Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDL4 root kit with occasional BSOD


  • This topic is locked This topic is locked
15 replies to this topic

#1 aidswolf

aidswolf

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:11:24 AM

Posted 19 April 2011 - 12:59 AM

Hello, I'm new to the are and I bring you my computer problems.

Recently I acquired one of those sneaky rogue anti-spyware programs that went by the name of XP Total Security. At the time I didn't know about this website because if I did I'm sure my woes would be a lot less than they currently are. Let me start with what is currently happening on my computer. NOD32 will pop up a message from time to time telling me that it's blocked a suspicious URL (I attached screens of the alert). There are three different alerts that I have noticed and they occur anytime my computer is on I haven't noticed a pattern. So I decided to take action and follow the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" before I do any more harm to my computer than I've likely already done. I also checked my process viewer and noticed a program called Athentium which I had no part in installing or downloaded but it appears to be there. I don't think it was before but it is now.

I've run the defogger to disable virtual drives and rebooted afterward. Followed by dds.scr therefore attaching the proper file and pasting my dds log. I've run into a problem when running the GMER scan though. Twice I've BSOD and once the computer just hung/idled.

I wrote down the two BSOD instances

The First
BAD_POOL_HEADER
Technical Information
Stop: 0x00000019 (0x00000020, 0x019031081, 0x01903908, 0x0B000010)
Beginning dump of physical memory
Physical memory dump complete please contact System administrator or Tech support group.

Second BSOD
DRIVER_IRQL_NOT_LESS_OR_EQUAL
Disable new hardware or software. Disable bios menu option such as caching or shadowing.
Technical info
Stop: 0x00000001 (0x00000024, 0x00000002, 0x00000000, 0xB7ECFD8F)
SCSIport.sys - address B7ECFD8F Base at B7ECE000 datestamp 4802539d
Beginning dump of physical memory
Physical memory dump complete
Please contact...

I haven't made any attempts to disable or uninstall anything new as there hasn't been anything new added other than a micro version of CS5 and definitely no new hardware.

Unfortunately I can not attach the ark.txt file because each time I try to run the scan my computer will either lock up or BSOD. I wanted to post this before I make another attempt at it, perhaps I should just wait on a go ahead from someone here.

I hope I have provided enough information, I will follow whatever requests are made to provide more information as needed.

Thank you so much in advance, I appreciate the help as I'm feeling really discouraged right now. Worst case I hope I am looking at a wipe/re-install of windows and not hardware failure.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by James at 21:10:31.09 on 18/04/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3583.2584 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
E:\GAMES\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Documents and Settings\James\Desktop\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\James\Desktop\BLEEPING COMPUTERS\programs\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Steam] "e:\games\steam.exe" -silent
uRun: [EPSON NX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifca.exe /fu "c:\windows\temp\E_S8B.tmp" /EF "HKCU"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\james\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\james\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053v3011\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\belkin~1.lnk - c:\program files\belkin\f5d8053\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244515492765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244515282718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\WINDOW
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\james\applic~1\mozilla\firefox\profiles\1p95vmf9.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: XULRunner: {C6C33238-F3F2-4954-A5F8-37ACB74D02DB} - c:\documents and settings\james\local settings\application data\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB}
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-4-9 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-6-7 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-6-7 234888]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-4-9 731840]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-6-7 1057024]
S0 yjrmjhc;yjrmjhc; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca04f1b7b7a218;Google Update Service (gupdate1ca04f1b7b7a218);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 cpuz132;cpuz132;\??\c:\docume~1\james\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\james\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-10-29 644096]
S3 vproiah;vproiah;c:\windows\system32\drivers\vproiah.sys --> c:\windows\system32\drivers\vproiah.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-19 02:59:24 -------- d-----w- C:\Program Files (x86)
2011-04-19 02:58:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-04-18 00:05:35 -------- d-----w- c:\program files\Xirrus
2011-04-18 00:02:39 -------- d-----w- c:\docume~1\james\locals~1\applic~1\Downloaded Installations
2011-04-17 23:40:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-16 17:49:46 54016 ----a-w- c:\windows\system32\drivers\smjso.sys
2011-04-15 20:09:26 -------- d-----w- c:\docume~1\james\applic~1\SUPERAntiSpyware.com
2011-04-15 20:05:56 -------- d-----w- c:\docume~1\james\applic~1\QuickScan
2011-04-15 03:58:21 54016 ----a-w- c:\windows\system32\drivers\vqpfaqi.sys
2011-04-14 22:35:13 -------- d-----w- c:\docume~1\james\locals~1\applic~1\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB}
2011-04-12 20:49:43 -------- d-----w- c:\docume~1\james\locals~1\applic~1\The Lord of the Rings Online
2011-04-12 04:42:42 -------- d-----w- c:\docume~1\james\locals~1\applic~1\Chromium
2011-04-08 23:11:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nexon
2011-04-08 23:00:38 -------- d-----w- c:\program files\BandiMPEG1
2011-04-07 09:02:31 3904976 ----a-w- c:\windows\system32\GameMon.des
2011-04-07 09:01:50 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-04-07 09:01:50 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-04-07 09:01:38 -------- d-----w- c:\program files\common files\INCA Shared
2011-04-07 06:06:03 -------- d-----w- c:\program files\CCleaner
2011-04-07 04:36:22 -------- d-----w- c:\docume~1\james\locals~1\applic~1\Help
2011-04-05 02:29:13 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-04-05 02:29:13 -------- d-----w- c:\program files\MagicDisc
2011-04-05 00:59:41 -------- d-----w- c:\program files\common files\DirectX
2011-04-04 21:56:45 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-03-30 03:53:40 -------- d-----w- c:\docume~1\james\applic~1\DarksporeData
2011-03-23 04:16:40 -------- d-----w- c:\docume~1\james\applic~1\AtomZombieData
2011-03-23 01:22:49 -------- d-----w- c:\docume~1\james\applic~1\AtomZombieDemoData
2011-03-20 07:14:50 -------- d-----w- c:\docume~1\james\locals~1\applic~1\ArmA 2 OA DEMO
.
==================== Find3M ====================
.
2011-03-10 03:41:50 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-08 06:34:32 138056 ----a-w- c:\docume~1\james\applic~1\PnkBstrK.sys
2011-03-06 20:32:42 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST350041 rev.CC34 -> Harddisk1\DR1 -> \Device\Scsi\nvgts1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B3B9439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b3bf7d0]; MOV EAX, [0x8b3bf84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk1\DR1[0x8B3ECAB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000073[0x8B396920]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B396A38]
\Driver\nvgts[0x8B3CA2C8] -> IRP_MJ_CREATE -> 0x8B3B9439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\nvgts1Port2Path0Target0Lun0 -> \??\SCSI#Disk&Ven_ST350041&Prod_8AS&Rev_CC34#4&3223cd61&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 976773166 (+7): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:11:17.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:24 PM

Posted 27 April 2011 - 02:47 PM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 aidswolf

aidswolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:11:24 AM

Posted 27 April 2011 - 09:21 PM

Hello, Shannon, and thank you so much for your assistance. I understand this is volunteer and you folks are real busy so the time delay is no problem. I'm glad to be receiving professional assistance.

Here are the two logs as requested. I had no problem running OTL, I disconnected from the internet and then shut down Anti-virus software which is back in place now.

OTL logfile created on: 27/04/2011 7:09:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\James\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 46.18 Gb Free Space | 23.65% Space Free | Partition Type: NTFS
Drive E: | 270.44 Gb Total Space | 83.40 Gb Free Space | 30.84% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 22.47 Gb Free Space | 9.65% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 965.05 Gb Free Space | 51.80% Space Free | Partition Type: NTFS
Drive M: | 6.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-479C50C504 | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/27 16:54:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
PRC - [2011/03/24 19:25:42 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/07 20:05:33 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\GAMES\steam.exe
PRC - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/04/09 15:19:08 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/04/09 15:17:56 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/11/22 08:12:34 | 001,333,016 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/27 16:54:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (PnkBstrB)
SRV - File not found [Auto | Stopped] -- -- (PnkBstrA)
SRV - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/03 14:39:25 | 003,904,976 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/16 16:34:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/09 15:29:20 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/04/09 15:19:08 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/22 08:12:34 | 001,333,016 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/04/25 16:06:47 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/02/13 19:30:36 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/02/13 19:30:36 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/08 07:49:44 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/09 15:21:12 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/04/09 15:18:02 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/04/09 15:10:30 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/15 19:25:52 | 001,057,024 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/08/18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/01 12:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 12:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/02/13 23:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {C6C33238-F3F2-4954-A5F8-37ACB74D02DB}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\extensions\\{D8E7DC08-456F-47A1-9A5C-ED27F2BF0AA7}: C:\Documents and Settings\James\Local Settings\Application Data\{D8E7DC08-456F-47A1-9A5C-ED27F2BF0AA7} [2010/06/06 10:29:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{339CB73D-E0F1-4F4D-A2A9-57A9A1FE60D5}: C:\Documents and Settings\James\Local Settings\Application Data\{339CB73D-E0F1-4F4D-A2A9-57A9A1FE60D5}\ [2010/07/22 10:42:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2583E0B7-D1FA-43C1-9D18-8BC53D68F3DE}: C:\Documents and Settings\James\Local Settings\Application Data\{2583E0B7-D1FA-43C1-9D18-8BC53D68F3DE}\ [2010/07/22 11:41:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{86AE0728-89A8-4AC4-A688-95CF15137311}: C:\Documents and Settings\James\Local Settings\Application Data\{86AE0728-89A8-4AC4-A688-95CF15137311}\ [2010/07/22 11:52:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB}: C:\Documents and Settings\James\Local Settings\Application Data\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB} [2011/04/14 15:35:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/25 13:39:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/25 13:42:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/04/06 19:40:06 | 000,000,000 | ---D | M]

