Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting on Firefox and another browser


  • This topic is locked This topic is locked
28 replies to this topic

#1 creatures

creatures

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:14 AM

Posted 18 May 2011 - 10:14 AM

As well as Firefox I have the same trouble with Slim Browser. I tried a few Spyware/Malware scan programs and others

ccleaner
superantispyware
spybot
glary utilities
free windows registry repair
malwarebytes
adaware
atf cleaner
hijackthis
Tdsskiller
Spywaredoctor(free)

I started getting pop ups and now in google it redirects me elsewhere. Sometimes I just need to hover and it opens. I have a Hijackthis report attached.
Be glad to get help on this. Especially since I don't have a recovery partition/reinstall cd.

Yours,
Bobby (UK)
---------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 15:21:49.69 on 18/05/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.990.230 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Trend Micro Client-Server Security Agent Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\ZL932B.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Administrator.539-36\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uSearch Page = hxxp://www.bing.com/?pc=AVBR
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.crustlane.co.uk/intranet/login.php
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Airy Secrets boot launcher] c:\program files\airy secrets\as.exe BOOT
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dPolicies-explorer: StartMenuLogOff = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1.539\applic~1\mozilla\firefox\profiles\nl6kan84.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login|https://www.google.com/accounts/ServiceLogin?service=adsense&rm=hide&fpui=3&nui=15&alwf=true&ltmpl=adsense&passive=true&continue=https%3A%2F%2Fwww.google.com%2Fadsense%2Fgaiaauth2&followup=https%3A%2F%2Fwww.google.com%2Fadsense%2Fgaiaauth2&hl=en_US|https://www.google.com/accounts/ServiceLogin?service=adwords&hl=en_US&ltmpl=regionalc&passive=true&ifr=false&alwf=true&continue=https://adwords.google.com/um/gaiaauth?apt%3DNone
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-15 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-15 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-15 656320]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-31 27784]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-5-15 247760]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 OfcPfwSvc;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\OfcPfwSvc.exe [2005-11-2 278608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2006-9-6 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2006-9-6 36368]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-1 218688]
S0 vcqlwac;vcqlwac;c:\windows\system32\drivers\odrjx.sys --> c:\windows\system32\drivers\odrjx.sys [?]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-9 335240]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-9 297752]
S2 Backup_Info;Backup_Info;c:\program files\common files\microsoft shared\msinfo\msbackup.exe [2011-1-1 3348685]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S2 r_server;Remote Administrator Service; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-10 14424]
S3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [2009-12-4 103680]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-5-15 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-5-15 1150936]
.
=============== Created Last 30 ================
.
2011-05-18 10:04:00 -------- d-----w- c:\docume~1\admini~1.539\applic~1\Foxit Software
2011-05-18 10:02:11 -------- d-----w- c:\program files\Ask.com
2011-05-18 10:01:21 -------- d-----w- c:\program files\Foxit Software
2011-05-17 13:45:27 -------- d-----w- c:\docume~1\admini~1.539\applic~1\SlimBrowser
2011-05-17 13:44:54 -------- d-----w- c:\program files\SlimBrowser
2011-05-17 13:29:22 -------- d-----w- c:\docume~1\admini~1.539\applic~1\Enigma Browser
2011-05-17 13:27:39 -------- d-----w- c:\program files\Enigma Browser
2011-05-16 18:30:39 388096 ----a-r- c:\docume~1\admini~1.539\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-15 12:04:09 -------- d-----w- c:\docume~1\admini~1.539\locals~1\applic~1\Threat Expert
2011-05-15 10:39:09 767952 ----a-w- c:\windows\BDTSupport.dll
2011-05-15 10:39:07 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-05-15 10:39:06 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-05-15 10:39:06 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-05-15 10:37:35 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-05-15 10:37:35 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-05-15 10:37:29 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-15 10:37:21 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-15 10:37:20 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-15 10:37:04 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-15 10:36:52 -------- d-----w- c:\program files\common files\PC Tools
2011-05-15 10:36:51 -------- d-----w- c:\program files\PC Tools Security
2011-05-15 10:36:51 -------- d-----w- c:\docume~1\admini~1.539\applic~1\PC Tools
2011-05-15 10:35:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-05-11 19:03:04 -------- d-----w- c:\program files\Airy Secrets
2011-05-11 09:22:11 -------- d-----w- c:\program files\Lavasoft
2011-05-10 11:33:32 -------- d-----w- c:\docume~1\admini~1.539\locals~1\applic~1\Secunia PSI
2011-05-10 11:31:17 -------- d-----w- c:\program files\Secunia
2011-05-10 06:38:32 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-10 06:38:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-08 09:45:51 0 ----a-w- c:\windows\system32\tmp.tmp
2011-05-03 19:49:53 -------- d-----w- C:\Manual-PCProgram
2011-05-01 11:35:52 -------- d-----w- c:\docume~1\admini~1.539\applic~1\Panda Security
2011-05-01 11:33:38 -------- d-----w- c:\program files\Panda Security
2011-05-01 11:33:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2011-05-01 11:23:57 -------- d--h--w- C:\$AVG
2011-05-01 11:19:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-05-01 10:34:24 -------- d-----w- c:\program files\CCleaner
2011-04-30 21:32:07 -------- d-----w- c:\windows\system32\drivers\Avg
2011-04-30 18:12:16 -------- d-----w- c:\docume~1\admini~1.539\applic~1\BitDefender
2011-04-30 18:11:22 -------- d-----w- c:\program files\BitDefender
2011-04-30 17:44:58 -------- d-----w- c:\program files\common files\BitDefender
2011-04-30 17:44:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2011-04-30 17:43:30 542031 ----a-w- c:\docume~1\alluse~1\applic~1\bdinstall.bin
2011-04-30 16:39:37 -------- d-----w- c:\program files\iPod
2011-04-30 16:39:25 -------- d-----w- c:\program files\iTunes
2011-04-30 16:39:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-30 16:38:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-04-30 16:38:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-04-30 16:38:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-04-30 16:38:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-04-30 16:38:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-04-30 13:33:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-30 13:33:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-30 12:37:07 552136 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2011-04-30 12:37:03 23000 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-04-30 12:37:03 138712 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-04-30 12:37:02 64984 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2011-04-30 12:37:00 458200 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2011-04-30 12:37:00 243160 ----a-w- c:\program files\mozilla firefox\updater.exe
2011-04-30 12:37:00 17880 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2011-04-30 12:37:00 155648 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2011-04-30 12:37:00 140760 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2011-04-30 12:37:00 11676632 ----a-w- c:\program files\mozilla firefox\xul.dll
2011-04-30 08:59:50 -------- d-----w- c:\program files\Free Window Registry Repair
2011-04-30 08:52:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-29 20:58:28 -------- d-----w- c:\docume~1\admini~1.539\applic~1\SUPERAntiSpyware.com
2011-04-29 20:58:11 -------- d-----w- c:\program files\SUPERAntiSpyware
.
==================== Find3M ====================
.
2011-03-01 20:06:34 30 ----a-w- c:\windows\s.dll
2009-10-27 19:34:26 3348613 --sha-w- c:\program files\_msbackup.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD080HJ/P rev.ZH100-34 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x86CDE730]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86ce4a10]; MOV EAX, [0x86ce4a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86D6EAB8]
3 CLASSPNP[0xF75B4FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86D24920]
5 PCTCore[0xF7379099] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86D30D98]
\Driver\atapi[0x86D6B270] -> IRP_MJ_CREATE -> 0x86CDE730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86CDE57B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:35:11.02 ===============

