[2011/03/24 17:42:38 | 004,731,392 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\Italie-Caruso.pps
[2011/03/23 12:05:49 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\Shortcut to M-Audio Delta.lnk
[2011/03/22 22:07:27 | 001,409,024 | ---- | M] () -- C:\WINDOWS\System32\mciseq32.exe
[2011/03/22 22:07:27 | 001,409,024 | ---- | M] () -- C:\WINDOWS\System32\dplay32.exe
[2011/03/22 07:10:52 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/03/22 07:10:52 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\89C917
[2011/03/15 23:27:20 | 000,000,321 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\ebay shipping fly tying.rtf
[2011/03/15 20:04:26 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\wild horses.rtf
[2011/03/15 17:22:30 | 004,872,564 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\MOV00001.MP4
[2011/03/14 22:13:21 | 000,104,972 | ---- | M] () -- C:\Documents and Settings\Gerard\Desktop\buck-bug.jpg
[2011/03/13 13:06:09 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 13:06:09 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 13:48:31 | 000,001,853 | ---- | M] () -- C:\Documents and Settings\Gerard\Application Data\Microsoft\Internet Explorer\Quick Launch\Sony Ericsson PC Suite 6.0.lnk
[2011/03/10 21:07:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/10 21:07:55 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/10 21:07:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/10 21:07:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/10 21:07:55 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/10 19:08:53 | 000,144,297 | ---- | M] () -- C:\Documents and Settings\Gerard\My Documents\REnzetti mastery vice parts.pdf
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/04 07:41:28 | 000,521,216 | -HS- | C] () -- C:\WINDOWS\nvrszhcwow.exe
[2011/04/01 18:20:23 | 000,219,285 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\griz.jpg
[2011/04/01 18:19:29 | 000,176,289 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\badger.jpg
[2011/03/31 18:36:12 | 000,012,043 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\Lala tablature.rtf
[2011/03/31 16:54:25 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Guitar Guru.lnk
[2011/03/31 16:54:25 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Musicnotes Player.lnk
[2011/03/31 08:45:11 | 000,011,490 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\desprado5.mid
[2011/03/31 08:31:33 | 000,019,083 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\desperado4.mid
[2011/03/31 08:27:14 | 000,033,733 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\desperado3.mid
[2011/03/31 08:24:22 | 000,047,027 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\desperado2.mid
[2011/03/30 20:56:08 | 000,010,611 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\yesterday.mid
[2011/03/30 20:27:32 | 000,007,551 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\beatlesyesterday.mid
[2011/03/30 20:24:44 | 000,007,514 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\desperado.mid
[2011/03/30 19:05:19 | 000,006,860 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\yesterdy.zip
[2011/03/30 17:58:54 | 000,005,355 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\Beatles_-_Yesterday.mid
[2011/03/30 14:27:21 | 000,299,838 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\5.jpg
[2011/03/30 14:26:34 | 000,238,907 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\4.jpg
[2011/03/30 14:26:11 | 000,276,744 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\3.jpg
[2011/03/30 14:25:41 | 000,299,853 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\2.jpg
[2011/03/30 14:24:59 | 000,416,408 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\1.jpg
[2011/03/29 16:49:25 | 003,537,560 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\thier is love paul stooky.mp3
[2011/03/29 16:49:25 | 001,229,087 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\womens_infidelity_complete.pdf
[2011/03/29 16:49:25 | 000,001,261 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\wild horses.rtf
[2011/03/29 16:49:25 | 000,000,465 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\virus on my computer.rtf
[2011/03/29 16:49:25 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\Shortcut to liehap.lnk
[2011/03/29 16:49:25 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\Shortcut to My eBooks.lnk
[2011/03/29 16:49:25 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\wvia.m3u
[2011/03/29 16:49:25 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\Shortcut to M-Audio Delta.lnk
[2011/03/29 16:49:25 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Gerard\Desktop\~$rus on my computer.rtf
[2011/03/29 16:49:24 | 030,238,720 | ---- | C] () -- C:\Documents and Settings\Gerard\My Documents\Scrap.shs
[2011/03/29 16:49:24 | 004,872,564 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\MOV00001.MP4
[2011/03/29 16:49:24 | 004,731,392 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\Italie-Caruso.pps
[2011/03/29 16:49:24 | 002,120,673 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\Lisak_(1994)_Male_Survivor_Interviews.pdf
[2011/03/29 16:49:24 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\dds.scr
[2011/03/29 16:49:24 | 000,259,369 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\Horse With No Name Chords by America @ Ultimate-Guitar_Com.mht
[2011/03/29 16:49:24 | 000,104,972 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\buck-bug.jpg
[2011/03/29 16:49:24 | 000,068,675 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\11312.pdf
[2011/03/29 16:49:24 | 000,029,936 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\Misc Christmas Guitar Chords for - Happy Christmas Tabs, Chords, Lyrics.mht
[2011/03/29 16:49:24 | 000,003,363 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\ave maria.rtf
[2011/03/29 16:49:24 | 000,002,789 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\HiJackThis.lnk
[2011/03/29 16:49:24 | 000,001,847 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\garlic.rtf
[2011/03/29 16:49:24 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\mgspread.com Secure WebDisk.lnk
[2011/03/29 16:49:24 | 000,000,321 | ---- | C] () -- C:\Documents and Settings\Gerard\Desktop\ebay shipping fly tying.rtf
[2011/03/28 20:51:23 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/28 11:36:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gerard\defogger_reenable
[2011/03/27 21:44:33 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/03/27 21:44:11 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/03/27 21:29:26 | 000,012,016 | ---- | C] () -- C:\Documents and Settings\Gerard\My Documents\wpdmtp.PNF
[2011/03/27 09:31:14 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/27 09:31:14 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/26 14:04:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Gerard\Local Settings\Application Data\housecall.guid.cache
[2011/03/25 15:42:46 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/25 15:37:55 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/25 15:37:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/25 09:34:42 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\kbdycc32.exe
[2011/03/25 08:00:14 | 000,002,146 | ---- | C] () -- C:\WINDOWS\System32\GnuHashes.ini
[2011/03/25 07:46:54 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\881620623
[2011/03/25 07:46:40 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2011/03/25 07:46:40 | 000,000,144 | -HS- | C] () -- C:\WINDOWS\System32\346447267
[2011/03/25 07:46:15 | 001,409,024 | ---- | C] () -- C:\WINDOWS\System32\dplay32.exe
[2011/03/25 07:46:07 | 001,409,024 | ---- | C] () -- C:\WINDOWS\System32\mciseq32.exe
[2011/03/25 07:46:07 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\1045961348
[2011/03/12 13:48:31 | 000,001,853 | ---- | C] () -- C:\Documents and Settings\Gerard\Application Data\Microsoft\Internet Explorer\Quick Launch\Sony Ericsson PC Suite 6.0.lnk
[2011/03/10 19:08:53 | 000,144,297 | ---- | C] () -- C:\Documents and Settings\Gerard\My Documents\REnzetti mastery vice parts.pdf
[2010/10/20 20:44:02 | 000,000,085 | ---- | C] () -- C:\Program Files\Show Desktop.scf
[2010/09/30 14:33:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/30 14:33:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/30 14:33:20 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/30 14:33:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/30 14:33:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/12 08:26:36 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/02/17 22:17:19 | 000,000,062 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2010/02/05 16:22:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010/01/23 13:57:23 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\psCamDat.dll
[2009/07/27 13:44:58 | 000,236,040 | ---- | C] () -- C:\WINDOWS\System32\DeltaIITray.exe
[2009/06/02 22:08:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[2009/03/28 05:18:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/18 00:36:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/01 19:11:59 | 000,006,688 | ---- | C] () -- C:\WINDOWS\movexe.exe
[2008/06/01 21:58:09 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2008/06/01 13:43:42 | 000,117,193 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/06/01 13:43:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/05/17 14:39:48 | 000,000,152 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2008/05/17 07:08:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Dvbpws.dll
[2007/12/05 13:25:44 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/11/13 18:21:54 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/10/25 11:26:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2007/10/25 11:26:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/18 20:54:21 | 000,004,117 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/18 19:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/28 14:56:17 | 000,006,582 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/15 10:01:30 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/14 07:23:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/08/07 13:50:44 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/21 22:28:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/20 21:48:14 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/07/18 22:14:11 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Gerard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/18 21:05:53 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2007/07/18 18:17:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/07/18 18:17:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/18 18:06:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/18 18:04:29 | 000,003,022 | ---- | C] () -- C:\WINDOWS\System32\drivers\PortIo.sys
[2007/07/18 18:04:29 | 000,002,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\SxPciConfig.sys
[2007/07/18 18:04:29 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\SxPortIo.sys
[2007/07/18 18:02:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/18 17:18:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/18 10:48:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/18 10:47:22 | 001,637,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/12 13:19:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/12 13:19:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/12 13:19:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/12 13:19:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/12 13:19:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/12 13:19:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/12 13:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/12 13:19:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/12 13:19:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/12 13:19:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/07/12 13:19:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/11/11 02:16:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2004/11/10 05:42:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2004/11/10 05:42:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2004/11/10 05:42:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2002/03/29 04:44:54 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\LXSMUNIN.EXE
[2002/03/29 04:44:52 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2002/03/09 22:48:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,436,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,068,796 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1F4E0B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 4/4/2011 1:11:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Gerard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.28 Gb Total Space | 31.89 Gb Free Space | 44.74% Space Free | Partition Type: NTFS
Drive H: | 70.94 Gb Total Space | 63.40 Gb Free Space | 89.37% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 372.61 Gb Free Space | 80.00% Space Free | Partition Type: NTFS