[2009/06/07 16:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2011/04/26 14:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\1p95vmf9.default\extensions
[2010/05/20 08:58:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\1p95vmf9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/26 14:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 17:41:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/23 18:51:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/25 14:15:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/25 13:30:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/14 15:35:13 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\JAMES\LOCAL SETTINGS\APPLICATION DATA\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB}
[2011/04/25 13:29:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/06 11:51:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/06 11:51:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/06 11:51:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/06 11:51:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - File not found
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003..\Run: [EPSON NX410 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003..\Run: [Steam] E:\GAMES\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED [2010/07/22 11:20:30 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\James\Start Menu\Programs\Startup\AutorunsDisabled [2011/04/25 15:10:26 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244515492765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244515282718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/08 05:48:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/27 10:30:33 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2010/07/27 10:04:28 | 000,000,090 | ---- | M] () - G:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2011/01/16 13:45:10 | 000,323,424 | R--- | M] (People Can Fly) - M:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/11/22 14:36:30 | 000,000,055 | R--- | M] () - M:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/01/30 18:57:37 | 000,367,686 | R--- | M] () - M:\autorun.ico -- [ CDFS ]
O33 - MountPoints2\{88850b8f-53ed-11de-bf43-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{88850b8f-53ed-11de-bf43-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88850b8f-53ed-11de-bf43-806d6172696f}\Shell\AutoRun\command - "" = D:\Bin\assetup.exe
O33 - MountPoints2\{92e26f95-c9c3-11de-80f2-001cdf9168eb}\Shell\AutoRun\command - "" = Autorun.exe /run
O33 - MountPoints2\{92e26f95-c9c3-11de-80f2-001cdf9168eb}\Shell\Shell00\Command - "" = Autorun.exe /run
O33 - MountPoints2\{92e26f95-c9c3-11de-80f2-001cdf9168eb}\Shell\Shell01\Command - "" = Autorun.exe /action
O33 - MountPoints2\{92e26f95-c9c3-11de-80f2-001cdf9168eb}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/27 16:54:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/04/27 16:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/04/27 16:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/04/25 15:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/04/25 15:10:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\James\Start Menu\Programs\Startup\AutorunsDisabled
[2011/04/25 14:18:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011/04/25 13:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/04/25 13:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/04/25 13:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/25 13:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/25 13:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/25 13:30:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/25 13:30:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/25 13:30:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/25 13:30:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/25 13:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\Secunia PSI
[2011/04/25 13:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/04/25 01:24:32 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/04/23 22:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/23 22:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/23 22:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/23 22:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/23 17:49:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\James\Recent
[2011/04/22 17:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/22 17:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/04/22 17:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/20 12:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\Zombie Shooter 2 Saves
[2011/04/18 20:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop
[2011/04/18 19:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2011/04/18 19:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/18 15:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\BLEEPING COMPUTERS
[2011/04/17 17:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xirrus
[2011/04/17 17:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2011/04/17 17:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\Downloaded Installations
[2011/04/17 16:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 03:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/16 03:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/15 14:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\recovery bleep
[2011/04/15 13:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\SUPERAntiSpyware.com
[2011/04/15 13:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\QuickScan
[2011/04/14 15:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB}
[2011/04/12 13:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\The Lord of the Rings Online
[2011/04/12 13:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\The Lord of the Rings Online
[2011/04/12 02:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbine
[2011/04/11 21:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\Chromium
[2011/04/08 16:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/04/08 16:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\Vindictus
[2011/04/08 16:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2011/04/07 11:23:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\James\My Documents\Runes of Magic
[2011/04/07 02:02:31 | 003,904,976 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2011/04/07 02:01:50 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2011/04/07 02:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/04/06 23:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Start Menu\Programs\CCleaner
[2011/04/06 23:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/06 21:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\Help
[2011/04/06 21:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\Help
[2011/04/06 21:26:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/06 20:00:27 | 003,404,136 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\James\Desktop\procexp.exe
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/04 19:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Start Menu\Programs\MagicDisc
[2011/04/04 19:29:13 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2011/04/04 19:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2011/04/04 17:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2011/04/04 17:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\Overlord
[2011/03/29 20:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\Darkspore
[2011/03/29 20:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\DarksporeData
[2009/10/03 19:33:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\James\Application Data\pcouffin.sys
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\James\Desktop\*.tmp files -> C:\Documents and Settings\James\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/27 19:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 17:05:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 17:05:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/27 17:04:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/27 17:04:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/27 16:54:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/04/27 16:51:18 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/04/27 16:51:18 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/04/27 14:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/25 16:06:47 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/25 16:04:37 | 000,002,268 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/04/25 16:01:29 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/25 14:43:02 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 14:36:59 | 002,191,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/25 14:34:51 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/04/25 13:29:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/25 13:29:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/25 13:29:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/25 13:29:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/25 13:29:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/25 13:26:27 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/04/24 16:49:19 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/04/23 23:23:39 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/21 20:04:36 | 066,936,133 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Title Fight-Shed-2011.zip
[2011/04/21 16:10:09 | 000,415,120 | ---- | M] () -- C:\Documents and Settings\James\Desktop\computer2.jpg
[2011/04/18 21:05:12 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\James\defogger_reenable
[2011/04/18 20:10:07 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop XCV edition.lnk
[2011/04/18 19:12:22 | 000,482,735 | ---- | M] () -- C:\Documents and Settings\James\Desktop\computer.jpg
[2011/04/17 17:10:52 | 000,506,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/17 17:10:52 | 000,089,532 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/16 10:49:46 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\smjso.sys
[2011/04/14 20:58:21 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vqpfaqi.sys
[2011/04/14 16:12:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\syscheck.INI
[2011/04/12 02:22:40 | 000,001,438 | ---- | M] () -- C:\Documents and Settings\James\Desktop\The Lord of the Rings Online.lnk
[2011/04/12 01:05:40 | 063,090,856 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Agnostic_Front_-_My_Life_My_Way-2011-CRUELTY.zip
[2011/04/11 22:49:13 | 004,884,856 | ---- | M] () -- C:\Documents and Settings\James\Desktop\EQ2X_Streaming_setup.exe
[2011/04/06 22:01:17 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\James\ntuser.pol
[2011/04/06 21:47:01 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011/04/06 21:47:01 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011/04/06 20:56:04 | 000,016,346 | -HS- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\s27mu48jtob0u88ait7dsngt52733yksk
[2011/04/06 20:56:04 | 000,016,346 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s27mu48jtob0u88ait7dsngt52733yksk
[2011/04/06 20:00:28 | 003,404,136 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\James\Desktop\procexp.exe
[2011/04/06 19:35:32 | 000,016,462 | -HS- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011/04/06 19:35:32 | 000,016,462 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/04 14:56:26 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\James\Desktop\*.tmp files -> C:\Documents and Settings\James\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/27 16:51:18 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/04/25 14:34:51 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/04/25 13:42:35 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/25 13:41:19 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/04/25 13:26:27 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/04/25 13:26:27 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/04/23 23:23:39 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/22 17:51:32 | 000,002,268 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/04/22 17:45:49 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/21 20:02:10 | 066,936,133 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Title Fight-Shed-2011.zip
[2011/04/21 16:10:07 | 000,415,120 | ---- | C] () -- C:\Documents and Settings\James\Desktop\computer2.jpg
[2011/04/18 21:05:04 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\James\defogger_reenable
[2011/04/18 20:10:07 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop XCV edition.lnk
[2011/04/18 19:12:21 | 000,482,735 | ---- | C] () -- C:\Documents and Settings\James\Desktop\computer.jpg
[2011/04/16 10:49:46 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\smjso.sys
[2011/04/14 20:58:21 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vqpfaqi.sys
[2011/04/14 16:12:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2011/04/12 02:22:40 | 000,001,438 | ---- | C] () -- C:\Documents and Settings\James\Desktop\The Lord of the Rings Online.lnk
[2011/04/12 01:02:38 | 063,090,856 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Agnostic_Front_-_My_Life_My_Way-2011-CRUELTY.zip
[2011/04/11 22:49:05 | 004,884,856 | ---- | C] () -- C:\Documents and Settings\James\Desktop\EQ2X_Streaming_setup.exe
[2011/04/07 02:01:50 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2011/04/06 22:00:53 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\James\ntuser.pol
[2011/04/06 21:46:33 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011/04/06 21:46:33 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011/04/06 19:35:32 | 000,016,346 | -HS- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\s27mu48jtob0u88ait7dsngt52733yksk
[2011/04/06 19:35:32 | 000,016,346 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s27mu48jtob0u88ait7dsngt52733yksk
[2011/04/06 19:06:59 | 000,016,462 | -HS- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011/04/06 19:06:59 | 000,016,462 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011/03/07 23:34:32 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\James\Application Data\PnkBstrK.sys
[2011/03/07 22:00:15 | 000,224,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/06 13:32:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/02/08 23:21:13 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/07/30 15:24:44 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/30 15:24:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/30 15:24:42 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/30 11:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2010/07/29 10:36:50 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/07/27 18:32:37 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANPDApi.dll
[2010/07/27 18:32:37 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANPD64.SYS
[2010/07/27 18:32:37 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANPD.SYS
[2010/07/27 18:31:59 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/07/22 11:56:03 | 000,000,959 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2010/07/22 09:27:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/22 08:14:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/06/10 07:08:51 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/06 10:29:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pzemej.dat
[2010/06/06 10:29:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dwalifasocukex.bin
[2010/06/06 10:28:13 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\James\Application Data\qcopjv.dat
[2010/04/03 22:55:32 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/03/14 13:29:51 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/03/14 13:29:51 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/03/14 13:29:51 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/03/14 13:29:51 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/03/14 13:29:51 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/03/14 13:29:51 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/03/14 13:29:51 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/03/14 13:29:51 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/03/14 13:29:51 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/03/14 13:29:51 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/03/14 13:29:51 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/03/14 13:29:51 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/03/14 13:29:51 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/03/14 13:29:51 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/03/14 13:29:51 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/03/14 13:29:51 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/03/14 13:28:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX410.ini
[2010/02/18 02:07:55 | 000,072,756 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/21 21:06:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/10/24 12:13:06 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\James\Application Data\vso_ts_preview.xml
[2009/10/03 19:33:17 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\James\Application Data\inst.exe
[2009/10/03 19:33:17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\James\Application Data\pcouffin.cat
[2009/10/03 19:33:17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\James\Application Data\pcouffin.inf
[2009/09/30 18:07:09 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/09/30 18:07:09 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/09/30 18:07:09 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/09/30 18:07:09 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/09/30 18:07:09 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/09/30 18:07:09 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2009/09/12 18:48:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/26 12:22:44 | 000,000,398 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2009/06/13 10:29:20 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/06/13 10:29:20 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/06/12 21:49:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/06/08 05:57:07 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/08 05:57:05 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/06/08 05:57:05 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/08 05:57:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/08 05:57:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/08 05:54:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/08 05:50:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/08 05:45:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/08 05:44:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/06/07 22:40:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/07 22:36:32 | 002,191,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/07 19:48:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/07 18:40:57 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 16:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/07 16:46:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/06/07 16:14:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2009/06/07 15:36:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/06/07 03:05:32 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/06/07 03:02:51 | 000,005,152 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/06/07 03:02:50 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/06/07 02:58:53 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2009/06/07 02:58:49 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2009/06/07 02:58:48 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2009/06/07 02:58:48 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2009/06/07 02:58:48 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\WinSys2.exe
[2007/11/28 04:32:00 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2007/11/28 04:26:10 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/08/21 03:03:50 | 000,217,718 | ---- | C] () -- C:\WINDOWS\System32\reboot.exe
[2004/08/03 16:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 05:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,506,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,089,532 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 55920 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

#4 aidswolf

aidswolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:11:24 AM

Posted 27 April 2011 - 09:24 PM

I'm breaking up the extra's log, it seems I cannot post the entire thing. My browser times out. I'll attach it as well.


OTL Extras logfile created on: 27/04/2011 7:09:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\James\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 46.18 Gb Free Space | 23.65% Space Free | Partition Type: NTFS
Drive E: | 270.44 Gb Total Space | 83.40 Gb Free Space | 30.84% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 22.47 Gb Free Space | 9.65% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 965.05 Gb Free Space | 51.80% Space Free | Partition Type: NTFS
Drive M: | 6.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-479C50C504 | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58313:TCP" = 58313:TCP:*:Enabled:Pando Media Booster
"58313:UDP" = 58313:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"58002:TCP" = 58002:TCP:*:Enabled:Pando Media Booster
"58002:UDP" = 58002:UDP:*:Enabled:Pando Media Booster
"56215:TCP" = 56215:TCP:*:Enabled:Pando Media Booster
"56215:UDP" = 56215:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"58313:TCP" = 58313:TCP:*:Enabled:Pando Media Booster
"58313:UDP" = 58313:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"58002:TCP" = 58002:TCP:*:Enabled:Pando Media Booster
"58002:UDP" = 58002:UDP:*:Enabled:Pando Media Booster
"3742:TCP" = 3742:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"56215:TCP" = 56215:TCP:*:Enabled:Pando Media Booster
"56215:UDP" = 56215:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"E:\GAMES\steamapps\dmaged\source sdk base\hl2.exe" = E:\GAMES\steamapps\dmaged\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"E:\GAMES\Steam.exe" = E:\GAMES\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"G:\games2\EverQuest\EQVoiceService.exe" = G:\games2\EverQuest\EQVoiceService.exe:*:Enabled:EQVoiceService
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient
"E:\GAMES\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = E:\GAMES\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- ()
"G:\games2\BORDERLANDS\Gearbox Software\Borderlands\Binaries\Borderlands.exe" = G:\games2\BORDERLANDS\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands
"E:\GAMES\steamapps\common\r.u.s.e. beta\Ruse.exe" = E:\GAMES\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()
"E:\GAMES\steamapps\common\on the rain-slick precipice of darkness - episode one\RainSlickEp1.exe" = E:\GAMES\steamapps\common\on the rain-slick precipice of darkness - episode one\RainSlickEp1.exe:*:Enabled:Penny Arcade Adventures: On the Rain-Slick Precipice of Darkness, Episode One -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"E:\GAMES\steamapps\common\altitude\altitude.exe" = E:\GAMES\steamapps\common\altitude\altitude.exe:*:Enabled:altitude
"E:\GAMES\steamapps\common\alien swarm\srcds.exe" = E:\GAMES\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server
"E:\World of Warcraft\Launcher.exe" = E:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"E:\World of Warcraft\Launcher.patch.exe" = E:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"E:\GAMES\steamapps\common\puzzle quest\Puzzle Quest.exe" = E:\GAMES\steamapps\common\puzzle quest\Puzzle Quest.exe:*:Enabled:Puzzle Quest -- ()
"E:\GAMES\steamapps\common\the scourge project ep 1 - 2\Binaries\Win32\ScourgeGame.exe" = E:\GAMES\steamapps\common\the scourge project ep 1 - 2\Binaries\Win32\ScourgeGame.exe:*:Enabled:The Scourge Project: Episode 1 and 2
"E:\GAMES\steamapps\common\ultimate doom\ultimate + mouse.bat" = E:\GAMES\steamapps\common\ultimate doom\ultimate + mouse.bat:*:Enabled:The Ultimate DOOM -- ()
"E:\GAMES\steamapps\common\ultimate doom\ultimate.bat" = E:\GAMES\steamapps\common\ultimate doom\ultimate.bat:*:Enabled:The Ultimate DOOM -- ()
"E:\GAMES\steamapps\common\doom 2\doom2 + mouse.bat" = E:\GAMES\steamapps\common\doom 2\doom2 + mouse.bat:*:Enabled:DOOM II: Hell on Earth -- ()
"E:\GAMES\steamapps\common\doom 2\doom2.bat" = E:\GAMES\steamapps\common\doom 2\doom2.bat:*:Enabled:DOOM II: Hell on Earth -- ()
"E:\GAMES\steamapps\common\final doom\plutonia + mouse.bat" = E:\GAMES\steamapps\common\final doom\plutonia + mouse.bat:*:Enabled:Final DOOM -- ()
"E:\GAMES\steamapps\common\final doom\plutonia.bat" = E:\GAMES\steamapps\common\final doom\plutonia.bat:*:Enabled:Final DOOM -- ()
"E:\GAMES\steamapps\common\final doom\tnt + mouse.bat" = E:\GAMES\steamapps\common\final doom\tnt + mouse.bat:*:Enabled:Final DOOM -- ()
"E:\GAMES\steamapps\common\final doom\tnt.bat" = E:\GAMES\steamapps\common\final doom\tnt.bat:*:Enabled:Final DOOM -- ()
"E:\GAMES\steamapps\common\master levels of doom\master.bat" = E:\GAMES\steamapps\common\master levels of doom\master.bat:*:Enabled:Master Levels for DOOM II -- ()
"E:\GAMES\steamapps\common\kane & lynch 2 - dog days\kl2.exe" = E:\GAMES\steamapps\common\kane & lynch 2 - dog days\kl2.exe:*:Enabled:Kane & Lynch 2: Dog Days -- (Io Interactive A/S)
"E:\GAMES\steamapps\common\x-com terror from the deep\runme.exe" = E:\GAMES\steamapps\common\x-com terror from the deep\runme.exe:*:Enabled:X-COM: Terror from the Deep -- ()
"E:\GAMES\steamapps\common\dead space\Dead Space.exe" = E:\GAMES\steamapps\common\dead space\Dead Space.exe:*:Enabled:Dead Space -- ()
"E:\GAMES\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm" = E:\GAMES\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dead Space -- ()
"E:\GAMES\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = E:\GAMES\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants vs. Zombies: Game of the Year -- ()
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
"E:\GAMES\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = E:\GAMES\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R.: Shadow of Chernobyl -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"E:\GAMES\steamapps\dmaged\team fortress 2\hl2.exe" = E:\GAMES\steamapps\dmaged\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"E:\GAMES\steamapps\common\batman arkham asylum goty\Binaries\BmLauncher.exe" = E:\GAMES\steamapps\common\batman arkham asylum goty\Binaries\BmLauncher.exe:*:Enabled:Batman: Arkham Asylum GOTY Edition -- (Rocksteady Studios Ltd)
"E:\GAMES\steamapps\common\batman arkham asylum goty\Binaries\ShippingPC-BmGame.exe" = E:\GAMES\steamapps\common\batman arkham asylum goty\Binaries\ShippingPC-BmGame.exe:*:Enabled:BmGame -- (Rocksteady Studios Ltd)
"E:\GAMES\steamapps\common\overlord\Overlord.exe" = E:\GAMES\steamapps\common\overlord\Overlord.exe:*:Enabled:Overlord -- (Triumph Studios)
"E:\GAMES\steamapps\common\overlord\Config.exe" = E:\GAMES\steamapps\common\overlord\Config.exe:*:Enabled:Overlord -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\GAMES\VINDICT\Vindictus\en-US\NMService.exe" = C:\GAMES\VINDICT\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\DOCUME~1\James\LOCALS~1\Temp\anmceoxwsr.tmp" = C:\DOCUME~1\James\LOCALS~1\Temp\anmceoxwsr.tmp:*:Enabled:@xpsp2res.dll,-22019
"C:\WINDOWS\mc00196.exe" = C:\WINDOWS\mc00196.exe:*:Enabled:@xpsp2res.dll,-22019
"E:\GAMES\steamapps\common\left 4 dead 2\left4dead2.exe" = E:\GAMES\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()

Attached Files



#5 aidswolf

aidswolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:11:24 AM

Posted 27 April 2011 - 09:26 PM

Broken up some more...