Computer Name: ACERXP | User Name: Gerard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1085031214-1580818891-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"44951:TCP" = 44951:TCP:*:Enabled:utorrent port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mciseq32.exe" = C:\WINDOWS\system32\mciseq32.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\ativvaxxwow.exe" = C:\WINDOWS\ativvaxxwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\iashlprwow.exe" = C:\WINDOWS\iashlprwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\gptextwow.exe" = C:\WINDOWS\gptextwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\vbajet32wow.exe" = C:\WINDOWS\vbajet32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\npptoolswow.exe" = C:\WINDOWS\npptoolswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msoert2wow.exe" = C:\WINDOWS\msoert2wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\hpowiax2wow.exe" = C:\WINDOWS\hpowiax2wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ccfgntwow.exe" = C:\WINDOWS\ccfgntwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\esent97wow.exe" = C:\WINDOWS\esent97wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdsgwow.exe" = C:\WINDOWS\kbdsgwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mnmddwow.exe" = C:\WINDOWS\mnmddwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\wiascrwow.exe" = C:\WINDOWS\wiascrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dpcdllwow.exe" = C:\WINDOWS\dpcdllwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\hnetwizwow.exe" = C:\WINDOWS\hnetwizwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ole32wow.exe" = C:\WINDOWS\ole32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\eapphostwow.exe" = C:\WINDOWS\eapphostwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ipsecsvcwow.exe" = C:\WINDOWS\ipsecsvcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\1.tmp" = C:\WINDOWS\system32\1.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\p2pgraphwow.exe" = C:\WINDOWS\p2pgraphwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dot3cfgwow.exe" = C:\WINDOWS\dot3cfgwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dbghelpwow.exe" = C:\WINDOWS\dbghelpwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvrszhcwow.exe" = C:\WINDOWS\nvrszhcwow.exe:*:Enabled:Windows Update Service -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office\FRONTPG.EXE" = C:\Program Files\Microsoft Office\Office\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"H:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe" = H:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\WINDOWS\system32\mciseq32.exe" = C:\WINDOWS\system32\mciseq32.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\mnmddwow.exe" = C:\WINDOWS\mnmddwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\wiascrwow.exe" = C:\WINDOWS\wiascrwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dpcdllwow.exe" = C:\WINDOWS\dpcdllwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\hnetwizwow.exe" = C:\WINDOWS\hnetwizwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ole32wow.exe" = C:\WINDOWS\ole32wow.exe:*:Enabled:Windows Update Service
"C:\Documents and Settings\Gerard\Desktop\VideoToMp3Setup.exe" = C:\Documents and Settings\Gerard\Desktop\VideoToMp3Setup.exe:*:Enabled:InstallCore™
"C:\WINDOWS\eapphostwow.exe" = C:\WINDOWS\eapphostwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ipsecsvcwow.exe" = C:\WINDOWS\ipsecsvcwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\1.tmp" = C:\WINDOWS\system32\1.tmp:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\p2pgraphwow.exe" = C:\WINDOWS\p2pgraphwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dot3cfgwow.exe" = C:\WINDOWS\dot3cfgwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dbghelpwow.exe" = C:\WINDOWS\dbghelpwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\nvrszhcwow.exe" = C:\WINDOWS\nvrszhcwow.exe:*:Enabled:Windows Update Service -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32A3A4F4-B792-11D6-A78A-00B0D0150110}" = J2SE Development Kit 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{391BF2AA-1304-471A-9CBF-084AE32813D6}" = M-Audio Delta Driver 6.0.2 (x86)
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}" = Virtual Sound Canvas DXi
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98BCB68E-274F-11D4-B2FA-00105AA9021A}" = DR Systems Web Ambassador
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}" = WinFast PVR
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.123
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F43C7DE1-CB20-11DD-8D77-005056806466}" = Google Earth Plugin
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"All ATI Software" = ATI - Software Uninstall Utility
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"CleanUp!" = CleanUp!
"CobBackup8" = Cobian Backup 8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DreamStation DXi2" = DreamStation DXi2
"FrostWire" = FrostWire 4.21.3
"Home Studio 2" = Home Studio 2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"mr97310v_d627f051ae9bfa697d2ded113879197412f3f2b1" = Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 03/30/2004 2.0.0.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Papi" = Device drivers for HP Simple Backup
"RealPlayer 12.0" = RealPlayer
"RemoteCapture" = Canon Utilities RemoteCapture 2.1
"Rhapsody" = Rhapsody
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"ST6UNST #1" = ASP Web Wizard 2000
"ST6UNST #2" = ASP Web Wizard 2000 (C:\Program Files\Microsoft Office\Templates\)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2011 7:39:45 AM | Computer Name = ACERXP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/28/2011 8:06:41 AM | Computer Name = ACERXP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 3/28/2011 8:07:12 AM | Computer Name = ACERXP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 3/29/2011 7:01:48 AM | Computer Name = ACERXP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/30/2011 3:14:28 AM | Computer Name = ACERXP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/31/2011 7:41:51 AM | Computer Name = ACERXP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/1/2011 2:51:52 AM | Computer Name = ACERXP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/2/2011 9:38:48 AM | Computer Name = ACERXP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/3/2011 7:43:12 AM | Computer Name = ACERXP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/4/2011 7:39:30 AM | Computer Name = ACERXP | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 4/4/2011 12:58:00 PM | Computer Name = ACERXP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/4/2011 12:58:00 PM | Computer Name = ACERXP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/4/2011 12:58:00 PM | Computer Name = ACERXP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/4/2011 12:58:00 PM | Computer Name = ACERXP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/4/2011 12:58:00 PM | Computer Name = ACERXP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/4/2011 12:58:00 PM | Computer Name = ACERXP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/4/2011 12:58:00 PM | Computer Name = ACERXP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/4/2011 12:58:03 PM | Computer Name = ACERXP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/4/2011 12:58:03 PM | Computer Name = ACERXP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 4/4/2011 12:58:03 PM | Computer Name = ACERXP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:15 AM