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{14F84065-1316-42C6-B619-1FE1880050E0}" = Xirrus Wi-Fi Inspector
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{4290EA5A-633E-4C6D-B9E3-5FEAEC615CC9}" = Anachronox
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{593D4F8A-5F11-4901-A74A-6E7971E45790}" = Diskeeper 2009 Pro Premier
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{663EB4B1-1C35-475C-853A-A810C3EAB170}" = Adobe Illustrator CS3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{76756402-BF1E-4A0F-AFCC-0EE6CF58F58C}" = ESET NOD32 Antivirus
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193j
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_944" = Adobe Acrobat 9.4.4 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.03.00.8048
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.60 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop" = Adobe Photoshop XCV edition
"Artisteer 2" = Artisteer 2
"Ask Toolbar_is1" = Vuze Toolbar
"AviSynth" = AviSynth 2.5
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 6_is1" = DVDFab 6.0.7.0 (18/09/2009)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EncSpot Basic_is1" = EncSpot Basic 2.0
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Fallout New Vegas_is1" = Fallout New Vegas
"HaaliMkx" = Haali Media Splitter
"HitmanPro35" = Hitman Pro 3.5
"ImgBurn" = ImgBurn
"ImTOO AVI to DVD Converter 6" = ImTOO AVI to DVD Converter 6
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.3.0
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Micro 8.3.6.0
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"ScummVM_is1" = ScummVM 0.7.1
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Steam App 11450" = Overlord
"Steam App 12500" = Puzzle Quest
"Steam App 17470" = Dead Space
"Steam App 18000" = Penny Arcade Adventures: On the Rain-Slick Precipice of Darkness, Episode One
"Steam App 215" = Source SDK Base
"Steam App 2280" = The Ultimate DOOM
"Steam App 2290" = Final DOOM
"Steam App 2300" = DOOM II: Hell on Earth
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 40930" = The Misadventures of P.B. Winterbottom
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 55040" = Atom Zombie Smasher
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 9160" = Master Levels for DOOM II
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"Vuze" = Vuze
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

#6 aidswolf

aidswolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:11:24 AM

Posted 27 April 2011 - 09:35 PM

The last bit of the log continuously times me out when I post it, I don't know what the problem is.


from the line and on...

========== HKEY_USERS Uninstall List ==========

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:24 PM

Posted 28 April 2011 - 08:51 AM

Hi-

Thank you for the logs. Don't worry about pulling in the rest of the Extras file. I pulled what I needed from the extras.txt file that you attached. The logs (DDS) did show some problems and one was a backdoor trojan - a TDL3 rootkit infection. A backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue with the cleanup -

First, please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.21.0) from Kaspersky's website.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.4.21_23.07.2010_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Next, download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your reply, copy in the contents of the TDSSKiller report and the ComboFix report. How is your computer running now?
Shannon

#8 aidswolf

aidswolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:11:24 AM

Posted 28 April 2011 - 09:48 PM

Hello again, here are the logs you have requested.

2011/04/28 18:56:24.0312 1956 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/28 18:56:24.0328 1956 ================================================================================
2011/04/28 18:56:24.0328 1956 SystemInfo:
2011/04/28 18:56:24.0328 1956
2011/04/28 18:56:24.0328 1956 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/28 18:56:24.0328 1956 Product type: Workstation
2011/04/28 18:56:24.0328 1956 ComputerName: USER-479C50C504
2011/04/28 18:56:24.0328 1956 UserName: James
2011/04/28 18:56:24.0328 1956 Windows directory: C:\WINDOWS
2011/04/28 18:56:24.0328 1956 System windows directory: C:\WINDOWS
2011/04/28 18:56:24.0328 1956 Processor architecture: Intel x86
2011/04/28 18:56:24.0328 1956 Number of processors: 4
2011/04/28 18:56:24.0328 1956 Page size: 0x1000
2011/04/28 18:56:24.0328 1956 Boot type: Normal boot
2011/04/28 18:56:24.0328 1956 ================================================================================
2011/04/28 18:56:24.0609 1956 Initialize success
2011/04/28 18:56:32.0390 3624 ================================================================================
2011/04/28 18:56:32.0390 3624 Scan started
2011/04/28 18:56:32.0390 3624 Mode: Manual;
2011/04/28 18:56:32.0390 3624 ================================================================================
2011/04/28 18:56:32.0812 3624 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/28 18:56:32.0843 3624 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/28 18:56:32.0906 3624 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/28 18:56:32.0937 3624 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/28 18:56:33.0125 3624 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/28 18:56:33.0156 3624 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/28 18:56:33.0218 3624 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/04/28 18:56:33.0250 3624 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/28 18:56:33.0296 3624 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/28 18:56:33.0343 3624 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/28 18:56:33.0390 3624 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/28 18:56:33.0453 3624 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/28 18:56:33.0484 3624 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/28 18:56:33.0500 3624 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/28 18:56:33.0718 3624 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/28 18:56:33.0765 3624 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/28 18:56:33.0796 3624 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/28 18:56:33.0828 3624 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/28 18:56:33.0859 3624 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/28 18:56:33.0890 3624 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/28 18:56:33.0937 3624 eamon (3b2e8f97b6869c29da023ee75bf585d5) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/04/28 18:56:33.0968 3624 ehdrv (4fad054cbcaa296be7bd2cb77da9d9b4) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/04/28 18:56:34.0000 3624 epfwtdir (d2a915b725845c3eda5a68ed2da74700) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/04/28 18:56:34.0046 3624 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/28 18:56:34.0078 3624 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/28 18:56:34.0125 3624 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/28 18:56:34.0156 3624 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/28 18:56:34.0187 3624 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/28 18:56:34.0203 3624 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/28 18:56:34.0218 3624 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/28 18:56:34.0250 3624 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/28 18:56:34.0281 3624 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/28 18:56:34.0312 3624 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/28 18:56:34.0343 3624 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/28 18:56:34.0375 3624 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011/04/28 18:56:34.0453 3624 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/28 18:56:34.0515 3624 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/28 18:56:34.0546 3624 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/28 18:56:34.0625 3624 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/28 18:56:34.0656 3624 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/28 18:56:34.0671 3624 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/28 18:56:34.0703 3624 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/28 18:56:34.0750 3624 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/28 18:56:34.0796 3624 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/28 18:56:34.0828 3624 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/28 18:56:34.0843 3624 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/28 18:56:34.0859 3624 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/28 18:56:34.0890 3624 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/28 18:56:34.0921 3624 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/28 18:56:34.0984 3624 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/04/28 18:56:35.0031 3624 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/04/28 18:56:35.0062 3624 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/28 18:56:35.0093 3624 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/28 18:56:35.0156 3624 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
2011/04/28 18:56:35.0218 3624 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/28 18:56:35.0265 3624 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/28 18:56:35.0296 3624 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/28 18:56:35.0328 3624 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/28 18:56:35.0359 3624 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/28 18:56:35.0390 3624 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/28 18:56:35.0437 3624 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/28 18:56:35.0484 3624 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/28 18:56:35.0500 3624 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/28 18:56:35.0531 3624 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/28 18:56:35.0546 3624 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/28 18:56:35.0578 3624 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/28 18:56:35.0609 3624 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/28 18:56:35.0625 3624 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/28 18:56:35.0656 3624 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/28 18:56:35.0671 3624 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/28 18:56:35.0687 3624 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/28 18:56:35.0734 3624 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/28 18:56:35.0781 3624 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/28 18:56:35.0812 3624 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/28 18:56:35.0843 3624 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/28 18:56:36.0031 3624 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/28 18:56:36.0187 3624 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/04/28 18:56:36.0218 3624 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/04/28 18:56:36.0250 3624 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/04/28 18:56:36.0296 3624 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/28 18:56:36.0312 3624 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/28 18:56:36.0359 3624 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/28 18:56:36.0390 3624 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/28 18:56:36.0453 3624 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/28 18:56:36.0484 3624 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/28 18:56:36.0531 3624 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/28 18:56:36.0578 3624 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/28 18:56:36.0609 3624 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/04/28 18:56:36.0765 3624 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/28 18:56:36.0796 3624 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/28 18:56:36.0828 3624 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/28 18:56:36.0906 3624 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/04/28 18:56:36.0921 3624 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/28 18:56:36.0953 3624 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/28 18:56:37.0046 3624 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/28 18:56:37.0078 3624 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/28 18:56:37.0109 3624 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/28 18:56:37.0125 3624 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/28 18:56:37.0171 3624 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/28 18:56:37.0171 3624 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/28 18:56:37.0234 3624 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/28 18:56:37.0296 3624 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/28 18:56:37.0328 3624 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/28 18:56:37.0375 3624 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/04/28 18:56:37.0421 3624 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/04/28 18:56:37.0531 3624 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/28 18:56:37.0546 3624 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/28 18:56:37.0578 3624 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/28 18:56:37.0640 3624 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/28 18:56:37.0656 3624 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/28 18:56:37.0734 3624 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/28 18:56:37.0812 3624 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/28 18:56:37.0859 3624 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys
2011/04/28 18:56:37.0906 3624 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/28 18:56:37.0953 3624 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/28 18:56:38.0015 3624 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/28 18:56:38.0062 3624 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/28 18:56:38.0187 3624 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/28 18:56:38.0234 3624 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/28 18:56:38.0281 3624 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/28 18:56:38.0296 3624 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/28 18:56:38.0312 3624 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/28 18:56:38.0375 3624 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/28 18:56:38.0546 3624 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/28 18:56:38.0625 3624 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/28 18:56:38.0687 3624 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/28 18:56:38.0703 3624 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/28 18:56:38.0718 3624 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/28 18:56:38.0734 3624 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/28 18:56:38.0765 3624 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/28 18:56:38.0781 3624 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/28 18:56:38.0812 3624 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/28 18:56:38.0843 3624 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/28 18:56:38.0906 3624 VIAHdAudAddService (2e16e69de644113f287de4cd7b8a73a6) C:\WINDOWS\system32\drivers\viahduaa.sys
2011/04/28 18:56:38.0953 3624 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/28 18:56:39.0031 3624 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/28 18:56:39.0062 3624 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/28 18:56:39.0156 3624 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/28 18:56:39.0203 3624 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/28 18:56:39.0250 3624 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/28 18:56:39.0296 3624 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/28 18:56:39.0328 3624 ================================================================================
2011/04/28 18:56:39.0328 3624 Scan finished
2011/04/28 18:56:39.0328 3624 ================================================================================
2011/04/28 18:56:39.0343 3292 Detected object count: 1
2011/04/28 18:57:00.0937 3292 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/28 18:57:00.0937 3292 \HardDisk0 - ok
2011/04/28 18:57:00.0937 3292 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/28 18:57:08.0421 0936 Deinitialize success