Posted 05 April 2011 - 06:03 AM

Hi,

you're definitely still infected. Before we remove the infection, I would like to check for rootkits:
Please download Rootkit Unhooker from one of the following links and save it to your desktop. Link 1 (.exe file) Link 2 (zipped file) Link 3 (.rar file) In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
  • Double-click on RKUnhookerLE.exe to start the program. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 zazzer

zazzer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 05 April 2011 - 10:50 AM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4497408 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 91.36 )
0xB8191000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4448256 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB980E000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3936256 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.36 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9DBD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB58B3000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9668000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5A5E000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB44EB000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB9C83000 C:\WINDOWS\system32\DRIVERS\MAudioDelta.sys 299008 bytes (Avid Technology, Inc., M-Audio Delta PCI driver)
0xBF45C000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9BCF000 C:\WINDOWS\System32\DRIVERS\yk51x86.sys 266240 bytes (Marvell, NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller)
0xB978E000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F59000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB456B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D90000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB3AFB000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB5923000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9C38000 C:\WINDOWS\system32\drivers\cx88vid.sys 163840 bytes (Leadtek Research Inc., CX2388x Video Capture Driver)
0xB9C10000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB5A36000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB5B12000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB9F03000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB5A10000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB816D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9CCC000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9C60000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB59EE000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E99000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F87000 imagesrv.sys 131072 bytes (Ahead Software AG, Nero Image Server)
0xB9F29000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB5871000 C:\WINDOWS\System32\Drivers\dump_nvata.sys 106496 bytes
0xB9D76000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9ED1000 nvata.sys 106496 bytes (NVIDIA Corporation, NVIDIA® nForce™ IDE Performance Driver)
0xB9EEB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EB9000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9E5D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB97CF000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB3EBE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB97E6000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB97FA000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB9E74000 drvmcdb.sys 77824 bytes (VERITAS Software, Inc., Device Driver)
0xB5AB7000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9E4A000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E87000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F48000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB97BE000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9746000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA178000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA168000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA188000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA298000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA258000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1F8000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB40E3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA218000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA148000 C:\WINDOWS\System32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA248000 C:\WINDOWS\system32\drivers\CX88TUNE.sys 53248 bytes (Leadtek Research Inc., CX2388x Tuner Driver)
0xBA198000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1A8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA158000 C:\WINDOWS\system32\drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1C8000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1B8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA208000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA1E8000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA1D8000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2A8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB3A7B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA288000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA488000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3C8000 C:\WINDOWS\System32\Drivers\ULCDRHlp.sys 28672 bytes (Ulead Systems, Inc., ULCDRHlp driver)
0xBA498000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA420000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA418000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3E8000 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B489EF25-0D94-46DA-A608-1AE4532E2550}\MpKsl322bc64f.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0xBA458000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA470000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA468000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA478000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA450000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA408000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA3E0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9D3E000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB4734000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA58C000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB9CF4000 C:\WINDOWS\system32\drivers\cxavxbar.sys 12288 bytes (Leadtek Research Inc., CX2388x AVStream Crossbar Driver)
0xB5AFE000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA598000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9CF8000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5E0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5F0000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5DC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5AE000 imagedrv.sys 8192 bytes (Ahead Software AG, NERO IMAGEDRIVE SCSI miniport)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5D4000 C:\WINDOWS\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0xBA5E4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA664000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5E8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5BA000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5C0000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7E6000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7FB000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7BC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:15 AM

Posted 05 April 2011 - 10:58 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 zazzer

zazzer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 05 April 2011 - 04:11 PM