----



ComboFix 11-04-27.03 - James 28/04/2011 19:09:45.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3583.2988 [GMT -7:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\James\Application Data\inst.exe
c:\documents and settings\James\Local Settings\Application Data\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB}
c:\documents and settings\James\Local Settings\Application Data\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB}\chrome.manifest
c:\documents and settings\James\Local Settings\Application Data\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB}\chrome\content\_cfg.js
c:\documents and settings\James\Local Settings\Application Data\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB}\chrome\content\overlay.xul
c:\documents and settings\James\Local Settings\Application Data\{C6C33238-F3F2-4954-A5F8-37ACB74D02DB}\install.rdf
C:\Install.exe
c:\windows\system32\Drivers\smjso.sys
c:\windows\system32\Drivers\vqpfaqi.sys
E:\Autorun.inf
G:\Autorun.inf
G:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-04-27 23:51 . 2011-04-27 23:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-04-25 22:56 . 2011-04-25 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-04-25 20:41 . 2011-04-27 23:51 -------- d-----w- c:\program files\McAfee Security Scan
2011-04-25 20:32 . 2011-04-25 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-04-25 20:32 . 2011-04-25 20:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-04-25 20:30 . 2011-04-25 20:30 -------- d-----w- c:\program files\Common Files\Java
2011-04-25 20:30 . 2011-04-25 20:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-25 20:26 . 2011-04-25 20:26 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Secunia PSI
2011-04-25 20:26 . 2011-04-25 20:26 -------- d-----w- c:\program files\Secunia
2011-04-25 08:24 . 2011-02-03 01:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-24 05:32 . 2011-04-24 05:32 -------- d-----w- c:\program files\iPod
2011-04-24 05:32 . 2011-04-24 05:33 -------- d-----w- c:\program files\iTunes
2011-04-24 05:28 . 2011-04-24 05:28 -------- d-----w- c:\program files\Bonjour
2011-04-23 00:45 . 2011-04-25 23:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-23 00:45 . 2011-04-23 00:45 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-23 00:45 . 2011-04-23 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-19 02:59 . 2011-04-19 02:59 -------- d-----w- C:\Program Files (x86)
2011-04-19 02:58 . 2011-04-19 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-04-18 00:05 . 2011-04-18 00:05 -------- d-----w- c:\program files\Xirrus
2011-04-18 00:02 . 2011-04-18 00:02 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Downloaded Installations
2011-04-17 23:40 . 2011-04-17 23:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-16 13:57 . 2011-04-16 13:57 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-04-15 20:09 . 2011-04-15 20:09 -------- d-----w- c:\documents and settings\James\Application Data\SUPERAntiSpyware.com
2011-04-15 20:05 . 2011-04-15 20:06 -------- d-----w- c:\documents and settings\James\Application Data\QuickScan
2011-04-12 20:49 . 2011-04-12 20:49 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\The Lord of the Rings Online
2011-04-12 04:42 . 2011-04-12 04:42 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Chromium
2011-04-08 23:11 . 2011-04-08 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2011-04-08 23:00 . 2011-04-08 23:00 -------- d-----w- c:\program files\BandiMPEG1
2011-04-07 09:02 . 2010-11-03 21:39 3904976 ----a-w- c:\windows\system32\GameMon.des
2011-04-07 09:01 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-04-07 09:01 . 2003-07-20 09:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-04-07 09:01 . 2011-04-07 09:01 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-04-07 06:06 . 2011-04-07 06:06 -------- d-----w- c:\program files\CCleaner
2011-04-07 04:36 . 2011-04-07 04:36 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Help
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 02:29 . 2011-04-05 02:29 -------- d-----w- c:\program files\MagicDisc
2011-04-05 02:29 . 2009-02-25 01:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-04-05 00:59 . 2011-04-05 00:59 -------- d-----w- c:\program files\Common Files\DirectX
2011-04-04 21:56 . 2011-04-04 21:56 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-03-30 03:53 . 2011-03-30 03:54 -------- d-----w- c:\documents and settings\James\Application Data\DarksporeData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-25 20:29 . 2010-05-15 00:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-24 23:49 . 2010-07-29 17:36 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-03-10 03:41 . 2011-03-08 06:35 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-08 06:34 . 2011-03-08 06:34 138056 ----a-w- c:\documents and settings\James\Application Data\PnkBstrK.sys
2011-03-06 20:32 . 2011-03-06 20:32 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-02-14 02:30 . 2009-06-13 17:29 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-02-14 02:30 . 2009-06-13 17:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-02-09 13:53 . 2004-08-03 22:56 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-03 22:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-06-08 12:44 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-10 01:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\games\steam.exe" [2010-12-08 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-08-15 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-27 33599488]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\James\Start Menu\Programs\Startup\AutorunsDisabled
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-4-4 576000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-18 291896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F5D8053\Belkinwcui.exe [N/A]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-23 02:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 18:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 19:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PS3 Media Server"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"e:\\GAMES\\steamapps\\dmaged\\source sdk base\\hl2.exe"=
"e:\\GAMES\\Steam.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"e:\\GAMES\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\GAMES\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
"e:\\GAMES\\steamapps\\common\\on the rain-slick precipice of darkness - episode one\\RainSlickEp1.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\GAMES\\steamapps\\common\\puzzle quest\\Puzzle Quest.exe"=
"e:\\GAMES\\steamapps\\common\\ultimate doom\\ultimate + mouse.bat"=
"e:\\GAMES\\steamapps\\common\\ultimate doom\\ultimate.bat"=
"e:\\GAMES\\steamapps\\common\\doom 2\\doom2 + mouse.bat"=
"e:\\GAMES\\steamapps\\common\\doom 2\\doom2.bat"=
"e:\\GAMES\\steamapps\\common\\final doom\\plutonia + mouse.bat"=
"e:\\GAMES\\steamapps\\common\\final doom\\plutonia.bat"=
"e:\\GAMES\\steamapps\\common\\final doom\\tnt + mouse.bat"=
"e:\\GAMES\\steamapps\\common\\final doom\\tnt.bat"=
"e:\\GAMES\\steamapps\\common\\master levels of doom\\master.bat"=
"e:\\GAMES\\steamapps\\common\\kane & lynch 2 - dog days\\kl2.exe"=
"e:\\GAMES\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
"e:\\GAMES\\steamapps\\common\\dead space\\Dead Space.exe"=
"e:\\GAMES\\steamapps\\common\\dead space\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"e:\\GAMES\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"e:\\GAMES\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"e:\\GAMES\\steamapps\\dmaged\\team fortress 2\\hl2.exe"=
"e:\\GAMES\\steamapps\\common\\batman arkham asylum goty\\Binaries\\BmLauncher.exe"=
"e:\\GAMES\\steamapps\\common\\batman arkham asylum goty\\Binaries\\ShippingPC-BmGame.exe"=
"e:\\GAMES\\steamapps\\common\\overlord\\Overlord.exe"=
"e:\\GAMES\\steamapps\\common\\overlord\\Config.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\GAMES\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"58313:TCP"= 58313:TCP:Pando Media Booster
"58313:UDP"= 58313:UDP:Pando Media Booster
"58002:TCP"= 58002:TCP:Pando Media Booster
"58002:UDP"= 58002:UDP:Pando Media Booster
"3742:TCP"= 3742:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"56215:TCP"= 56215:TCP:Pando Media Booster
"56215:UDP"= 56215:UDP:Pando Media Booster
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09/04/2009 3:18 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [09/04/2009 3:21 PM 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 11:41 AM 67656]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [07/06/2009 6:33 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [07/06/2009 6:34 PM 234888]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [09/04/2009 3:19 PM 731840]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [08/04/2010 4:46 PM 117288]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [08/04/2010 4:46 PM 117288]
R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [08/04/2010 4:46 PM 154152]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [07/06/2009 3:06 AM 1057024]
S0 yjrmjhc;yjrmjhc; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate1ca04f1b7b7a218;Google Update Service (gupdate1ca04f1b7b7a218);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2009 7:12 PM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 5:46 AM 284016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2009 7:12 PM 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [22/04/2011 5:45 PM 16968]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 5:49 AM 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 1:30 AM 15544]
S3 vproiah;vproiah;c:\windows\system32\DRIVERS\vproiah.sys --> c:\windows\system32\DRIVERS\vproiah.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [18/04/2011 11:44 PM 993848]
S4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [18/04/2011 11:44 PM 399416]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/06/2009 7:35 AM 721904]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 02:12]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 02:12]
.
2011-04-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\1p95vmf9.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
Notify-NavLogon - (no file)
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-28 19:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1547161642-1409082233-839522115-1003\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:5a,dd,26,b1,8d,94,42,66,45,36,a4,8b,26,77,1d,ab,d6,37,bb,12,4e,
28,e7,76,5d,c9,fc,69,83,c8,5a,87,24,4a,57,6a,3e,e7,60,b1,2c,e6,e8,94,a9,a5,\
"rkeysecu"=hex:c7,f0,f5,5b,f8,23,53,9f,54,da,06,33,ca,1c,91,e2
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:89,2c,0e,c8,1d,57,eb,a4,5e,d6,a0,7e,52,e6,4c,be,70,5f,cd,f8,88,
99,27,86,d3,2b,59,c5,be,ea,43,30,d8,a0,da,9c,86,b5,97,98,c1,b8,30,61,34,23,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:89,2c,0e,c8,1d,57,eb,a4,5e,d6,a0,7e,52,e6,4c,be,70,5f,cd,f8,88,
99,27,86,d3,2b,59,c5,be,ea,43,30,d8,a0,da,9c,86,b5,97,98,c1,b8,30,61,34,23,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\James\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\James\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\James\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\James\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-28 19:20:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-29 02:20
.
Pre-Run: 49,423,482,880 bytes free
Post-Run: 52,447,461,376 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 1BB1C09EEF196D65C66B4C5A297525FC




So far it seems the constant blocked pop-up warnings have ceased for the time being, this is hopeful. I am still considering re-installing the OS though after reading some of the information you provided about when / how to re-instal (I've never felt scared while on my computer but lately it's been a little freaky. Almost like the time my house was broken into - I just didn't feel secure for a long time). I'll have to buy a new CD as I no longer have mine. Maybe it's time to get upgrade to 7. I've been toying with the idea of buying a new computer lately as well.