ComboFix 11-04-04.04 - Gerard 04/05/2011 12:23:02.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2303.1768 [GMT -4:00]
Running from: c:\documents and settings\Gerard\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gerard\Application Data\PCFix
c:\documents and settings\Gerard\Application Data\PCFix\log.dat
c:\documents and settings\Gerard\Application Data\PCFix\unresolvederrors.dat
c:\documents and settings\Gerard\WINDOWS
c:\documents and settings\LocalService\Application Data\02000000b9017c2b1209C.manifest
c:\documents and settings\LocalService\Application Data\02000000b9017c2b1209O.manifest
c:\documents and settings\LocalService\Application Data\02000000b9017c2b1209P.manifest
c:\documents and settings\LocalService\Application Data\02000000b9017c2b1209S.manifest
c:\windows\system32\1.tmp
c:\windows\system32\1532074092
c:\windows\system32\1532074092\frt0.rar
c:\windows\system32\1532074092\frt0.rar.ver
c:\windows\system32\1532074092\frt1.rar
c:\windows\system32\1532074092\frt1.rar.ver
c:\windows\system32\1532074092\frt2.rar
c:\windows\system32\1532074092\frt2.rar.ver
c:\windows\system32\1532074092\frt3.rar
c:\windows\system32\1532074092\frt3.rar.ver
c:\windows\system32\1992583828
c:\windows\system32\1992583828\new.i0
c:\windows\system32\1992583828\new.i0.kwd
c:\windows\system32\1992583828\new.i1
c:\windows\system32\1992583828\new.i1.kwd
c:\windows\system32\1992583828\new.i2
c:\windows\system32\1992583828\new.i2.kwd
c:\windows\system32\1992583828\new.i3
c:\windows\system32\1992583828\new.i3.kwd
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-05 13:15 . 2011-04-05 13:15 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B489EF25-0D94-46DA-A608-1AE4532E2550}\MpKsl322bc64f.sys
2011-04-05 13:15 . 2011-03-23 14:11 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B489EF25-0D94-46DA-A608-1AE4532E2550}\mpengine.dll
2011-04-04 11:41 . 2011-04-04 11:40 521216 --sh--w- c:\windows\nvrszhcwow.exe
2011-03-30 07:25 . 2011-03-23 14:11 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-29 12:10 . 2011-03-29 12:11 -------- d-----w- C:\!KillBox
2011-03-29 00:43 . 2011-03-29 00:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-28 15:10 . 2011-03-28 15:11 -------- d-----w- c:\program files\Cobian Backup 8
2011-03-28 15:01 . 2011-03-28 15:01 -------- d-----w- c:\documents and settings\Gerard\Local Settings\Application Data\Safe mirror
2011-03-28 14:59 . 2011-03-28 15:07 -------- d-----w- c:\program files\Cobian Backup 10
2011-03-28 01:44 . 2011-03-28 17:09 -------- d-----w- c:\program files\Microsoft
2011-03-28 01:44 . 2011-03-29 11:01 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-27 17:54 . 2011-03-27 18:07 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-26 18:35 . 2011-03-26 18:35 -------- d-----w- c:\documents and settings\Gerard\Application Data\WinPatrol
2011-03-26 17:59 . 2011-03-26 17:59 388096 ----a-r- c:\documents and settings\Gerard\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-25 19:37 . 2011-03-25 19:37 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-25 17:41 . 2011-03-25 17:42 -------- dc-h--w- c:\windows\ie8
2011-03-25 13:34 . 2011-03-25 13:34 203264 ----a-w- c:\windows\system32\kbdycc32.exe
2011-03-25 11:46 . 2011-03-25 11:46 203776 --sh--w- c:\windows\system32\unrar.exe
2011-03-25 11:46 . 2011-04-05 16:05 -------- d-sh--w- c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59
2011-03-25 11:46 . 2011-03-23 02:07 1409024 ----a-w- c:\windows\system32\dplay32.exe
2011-03-25 11:46 . 2011-03-25 11:46 258048 ----a-w- c:\windows\system32\kbdycl32.dll
2011-03-25 11:46 . 2011-03-23 02:07 1409024 ----a-w- c:\windows\system32\mciseq32.exe
2011-03-25 11:46 . 2011-03-25 11:46 408064 ----a-w- c:\windows\system32\atrace32.dll
2011-03-23 01:54 . 2011-03-23 01:54 -------- d-----w- c:\program files\ilivid
2011-03-20 16:30 . 2011-03-20 16:30 -------- d-----w- c:\documents and settings\Gerard\Local Settings\Application Data\Sunbelt Software
2011-03-20 16:21 . 2011-03-25 13:28 -------- d-----w- c:\program files\CleanUp!
2011-03-14 21:20 . 2001-08-10 11:46 339968 ----a-w- c:\windows\system32\pscUD106.dll
2011-03-14 21:20 . 2001-08-08 06:39 49152 ----a-w- c:\windows\system32\pscVSWIA.dll
2011-03-14 21:20 . 2000-12-15 09:28 40960 ----a-w- c:\windows\system32\pscND106.exe
2011-03-14 21:20 . 2001-08-03 11:45 94208 ----a-w- c:\windows\system32\PSCLU106.dll
2011-03-11 01:47 . 2011-03-11 01:47 -------- d-----w- c:\documents and settings\Gerard\Local Settings\Application Data\Sony Ericsson
2011-03-11 01:47 . 2011-03-11 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2011-03-11 00:58 . 2011-03-11 00:58 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-03-11 00:56 . 2011-03-11 00:57 -------- d-----w- c:\program files\Sony Media Go Install
2011-03-11 00:32 . 2011-03-11 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2011-03-11 00:16 . 2009-03-25 21:48 109864 ----a-w- c:\windows\system32\drivers\s1018unic.sys
2011-03-11 00:16 . 2009-03-25 21:48 10792 ----a-w- c:\windows\system32\drivers\s1018cr.sys
2011-03-11 00:16 . 2009-03-25 21:48 106208 ----a-w- c:\windows\system32\drivers\s1018mgmt.sys
2011-03-11 00:16 . 2009-03-25 21:48 104744 ----a-w- c:\windows\system32\drivers\s1018obex.sys
2011-03-11 00:16 . 2009-03-25 21:48 86824 ----a-w- c:\windows\system32\drivers\s1018bus.sys
2011-03-11 00:16 . 2009-03-25 21:48 26024 ----a-w- c:\windows\system32\drivers\s1018nd5.sys
2011-03-11 00:16 . 2009-03-25 21:48 15016 ----a-w- c:\windows\system32\drivers\s1018mdfl.sys
2011-03-11 00:16 . 2009-03-25 21:48 12200 ----a-w- c:\windows\system32\drivers\s1018whnt.sys
2011-03-11 00:16 . 2009-03-25 21:48 12200 ----a-w- c:\windows\system32\drivers\s1018wh.sys
2011-03-11 00:16 . 2009-03-25 21:48 12200 ----a-w- c:\windows\system32\drivers\s1018cmnt.sys
2011-03-11 00:16 . 2009-03-25 21:48 12200 ----a-w- c:\windows\system32\drivers\s1018cm.sys