If it comes to formating/re-install I may have some questions at the time.

For now let's continue.

Thanks again.

#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:24 PM

Posted 29 April 2011 - 09:08 AM

Hi-

It appears that TDSSKiller got rid of the main infection with ComboFix cleaning up others. Let's see what is left and get another listing.

Please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Next, do a new OTL scan.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it into your reply:
  • OTL.txt <-- Will be the opened report

Please copy the MBAM and OTL reports into your reply, and let me know how the computer is doing.
Shannon

#10 aidswolf

aidswolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:11:24 AM

Posted 30 April 2011 - 12:22 AM

Hello again,

Sorry, late night at work today. I haven't been at my computer since this morning when I started the MBAM scan but it seems okay at the moment. I still haven't seen any of those blocked attacks that occurred rather frequently before. Here are the logs as requested.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6472

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

29/04/2011 11:38:24 AM
mbam-log-2011-04-29 (11-38-24).txt

Scan type: Full scan (C:\|E:\|G:\|L:\|)
Objects scanned: 458530
Time elapsed: 3 hour(s), 26 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--

OTL logfile created on: 29/04/2011 10:15:53 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\James\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 47.85 Gb Free Space | 24.50% Space Free | Partition Type: NTFS
Drive E: | 270.44 Gb Total Space | 84.86 Gb Free Space | 31.38% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 22.47 Gb Free Space | 9.65% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 965.05 Gb Free Space | 51.80% Space Free | Partition Type: NTFS
Drive M: | 6.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-479C50C504 | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/27 16:54:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
PRC - [2011/03/25 13:15:54 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/07 20:05:33 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\GAMES\steam.exe
PRC - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/04/09 15:19:08 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/04/09 15:17:56 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/11/22 08:12:34 | 001,333,016 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/11 04:40:30 | 000,992,176 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


========== Modules (SafeList) ==========

MOD - [2011/04/27 16:54:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (PnkBstrB)
SRV - File not found [Auto | Stopped] -- -- (PnkBstrA)
SRV - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/03 14:39:25 | 003,904,976 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2009/06/16 16:34:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/09 15:29:20 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/04/09 15:19:08 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/22 08:12:34 | 001,333,016 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/04/25 16:06:47 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/02/13 19:30:36 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/02/13 19:30:36 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/08 07:49:44 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/09 15:21:12 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/04/09 15:18:02 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/04/09 15:10:30 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/15 19:25:52 | 001,057,024 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/08/18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/01 12:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 12:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/02/13 23:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\extensions\\{D8E7DC08-456F-47A1-9A5C-ED27F2BF0AA7}: C:\Documents and Settings\James\Local Settings\Application Data\{D8E7DC08-456F-47A1-9A5C-ED27F2BF0AA7} [2010/06/06 10:29:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{339CB73D-E0F1-4F4D-A2A9-57A9A1FE60D5}: C:\Documents and Settings\James\Local Settings\Application Data\{339CB73D-E0F1-4F4D-A2A9-57A9A1FE60D5}\ [2010/07/22 10:42:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2583E0B7-D1FA-43C1-9D18-8BC53D68F3DE}: C:\Documents and Settings\James\Local Settings\Application Data\{2583E0B7-D1FA-43C1-9D18-8BC53D68F3DE}\ [2010/07/22 11:41:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{86AE0728-89A8-4AC4-A688-95CF15137311}: C:\Documents and Settings\James\Local Settings\Application Data\{86AE0728-89A8-4AC4-A688-95CF15137311}\ [2010/07/22 11:52:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/25 13:39:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/25 13:42:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/04/06 19:40:06 | 000,000,000 | ---D | M]

[2009/06/07 16:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2011/04/28 19:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\1p95vmf9.default\extensions
[2010/05/20 08:58:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\1p95vmf9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/28 19:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 17:41:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/23 18:51:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/25 14:15:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/25 13:30:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/25 13:29:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/06 11:51:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/06 11:51:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/06 11:51:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/06 11:51:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/28 19:15:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - File not found
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003..\Run: [Steam] E:\GAMES\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED [2010/07/22 11:20:30 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\James\Start Menu\Programs\Startup\AutorunsDisabled [2011/04/25 15:10:26 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244515492765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244515282718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/08 05:48:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/16 13:45:10 | 000,323,424 | R--- | M] (People Can Fly) - M:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/11/22 14:36:30 | 000,000,055 | R--- | M] () - M:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/01/30 18:57:37 | 000,367,686 | R--- | M] () - M:\autorun.ico -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1547161642-1409082233-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 23:51:28 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/04/28 23:51:17 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2011/04/28 20:27:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/28 19:07:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/28 19:04:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/28 19:04:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/28 19:04:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/28 19:04:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/28 19:04:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/28 19:03:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/27 16:54:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/04/27 16:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/04/25 15:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/04/25 15:10:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\James\Start Menu\Programs\Startup\AutorunsDisabled
[2011/04/25 14:18:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011/04/25 13:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/04/25 13:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/25 13:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/25 13:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/25 13:30:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/25 13:30:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/25 13:30:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/25 13:30:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/25 13:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\Secunia PSI
[2011/04/25 13:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/04/25 01:24:32 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/04/23 22:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/23 22:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/23 22:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/23 22:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/23 17:49:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\James\Recent
[2011/04/22 17:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/22 17:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/04/22 17:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/20 12:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\Zombie Shooter 2 Saves
[2011/04/18 20:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop
[2011/04/18 19:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2011/04/18 19:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/18 15:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\BLEEPING COMPUTERS
[2011/04/17 17:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xirrus
[2011/04/17 17:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2011/04/17 17:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\Downloaded Installations
[2011/04/17 16:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 03:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/16 03:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/15 14:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\recovery bleep
[2011/04/15 13:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\SUPERAntiSpyware.com
[2011/04/15 13:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\QuickScan
[2011/04/12 13:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\The Lord of the Rings Online
[2011/04/12 13:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\The Lord of the Rings Online
[2011/04/12 02:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbine
[2011/04/11 21:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\Chromium
[2011/04/08 16:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/04/08 16:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\Vindictus
[2011/04/08 16:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2011/04/07 11:23:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\James\My Documents\Runes of Magic
[2011/04/07 02:02:31 | 003,904,976 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2011/04/07 02:01:50 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2011/04/07 02:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/04/06 23:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Start Menu\Programs\CCleaner
[2011/04/06 23:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/06 21:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\Help
[2011/04/06 21:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\Help
[2011/04/06 21:26:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/06 20:00:27 | 003,404,136 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\James\Desktop\procexp.exe
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/04 19:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Start Menu\Programs\MagicDisc
[2011/04/04 19:29:13 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2011/04/04 19:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2011/04/04 17:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2011/04/04 17:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\Overlord
[2009/10/03 19:33:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\James\Application Data\pcouffin.sys
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\James\Desktop\*.tmp files -> C:\Documents and Settings\James\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 22:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 15:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 08:07:48 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/29 03:25:54 | 002,191,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/29 03:25:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 03:08:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/29 03:05:24 | 000,506,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/29 03:05:24 | 000,089,738 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/28 20:27:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/04/28 20:12:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/28 19:15:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/28 19:07:54 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/04/28 08:12:35 | 004,332,172 | R--- | M] () -- C:\Documents and Settings\James\Desktop\ComboFix.exe
[2011/04/27 16:54:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/04/27 14:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/25 16:06:47 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/25 16:04:37 | 000,002,268 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/04/25 16:01:29 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/25 14:43:02 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 14:34:51 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/04/25 13:29:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/25 13:29:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/25 13:29:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/25 13:29:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/25 13:29:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/24 16:49:19 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/04/23 23:23:39 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/21 20:04:36 | 066,936,133 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Title Fight-Shed-2011.zip
[2011/04/21 16:10:09 | 000,415,120 | ---- | M] () -- C:\Documents and Settings\James\Desktop\computer2.jpg
[2011/04/18 21:05:12 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\James\defogger_reenable
[2011/04/18 20:10:07 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop XCV edition.lnk
[2011/04/18 19:12:22 | 000,482,735 | ---- | M] () -- C:\Documents and Settings\James\Desktop\computer.jpg
[2011/04/14 16:12:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\syscheck.INI
[2011/04/12 02:22:40 | 000,001,438 | ---- | M] () -- C:\Documents and Settings\James\Desktop\The Lord of the Rings Online.lnk
[2011/04/12 01:05:40 | 063,090,856 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Agnostic_Front_-_My_Life_My_Way-2011-CRUELTY.zip
[2011/04/06 22:01:17 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\James\ntuser.pol
[2011/04/06 21:47:01 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011/04/06 21:47:01 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011/04/06 20:56:04 | 000,016,346 | -HS- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\s27mu48jtob0u88ait7dsngt52733yksk
[2011/04/06 20:56:04 | 000,016,346 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s27mu48jtob0u88ait7dsngt52733yksk
[2011/04/06 20:00:28 | 003,404,136 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\James\Desktop\procexp.exe
[2011/04/06 19:35:32 | 000,016,462 | -HS- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011/04/06 19:35:32 | 000,016,462 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/04 14:56:26 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\James\Desktop\*.tmp files -> C:\Documents and Settings\James\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 03:00:38 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/28 20:27:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/04/28 19:07:54 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/04/28 19:07:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/28 19:04:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/28 19:04:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/28 19:04:35 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/28 19:04:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/28 19:04:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/28 08:12:19 | 004,332,172 | R--- | C] () -- C:\Documents and Settings\James\Desktop\ComboFix.exe
[2011/04/25 14:34:51 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/04/25 13:42:35 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/25 13:26:27 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/04/23 23:23:39 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/22 17:51:32 | 000,002,268 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/04/22 17:45:49 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/21 20:02:10 | 066,936,133 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Title Fight-Shed-2011.zip
[2011/04/21 16:10:07 | 000,415,120 | ---- | C] () -- C:\Documents and Settings\James\Desktop\computer2.jpg
[2011/04/18 21:05:04 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\James\defogger_reenable
[2011/04/18 20:10:07 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop XCV edition.lnk
[2011/04/18 19:12:21 | 000,482,735 | ---- | C] () -- C:\Documents and Settings\James\Desktop\computer.jpg
[2011/04/14 16:12:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2011/04/12 02:22:40 | 000,001,438 | ---- | C] () -- C:\Documents and Settings\James\Desktop\The Lord of the Rings Online.lnk
[2011/04/12 01:02:38 | 063,090,856 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Agnostic_Front_-_My_Life_My_Way-2011-CRUELTY.zip
[2011/04/07 02:01:50 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2011/04/06 22:00:53 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\James\ntuser.pol
[2011/04/06 21:46:33 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011/04/06 21:46:33 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011/04/06 19:35:32 | 000,016,346 | -HS- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\s27mu48jtob0u88ait7dsngt52733yksk
[2011/04/06 19:35:32 | 000,016,346 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s27mu48jtob0u88ait7dsngt52733yksk
[2011/04/06 19:06:59 | 000,016,462 | -HS- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011/04/06 19:06:59 | 000,016,462 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011/03/07 23:34:32 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\James\Application Data\PnkBstrK.sys
[2011/03/07 22:00:15 | 000,224,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/06 13:32:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/02/08 23:21:13 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/07/30 15:24:44 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/30 15:24:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/30 15:24:42 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/30 11:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2010/07/29 10:36:50 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/07/27 18:32:37 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANPDApi.dll
[2010/07/27 18:32:37 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANPD64.SYS
[2010/07/27 18:32:37 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANPD.SYS
[2010/07/27 18:31:59 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/07/22 11:56:03 | 000,000,959 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2010/07/22 09:27:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/22 08:14:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/06/10 07:08:51 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/06 10:29:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pzemej.dat
[2010/06/06 10:29:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dwalifasocukex.bin
[2010/06/06 10:28:13 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\James\Application Data\qcopjv.dat
[2010/04/03 22:55:32 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/03/14 13:29:51 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/03/14 13:29:51 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/03/14 13:29:51 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/03/14 13:29:51 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/03/14 13:29:51 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/03/14 13:29:51 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/03/14 13:29:51 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/03/14 13:29:51 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/03/14 13:29:51 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/03/14 13:29:51 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/03/14 13:29:51 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/03/14 13:29:51 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/03/14 13:29:51 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/03/14 13:29:51 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/03/14 13:29:51 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/03/14 13:29:51 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/03/14 13:28:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX410.ini
[2010/02/18 02:07:55 | 000,072,756 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/21 21:06:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/10/24 12:13:06 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\James\Application Data\vso_ts_preview.xml
[2009/10/03 19:33:17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\James\Application Data\pcouffin.cat
[2009/10/03 19:33:17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\James\Application Data\pcouffin.inf
[2009/09/30 18:07:09 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/09/30 18:07:09 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/09/30 18:07:09 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/09/30 18:07:09 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/09/30 18:07:09 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/09/30 18:07:09 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2009/09/12 18:48:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/26 12:22:44 | 000,000,398 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2009/06/13 10:29:20 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/06/13 10:29:20 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/06/12 21:49:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/06/08 05:57:07 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/08 05:57:05 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/06/08 05:57:05 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/08 05:57:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/08 05:57:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/08 05:54:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/08 05:50:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/08 05:45:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/08 05:44:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/06/07 22:40:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/07 22:36:32 | 002,191,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/07 19:48:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/07 18:40:57 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 16:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/07 16:46:00 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/06/07 16:14:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2009/06/07 15:36:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/06/07 03:05:32 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/06/07 03:02:51 | 000,005,152 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/06/07 03:02:50 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/06/07 02:58:53 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2009/06/07 02:58:49 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2009/06/07 02:58:48 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2009/06/07 02:58:48 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2009/06/07 02:58:48 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\WinSys2.exe
[2007/11/28 04:32:00 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2007/11/28 04:26:10 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/08/21 03:03:50 | 000,217,718 | ---- | C] () -- C:\WINDOWS\System32\reboot.exe
[2004/08/03 16:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 05:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,506,562 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,089,738 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 55920 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