2011-03-11 00:16 . 2009-03-25 21:48 114728 ----a-w- c:\windows\system32\drivers\s1018mdm.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 01:07 . 2010-08-06 22:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-11 01:07 . 2007-07-28 11:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-09 13:53 . 2004-08-04 07:56 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 07:56 186880 ------w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2007-07-18 22:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-07-18 22:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-11-06 17:26 . 2010-11-06 17:26 99917048 ----a-w- c:\program files\mediago_setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-28_12.12.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-29 00:44 . 2011-03-29 00:44 28160 c:\windows\Installer\2d825d8.msi
+ 2010-11-10 16:49 . 2010-11-10 16:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2011-04-05 13:04 . 2011-04-05 13:04 518144 c:\windows\shlwapiwow.exe
+ 2011-03-28 17:20 . 2011-03-28 17:20 988160 c:\windows\Installer\1368ab0.msi
+ 2010-11-10 16:49 . 2010-11-10 16:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2007-07-18 14:47 . 2011-04-02 13:39 1637280 c:\windows\system32\FNTCACHE.DAT
+ 2011-03-29 00:51 . 2011-03-29 00:51 2283008 c:\windows\Installer\2d829a1.msi
+ 2010-11-10 16:49 . 2010-11-10 16:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\2d829a2.msp
+ 2010-11-10 16:49 . 2010-11-10 16:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-29 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"nvrszhcwow.exe"="c:\windows\nvrszhcwow.exe" [2011-04-04 521216]
"shlwapiwow.exe"="c:\windows\shlwapiwow.exe" [2011-04-05 518144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gerard^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Gerard\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-09 23:05 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 14:43 69632 -c--a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltaIITaskbarApp]
2009-07-27 17:44 236040 ----a-w- c:\windows\system32\DeltaIITray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-01 10:12 136176 ----atw- c:\documents and settings\Gerard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2009-07-27 17:44 236040 ----a-w- c:\windows\system32\DeltaIITray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 21:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-07-12 17:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-01-24 16:42 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-29 14:14 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2007-08-08 11:30 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2005-03-02 17:21 278528 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-12-21 17:34 90112 -c--a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SSDPSRV"=3 (0x3)
"Schedule"=2 (0x2)
"RasAuto"=3 (0x3)
"NBService"=3 (0x3)
"MSDTC"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"iPod Service"=3 (0x3)
"IJPLMSVC"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ERSvc"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"NMIndexingService"=3 (0x3)
"gupdate1c94aaa4f423baa"=2 (0x2)
"gusvc"=2 (0x2)
"idsvc"=3 (0x3)
"OMSI download service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\FRONTPG.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\mciseq32.exe"=
"c:\\WINDOWS\\shlwapiwow.exe"=
"c:\\WINDOWS\\nvrszhcwow.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44951:TCP"= 44951:TCP:utorrent port
.
R1 MpKsl322bc64f;MpKsl322bc64f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B489EF25-0D94-46DA-A608-1AE4532E2550}\MpKsl322bc64f.sys [4/5/2011 9:15 AM 28752]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [10/14/2010 3:13 PM 302472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12/25/2010 10:00 PM 27632]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S1 MpKsl49a62867;MpKsl49a62867;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8202B91-680B-471A-85D9-B2D73F11D650}\MpKsl49a62867.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8202B91-680B-471A-85D9-B2D73F11D650}\MpKsl49a62867.sys [?]
S2 LmHosts32;TCP/IP NetBIOS Helper ;c:\windows\system32\mciseq32.exe [3/25/2011 7:46 AM 1409024]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 FXDRV;FXDRV;\??\i:\fxdrv.sys --> i:\Fxdrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/25/2010 10:00 PM 13224]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 12:29 PM 118106]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [3/10/2011 8:16 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [3/10/2011 8:16 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [3/10/2011 8:16 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [3/10/2011 8:16 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [3/10/2011 8:16 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [3/10/2011 8:16 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [3/10/2011 8:16 PM 109864]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S4 gupdate1c94aaa4f423baa;Google Update Service (gupdate1c94aaa4f423baa);c:\program files\Google\Update\GoogleUpdate.exe [11/19/2008 8:52 PM 133104]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [3/10/2011 9:46 PM 90112]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [3/10/2011 8:32 PM 155344]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/15/2010 6:55 PM 691696]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL322BC64F
*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cbb741b1230c54.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-20 01:03]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1580818891-839522115-1003Core.job
- c:\documents and settings\Gerard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-01 10:12]
.
2011-04-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
2011-03-29 c:\windows\Tasks\User_Feed_Synchronization-{3056713D-027E-4CAF-A429-A27AE193B4E2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-05 12:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1580818891-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-05 12:30:08
ComboFix-quarantined-files.txt 2011-04-05 16:29
ComboFix2.txt 2011-03-28 12:15
ComboFix3.txt 2010-09-30 18:48
.
Pre-Run: 35,622,428,672 bytes free
Post-Run: 35,647,229,952 bytes free
.
- - End Of File - - 1E96283486471808FF7F47A7DC7B4DEA

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:15 AM

Posted 05 April 2011 - 04:26 PM

Hi,

please run the follwoing script next:

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic387653.html
driver::
LmHosts32
FXDRV
collect::
c:\windows\nvrszhcwow.exe
c:\windows\system32\kbdycc32.exe
c:\windows\shlwapiwow.exe
c:\windows\system32\mciseq32.exe 
c:\windows\system32\dplay32.exe
c:\windows\system32\kbdycl32.dll
c:\windows\system32\mciseq32.exe
c:\windows\system32\atrace32.dll
folder::
c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 zazzer

zazzer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 05 April 2011 - 05:32 PM

ComboFix 11-04-05.01 - Gerard 04/05/2011 18:16:06.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2303.1750 [GMT -4:00]
Running from: c:\documents and settings\Gerard\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gerard\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
file zipped: c:\windows\nvrszhcwow.exe
file zipped: c:\windows\shlwapiwow.exe
file zipped: c:\windows\system32\atrace32.dll
file zipped: c:\windows\system32\dplay32.exe
file zipped: c:\windows\system32\kbdycc32.exe
file zipped: c:\windows\system32\kbdycl32.dll
file zipped: c:\windows\system32\mciseq32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\nvrszhcwow.exe
c:\windows\shlwapiwow.exe
c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59
c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59\b\bint1
c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59\b\version
c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59\bin
c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59\D.tmp
c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59\E.tmp
c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59\lock
c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59\ntuser.dat
c:\windows\system32\1C0334EB05FFA3BA9207D9D2B0890A59\unrar.exe
c:\windows\system32\atrace32.dll
c:\windows\system32\dplay32.exe
c:\windows\system32\kbdycc32.exe
c:\windows\system32\kbdycl32.dll
c:\windows\system32\mciseq32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FXDRV
-------\Legacy_LMHOSTS32
-------\Service_FXDRV
-------\Service_LmHosts32
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-05 22:21 . 2011-04-05 22:21 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-04-05 22:21 . 2011-04-05 22:21 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-04-05 22:21 . 2011-04-05 22:21 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-04-05 22:21 . 2011-04-05 22:21 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-04-05 22:21 . 2011-04-05 22:21 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-04-05 21:13 . 2011-03-23 14:11 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F94D04-9915-4DE7-B385-7752571BAB54}\mpengine.dll
2011-03-30 07:25 . 2011-03-23 14:11 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-29 12:10 . 2011-03-29 12:11 -------- d-----w- C:\!KillBox
2011-03-29 00:43 . 2011-03-29 00:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-28 15:10 . 2011-03-28 15:11 -------- d-----w- c:\program files\Cobian Backup 8
2011-03-28 15:01 . 2011-03-28 15:01 -------- d-----w- c:\documents and settings\Gerard\Local Settings\Application Data\Safe mirror
2011-03-28 14:59 . 2011-03-28 15:07 -------- d-----w- c:\program files\Cobian Backup 10
2011-03-28 01:44 . 2011-03-28 17:09 -------- d-----w- c:\program files\Microsoft
2011-03-28 01:44 . 2011-03-29 11:01 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-27 17:54 . 2011-03-27 18:07 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-26 18:35 . 2011-03-26 18:35 -------- d-----w- c:\documents and settings\Gerard\Application Data\WinPatrol
2011-03-26 17:59 . 2011-03-26 17:59 388096 ----a-r- c:\documents and settings\Gerard\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-25 19:37 . 2011-03-25 19:37 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-25 17:41 . 2011-03-25 17:42 -------- dc-h--w- c:\windows\ie8
2011-03-25 11:46 . 2011-03-25 11:46 203776 --sh--w- c:\windows\system32\unrar.exe
2011-03-23 01:54 . 2011-03-23 01:54 -------- d-----w- c:\program files\ilivid
2011-03-20 16:30 . 2011-03-20 16:30 -------- d-----w- c:\documents and settings\Gerard\Local Settings\Application Data\Sunbelt Software
2011-03-20 16:21 . 2011-03-25 13:28 -------- d-----w- c:\program files\CleanUp!
2011-03-14 21:20 . 2001-08-10 11:46 339968 ----a-w- c:\windows\system32\pscUD106.dll
2011-03-14 21:20 . 2001-08-08 06:39 49152 ----a-w- c:\windows\system32\pscVSWIA.dll
2011-03-14 21:20 . 2000-12-15 09:28 40960 ----a-w- c:\windows\system32\pscND106.exe
2011-03-14 21:20 . 2001-08-03 11:45 94208 ----a-w- c:\windows\system32\PSCLU106.dll
2011-03-11 01:47 . 2011-03-11 01:47 -------- d-----w- c:\documents and settings\Gerard\Local Settings\Application Data\Sony Ericsson
2011-03-11 01:47 . 2011-03-11 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2011-03-11 00:58 . 2011-03-11 00:58 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-03-11 00:56 . 2011-03-11 00:57 -------- d-----w- c:\program files\Sony Media Go Install
2011-03-11 00:32 . 2011-03-11 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2011-03-11 00:16 . 2009-03-25 21:48 109864 ----a-w- c:\windows\system32\drivers\s1018unic.sys
2011-03-11 00:16 . 2009-03-25 21:48 10792 ----a-w- c:\windows\system32\drivers\s1018cr.sys
2011-03-11 00:16 . 2009-03-25 21:48 106208 ----a-w- c:\windows\system32\drivers\s1018mgmt.sys
2011-03-11 00:16 . 2009-03-25 21:48 104744 ----a-w- c:\windows\system32\drivers\s1018obex.sys
2011-03-11 00:16 . 2009-03-25 21:48 86824 ----a-w- c:\windows\system32\drivers\s1018bus.sys
2011-03-11 00:16 . 2009-03-25 21:48 26024 ----a-w- c:\windows\system32\drivers\s1018nd5.sys