OTL Extras logfile created on: 29/04/2011 10:15:53 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\James\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 47.85 Gb Free Space | 24.50% Space Free | Partition Type: NTFS
Drive E: | 270.44 Gb Total Space | 84.86 Gb Free Space | 31.38% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 22.47 Gb Free Space | 9.65% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 965.05 Gb Free Space | 51.80% Space Free | Partition Type: NTFS
Drive M: | 6.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-479C50C504 | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58313:TCP" = 58313:TCP:*:Enabled:Pando Media Booster
"58313:UDP" = 58313:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"58002:TCP" = 58002:TCP:*:Enabled:Pando Media Booster
"58002:UDP" = 58002:UDP:*:Enabled:Pando Media Booster
"56215:TCP" = 56215:TCP:*:Enabled:Pando Media Booster
"56215:UDP" = 56215:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"58313:TCP" = 58313:TCP:*:Enabled:Pando Media Booster
"58313:UDP" = 58313:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"58002:TCP" = 58002:TCP:*:Enabled:Pando Media Booster
"58002:UDP" = 58002:UDP:*:Enabled:Pando Media Booster
"3742:TCP" = 3742:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"56215:TCP" = 56215:TCP:*:Enabled:Pando Media Booster
"56215:UDP" = 56215:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"E:\GAMES\steamapps\dmaged\source sdk base\hl2.exe" = E:\GAMES\steamapps\dmaged\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"E:\GAMES\Steam.exe" = E:\GAMES\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"E:\GAMES\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = E:\GAMES\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- ()
"E:\GAMES\steamapps\common\r.u.s.e. beta\Ruse.exe" = E:\GAMES\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()
"E:\GAMES\steamapps\common\on the rain-slick precipice of darkness - episode one\RainSlickEp1.exe" = E:\GAMES\steamapps\common\on the rain-slick precipice of darkness - episode one\RainSlickEp1.exe:*:Enabled:Penny Arcade Adventures: On the Rain-Slick Precipice of Darkness, Episode One -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"E:\GAMES\steamapps\common\puzzle quest\Puzzle Quest.exe" = E:\GAMES\steamapps\common\puzzle quest\Puzzle Quest.exe:*:Enabled:Puzzle Quest -- ()
"E:\GAMES\steamapps\common\ultimate doom\ultimate + mouse.bat" = E:\GAMES\steamapps\common\ultimate doom\ultimate + mouse.bat:*:Enabled:The Ultimate DOOM -- ()
"E:\GAMES\steamapps\common\ultimate doom\ultimate.bat" = E:\GAMES\steamapps\common\ultimate doom\ultimate.bat:*:Enabled:The Ultimate DOOM -- ()
"E:\GAMES\steamapps\common\doom 2\doom2 + mouse.bat" = E:\GAMES\steamapps\common\doom 2\doom2 + mouse.bat:*:Enabled:DOOM II: Hell on Earth -- ()
"E:\GAMES\steamapps\common\doom 2\doom2.bat" = E:\GAMES\steamapps\common\doom 2\doom2.bat:*:Enabled:DOOM II: Hell on Earth -- ()
"E:\GAMES\steamapps\common\final doom\plutonia + mouse.bat" = E:\GAMES\steamapps\common\final doom\plutonia + mouse.bat:*:Enabled:Final DOOM -- ()
"E:\GAMES\steamapps\common\final doom\plutonia.bat" = E:\GAMES\steamapps\common\final doom\plutonia.bat:*:Enabled:Final DOOM -- ()
"E:\GAMES\steamapps\common\final doom\tnt + mouse.bat" = E:\GAMES\steamapps\common\final doom\tnt + mouse.bat:*:Enabled:Final DOOM -- ()
"E:\GAMES\steamapps\common\final doom\tnt.bat" = E:\GAMES\steamapps\common\final doom\tnt.bat:*:Enabled:Final DOOM -- ()
"E:\GAMES\steamapps\common\master levels of doom\master.bat" = E:\GAMES\steamapps\common\master levels of doom\master.bat:*:Enabled:Master Levels for DOOM II -- ()
"E:\GAMES\steamapps\common\kane & lynch 2 - dog days\kl2.exe" = E:\GAMES\steamapps\common\kane & lynch 2 - dog days\kl2.exe:*:Enabled:Kane & Lynch 2: Dog Days -- (Io Interactive A/S)
"E:\GAMES\steamapps\common\x-com terror from the deep\runme.exe" = E:\GAMES\steamapps\common\x-com terror from the deep\runme.exe:*:Enabled:X-COM: Terror from the Deep -- ()
"E:\GAMES\steamapps\common\dead space\Dead Space.exe" = E:\GAMES\steamapps\common\dead space\Dead Space.exe:*:Enabled:Dead Space -- ()
"E:\GAMES\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm" = E:\GAMES\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dead Space -- ()
"E:\GAMES\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = E:\GAMES\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants vs. Zombies: Game of the Year -- ()
"E:\GAMES\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = E:\GAMES\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R.: Shadow of Chernobyl -- ()
"E:\GAMES\steamapps\dmaged\team fortress 2\hl2.exe" = E:\GAMES\steamapps\dmaged\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"E:\GAMES\steamapps\common\batman arkham asylum goty\Binaries\BmLauncher.exe" = E:\GAMES\steamapps\common\batman arkham asylum goty\Binaries\BmLauncher.exe:*:Enabled:Batman: Arkham Asylum GOTY Edition -- (Rocksteady Studios Ltd)
"E:\GAMES\steamapps\common\batman arkham asylum goty\Binaries\ShippingPC-BmGame.exe" = E:\GAMES\steamapps\common\batman arkham asylum goty\Binaries\ShippingPC-BmGame.exe:*:Enabled:BmGame -- (Rocksteady Studios Ltd)
"E:\GAMES\steamapps\common\overlord\Overlord.exe" = E:\GAMES\steamapps\common\overlord\Overlord.exe:*:Enabled:Overlord -- (Triumph Studios)
"E:\GAMES\steamapps\common\overlord\Config.exe" = E:\GAMES\steamapps\common\overlord\Config.exe:*:Enabled:Overlord -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"E:\GAMES\steamapps\common\left 4 dead 2\left4dead2.exe" = E:\GAMES\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{14F84065-1316-42C6-B619-1FE1880050E0}" = Xirrus Wi-Fi Inspector
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{4290EA5A-633E-4C6D-B9E3-5FEAEC615CC9}" = Anachronox
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{593D4F8A-5F11-4901-A74A-6E7971E45790}" = Diskeeper 2009 Pro Premier
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{663EB4B1-1C35-475C-853A-A810C3EAB170}" = Adobe Illustrator CS3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{76756402-BF1E-4A0F-AFCC-0EE6CF58F58C}" = ESET NOD32 Antivirus
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193j
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_944" = Adobe Acrobat 9.4.4 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.03.00.8048
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.60 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop" = Adobe Photoshop XCV edition
"Artisteer 2" = Artisteer 2
"Ask Toolbar_is1" = Vuze Toolbar
"AviSynth" = AviSynth 2.5
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 6_is1" = DVDFab 6.0.7.0 (18/09/2009)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EncSpot Basic_is1" = EncSpot Basic 2.0
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Fallout New Vegas_is1" = Fallout New Vegas
"HaaliMkx" = Haali Media Splitter
"HitmanPro35" = Hitman Pro 3.5
"ImgBurn" = ImgBurn
"ImTOO AVI to DVD Converter 6" = ImTOO AVI to DVD Converter 6
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.3.0
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Micro 8.3.6.0
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"ScummVM_is1" = ScummVM 0.7.1
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Steam App 11450" = Overlord
"Steam App 12500" = Puzzle Quest
"Steam App 17470" = Dead Space
"Steam App 18000" = Penny Arcade Adventures: On the Rain-Slick Precipice of Darkness, Episode One
"Steam App 215" = Source SDK Base
"Steam App 2280" = The Ultimate DOOM
"Steam App 2290" = Final DOOM
"Steam App 2300" = DOOM II: Hell on Earth
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 40930" = The Misadventures of P.B. Winterbottom
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 55040" = Atom Zombie Smasher
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 9160" = Master Levels for DOOM II
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"Vuze" = Vuze
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/04/2011 8:31:36 PM | Computer Name = USER-479C50C504 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module flash10p.ocx, version 10.2.159.1, fault address 0x00329143.