2011-03-11 00:16 . 2009-03-25 21:48 15016 ----a-w- c:\windows\system32\drivers\s1018mdfl.sys
2011-03-11 00:16 . 2009-03-25 21:48 12200 ----a-w- c:\windows\system32\drivers\s1018whnt.sys
2011-03-11 00:16 . 2009-03-25 21:48 12200 ----a-w- c:\windows\system32\drivers\s1018wh.sys
2011-03-11 00:16 . 2009-03-25 21:48 12200 ----a-w- c:\windows\system32\drivers\s1018cmnt.sys
2011-03-11 00:16 . 2009-03-25 21:48 12200 ----a-w- c:\windows\system32\drivers\s1018cm.sys
2011-03-11 00:16 . 2009-03-25 21:48 114728 ----a-w- c:\windows\system32\drivers\s1018mdm.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 01:07 . 2010-08-06 22:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-11 01:07 . 2007-07-28 11:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-09 13:53 . 2004-08-04 07:56 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 07:56 186880 ------w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2007-07-18 22:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-07-18 22:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-11-06 17:26 . 2010-11-06 17:26 99917048 ----a-w- c:\program files\mediago_setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-29 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gerard^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Gerard\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-09 23:05 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 14:43 69632 -c--a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltaIITaskbarApp]
2009-07-27 17:44 236040 ----a-w- c:\windows\system32\DeltaIITray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-01 10:12 136176 ----atw- c:\documents and settings\Gerard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2009-07-27 17:44 236040 ----a-w- c:\windows\system32\DeltaIITray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 21:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-07-12 17:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-01-24 16:42 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-29 14:14 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2007-08-08 11:30 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2005-03-02 17:21 278528 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-12-21 17:34 90112 -c--a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SSDPSRV"=3 (0x3)
"Schedule"=2 (0x2)
"RasAuto"=3 (0x3)
"NBService"=3 (0x3)
"MSDTC"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"iPod Service"=3 (0x3)
"IJPLMSVC"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ERSvc"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"NMIndexingService"=3 (0x3)
"gupdate1c94aaa4f423baa"=2 (0x2)
"gusvc"=2 (0x2)
"idsvc"=3 (0x3)
"OMSI download service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\FRONTPG.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44951:TCP"= 44951:TCP:utorrent port
.
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [10/14/2010 3:13 PM 302472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12/25/2010 10:00 PM 27632]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S1 MpKsl49a62867;MpKsl49a62867;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8202B91-680B-471A-85D9-B2D73F11D650}\MpKsl49a62867.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8202B91-680B-471A-85D9-B2D73F11D650}\MpKsl49a62867.sys [?]
S1 MpKslf4241757;MpKslf4241757;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F94D04-9915-4DE7-B385-7752571BAB54}\MpKslf4241757.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F94D04-9915-4DE7-B385-7752571BAB54}\MpKslf4241757.sys [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/25/2010 10:00 PM 13224]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 12:29 PM 118106]
S3 Normandy;Normandy SR2; [x]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [3/10/2011 8:16 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [3/10/2011 8:16 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [3/10/2011 8:16 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [3/10/2011 8:16 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [3/10/2011 8:16 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [3/10/2011 8:16 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [3/10/2011 8:16 PM 109864]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S4 gupdate1c94aaa4f423baa;Google Update Service (gupdate1c94aaa4f423baa);c:\program files\Google\Update\GoogleUpdate.exe [11/19/2008 8:52 PM 133104]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [3/10/2011 9:46 PM 90112]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [3/10/2011 8:32 PM 155344]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/15/2010 6:55 PM 691696]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cbb741b1230c54.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-20 01:03]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1580818891-839522115-1003Core.job
- c:\documents and settings\Gerard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-01 10:12]
.
2011-04-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
2011-03-29 c:\windows\Tasks\User_Feed_Synchronization-{3056713D-027E-4CAF-A429-A27AE193B4E2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nvrszhcwow.exe - c:\windows\nvrszhcwow.exe
HKLM-Run-shlwapiwow.exe - c:\windows\shlwapiwow.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-05 18:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1580818891-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2011-04-05 18:27:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-05 22:27
ComboFix2.txt 2011-04-05 16:30
ComboFix3.txt 2011-03-28 12:15
ComboFix4.txt 2010-09-30 18:48
.
Pre-Run: 35,651,162,112 bytes free
Post-Run: 35,590,795,264 bytes free
.
- - End Of File - - 821F695D0D3D5C5499C4AB376721BF8D
Upload was successful