Error - 26/04/2011 8:32:40 PM | Computer Name = USER-479C50C504 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module flash10p.ocx, version 10.2.159.1, fault address 0x00329143.

Error - 26/04/2011 8:32:42 PM | Computer Name = USER-479C50C504 | Source = Application Error | ID = 1001
Description = Fault bucket -1894085180.

Error - 27/04/2011 7:55:06 PM | Computer Name = USER-479C50C504 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module flash10p.ocx, version 10.2.159.1, fault address 0x00329143.

Error - 27/04/2011 8:08:39 PM | Computer Name = USER-479C50C504 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module flash10p.ocx, version 10.2.159.1, fault address 0x00329143.

Error - 28/04/2011 11:07:30 AM | Computer Name = USER-479C50C504 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 28/04/2011 11:07:31 AM | Computer Name = USER-479C50C504 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 28/04/2011 9:52:40 PM | Computer Name = USER-479C50C504 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 28/04/2011 9:52:43 PM | Computer Name = USER-479C50C504 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 29/04/2011 6:26:23 AM | Computer Name = USER-479C50C504 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 28/04/2011 9:58:59 PM | Computer Name = USER-479C50C504 | Source = Service Control Manager | ID = 7000
Description = The PnkBstrB service failed to start due to the following error: %%2

Error - 28/04/2011 10:05:29 PM | Computer Name = USER-479C50C504 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 28/04/2011 10:09:36 PM | Computer Name = USER-479C50C504 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 28/04/2011 10:10:52 PM | Computer Name = USER-479C50C504 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 28/04/2011 10:15:18 PM | Computer Name = USER-479C50C504 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 28/04/2011 10:15:18 PM | Computer Name = USER-479C50C504 | Source = Service Control Manager | ID = 7000
Description = The PnkBstrA service failed to start due to the following error: %%2

Error - 28/04/2011 10:15:18 PM | Computer Name = USER-479C50C504 | Source = Service Control Manager | ID = 7000
Description = The PnkBstrB service failed to start due to the following error: %%2

Error - 29/04/2011 6:26:21 AM | Computer Name = USER-479C50C504 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 29/04/2011 6:26:21 AM | Computer Name = USER-479C50C504 | Source = Service Control Manager | ID = 7000
Description = The PnkBstrA service failed to start due to the following error: %%2

Error - 29/04/2011 6:26:21 AM | Computer Name = USER-479C50C504 | Source = Service Control Manager | ID = 7000
Description = The PnkBstrB service failed to start due to the following error: %%2


< End of report >

#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:24 PM

Posted 01 May 2011 - 09:18 AM

Hi-

Things are looking good, but there is more to do.

Your logs show that you are using peer-to-peer (P2P) or file-sharing programs like uTorrent.

These programs allow one to share files between users as the name(s) suggest. In today's world, the cyber crime has grown to an enormous business and any means is used to infect personal computers and to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject - Risks of File-Sharing Technology

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.
Next, we need to run an OTL Fix.
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
:OTL
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (PnkBstrB)
SRV - File not found [Auto | Stopped] -- -- (PnkBstrA)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - File not found
[2010/05/14 17:41:32 | 000,000,000 | ---D | M] (Java Console) --  C:\Program Files\Mozilla  Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
 [2010/09/23 18:51:59 | 000,000,000 | ---D | M] (Java Console) --  C:\Program Files\Mozilla  Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 [2011/04/25 14:15:00 | 000,000,000 | ---D | M] (Java Console) --  C:\Program Files\Mozilla  Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
:commands
[emptytemp]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.

In your reply, please copy in the OTL Fix report. The computer still doing good?
Shannon

#12 aidswolf

aidswolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:11:24 AM

Posted 01 May 2011 - 11:07 AM

Hello again,

Thank you for the warning about p2p, I am aware of th risks inherent with using such programs and it is possible that I was infected through said means but I try to limit where I use it. I stay away from public trackers and use only private, granted this doesn't mean I still won't be infected. However, I'm pretty sure I know how I got this one on my computer. After all of this I will still consider removing it for a spell, I didn't much like this infection and am not eager to revisit it. I am still scared to use my online banking on this computer.

Here is the log.

All processes killed
========== OTL ==========
Service RoxLiveShare9 stopped successfully!
Service RoxLiveShare9 deleted successfully!
Service PnkBstrB stopped successfully!
Service PnkBstrB deleted successfully!
Service PnkBstrA stopped successfully!
Service PnkBstrA deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}\ deleted successfully.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41044 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: James
->Temp folder emptied: 5084104 bytes
->Temporary Internet Files folder emptied: 5161118 bytes
->Java cache emptied: 7245 bytes
->FireFox cache emptied: 54276480 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1909501 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 3490649 bytes
->Flash cache emptied: 2599 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 2400 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34794315 bytes
->Google Chrome cache emptied: 6750066 bytes
->Flash cache emptied: 42091 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3015205 bytes
%systemroot%\System32 .tmp files removed: 3829265 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 668731330 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 18383574 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 15173048 bytes

Total Files Cleaned = 783.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05012011_085113

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#13 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:24 PM

Posted 01 May 2011 - 04:04 PM

Hi-

It is time to clear off the tools that we used and for me to leave you with some words of advice.

First, to re-enable your Emulation drivers, double click Defogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • Defogger will now ask to reboot the machine - click OK

Next, we will uninstall ComboFix
  • Click on the Start button in your system tray
  • click on Run
  • key in the following in bold type:
    • combofix /Uninstall
  • click on Ok

Then, we should remove the tools we used and we will do that with OTL-
  • Double click on the Posted Image icon on your desktop.
  • Click the "CleanUp" button.
  • Restart your computer when prompted.

Please take the time to read below to secure your machine and take the necessary steps to keep it clean.

One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are going to sites that you are not practicing Safe Internet, you are not running the proper security software, and that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.

Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a pop up appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop ups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a pop up that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period. another recommended, and free, AntiSpyware program is Malwarebytes' Anti-Malware (MBAM).

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update your Java runtimes regularly

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Download the latest version here - http://java.sun.com/javase/downloads/index.jsp. You want to select the JRE version.
Follow this list and your potential for being infected again will reduce dramatically.

Good Luck!!

Shannon

#14 aidswolf

aidswolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:11:24 AM

Posted 01 May 2011 - 06:40 PM

Amazing, you made that so quick and painless with your easy to follow instructions. I can't thank you enough!
You would still say that this computer is unsafe for banking and personal information like that until a clean format/re-intall would take place?

Thank you for all the extra information too, I have read most of it over and will continue to finish it (As well I will read a bunch of tutorials and tips on computer care/maintenance). This is a fantastic comunity and I'm glad to have found it, in the future I will certainly direct anyone I know with computer issues to this website.


Once again, thank you so much for your assistance.

James.

#15 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:24 PM

Posted 01 May 2011 - 08:41 PM

There is no way of telling if your computer is safe or not for banking - sorry.

You are welcome and Good Luck!!
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users