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:15 AM

Posted 05 April 2011 - 05:46 PM

Hi,

this is looking much better. How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 zazzer

zazzer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 05 April 2011 - 06:03 PM

It's seems to be running much better. the error message from outlook has disapeared. come back, and disapearded again after running combofix the second tme.
i'm greatfull for your help.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:15 AM

Posted 05 April 2011 - 06:25 PM

Hi,

happy to hear. :)

Could you please run a scan with Eset to check for leftovers:
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 zazzer

zazzer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 06 April 2011 - 04:00 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=9e41451e86b96a41b1c2823d15a4af17
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-06 04:15:37
# local_time=2011-04-06 12:15:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 28111440 28111440 0 0
# compatibility_mode=768 16777215 100 0 27192391 27192391 0 0
# compatibility_mode=1024 16777215 100 0 11779571 11779571 0 0
# compatibility_mode=5891 16776869 42 87 0 13159238 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=247006
# found=75
# cleaned=0
# scan_time=12566
C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\wemszjn6.default\extensions\{0be63c06-9662-4fd3-bf54-3928548836b7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Gerard\Application Data\Sun\Java\Deployment\cache\6.0\1\27e8c01-13f86c26 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Gerard\My Documents\FrostWire\Saved\setup\setup.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\[4]-Submit_2011-04-05_18.15.53.zip a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\ccfgntwow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\esent97wow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\gptextwow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\hpowiax2wow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\kbdsgwow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\msoert2wow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\npptoolswow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\vbajet32wow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\1.tmp.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\1992583828\new.i1.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\1992583828\new.i3.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\1C0334EB05FFA3BA9207D9D2B0890A59\b\bint1.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu514611113v1.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu514611113v3.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\_u514611113v3.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP299\A0105647.exe probably a variant of Win32/Adware.PCFixCleaner application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP308\A0106793.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110660.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110661.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110662.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110663.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110664.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110665.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110666.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110675.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP330\A0111467.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP330\A0111468.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP331\A0111494.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP331\A0111497.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP331\A0111559.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP332\A0111621.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP332\A0111622.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP332\A0111623.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP334\A0111936.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP334\A0111937.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP334\A0111940.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP334\A0111941.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP334\A0111943.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\wemszjn6.default\extensions\{0be63c06-9662-4fd3-bf54-3928548836b7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Documents and Settings\Gerard\Application Data\Sun\Java\Deployment\cache\6.0\1\27e8c01-13f86c26 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\ccfgntwow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\esent97wow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\gptextwow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\hpowiax2wow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\kbdsgwow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\msoert2wow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\npptoolswow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\vbajet32wow.exe.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\system32\1.tmp.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu514611113v1.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu514611113v3.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\_u514611113v3.vir a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP299\A0105647.exe probably a variant of Win32/Adware.PCFixCleaner application (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP308\A0106793.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110660.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110661.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110662.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110663.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110664.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110665.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110666.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\System Volume Information\_restore{603643C8-DE3D-4C93-AD37-67721F17E663}\RP327\A0110675.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\WINDOWS\system32\dplay32.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\WINDOWS\system32\kbdycc32.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\WINDOWS\system32\mciseq32.exe a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\C 2011-03-28 11;16;45\WINDOWS\system32\1C0334EB05FFA3BA9207D9D2B0890A59\b\bint1 a variant of Win32/Kryptik.MGV trojan (unable to clean) 00000000000000000000000000000000 I
K:\dcuments\My Docs c\Documents\virus tools\SmitfraudFix.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
K:\dcuments\My Docs c\Documents\virus tools\smitRem.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
K:\dcuments\My Docs c\Documents\virus tools\SmitfraudFix\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
K:\dcuments\My Docs c\Documents\virus tools\smitRem\Process.#xe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
K:\dcuments\My Docs c\Documents\virus tools\smitRem\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:15 AM

Posted 06 April 2011 - 06:22 AM

Hi,

did you recently uninstall Firefox? Or is it still installed?

There is some malware left that previous logs didn't show. We will target that next. How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 zazzer

zazzer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 06 April 2011 - 08:55 AM

Good morning,
I can’t remember ever using firebox or installing it. Maybe on my previous pc, files of which has been transferred to this one. I can hardly recall may be as the morning progresses I will.
The pc is running all right but the error message when I open office outlook is back, outlook needs outlook express to run ECT. I ok it and can run outlook without a hitch but it’s there. I have outlook express installed and use it, somewhat slow to download email and sometimes doesn’t upload or lately hasn’t uploaded any outgoing mail.
Also I’m running my book through USB port but probably you can see this.
I see where the last scan had detected something on that drive

G




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users