---------------------------------------------------------------------------------

Attached Files


The 'Ambassadors of Surrogacy'
http://www.oneinsix.com or 1-in-6.com
Posted Image

BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 18 May 2011 - 10:50 AM

:welcome: to BC!

Your computer has caught a rootkit. We'll begin with this.


Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.

-----

Something I should point out, regarding CCleaner, Glary Utilities, Free Window Registry Repair, TuneUp Utilities and similar products

It's not recommended to use of registry cleaners. These often cause more problems than they fix. One of my colleagues, miekiemoes has an excellent writeup here
Another excellent article by Bill Castner is located here.


-----

Step 1.
Uninstall Programs:

Please go to Start > Control Panel > Add/Remove Programs and remove the following:

Ask Toolbar
µTorrent
CCleaner
Free Window Registry Repair
Glary Utilities 2.15.0.738

StreamTorrent 1.0



Optional removals
µTorrent, StreamTorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
CCleaner, Free Window Registry Repair, Glary Utilities 2.15.0.738 <<<--- Registry cleaners
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
RootKit Unhooker:

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Step 3.
aswMBR:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply


Step 4.
Things I would like to see in your reply:

  • The content of the log from when you ran TDSSKiller (the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". )
  • Which programs were uninstalled in step 1.
  • The content of the log from RKU in step 2.
  • The content of the log from aswMBR in step 3.

Edited by heir, 18 May 2011 - 10:51 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 creatures

creatures
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:14 AM

Posted 18 May 2011 - 11:30 AM

TDSSkiller

2011/05/01 09:02:49.0796 1172 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/01 09:02:50.0046 1172 ================================================================================
2011/05/01 09:02:50.0046 1172 SystemInfo:
2011/05/01 09:02:50.0046 1172
2011/05/01 09:02:50.0046 1172 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/01 09:02:50.0046 1172 Product type: Workstation
2011/05/01 09:02:50.0046 1172 ComputerName: BOBBY
2011/05/01 09:02:50.0046 1172 UserName: Administrator
2011/05/01 09:02:50.0046 1172 Windows directory: C:\WINDOWS
2011/05/01 09:02:50.0046 1172 System windows directory: C:\WINDOWS
2011/05/01 09:02:50.0046 1172 Processor architecture: Intel x86
2011/05/01 09:02:50.0046 1172 Number of processors: 2
2011/05/01 09:02:50.0046 1172 Page size: 0x1000
2011/05/01 09:02:50.0046 1172 Boot type: Normal boot
2011/05/01 09:02:50.0046 1172 ================================================================================
2011/05/01 09:02:50.0578 1172 !crdlk

-------------------------------------------------------------------------

Uninstalled these:

CCleaner
Free Window Registry Repair
Glary Utilities 2.15.0.738
StreamTorrent 1.0

----------------------------------------------------------------------

RKU


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBFAA0000 C:\WINDOWS\System32\ati3duag.dll 2756608 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB0992000 C:\Program Files\Trend Micro\Client Server Security Agent\tm_cfw.sys 1822720 bytes (Trend Micro Inc., Trend Micro Common Firewall Module 1.2)
0xBFD41000 C:\WINDOWS\System32\ativvaxx.dll 1753088 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF66AC000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1642496 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xB0E67000 C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys 1318912 bytes (Trend Micro Inc., VsapiNT )
0xF726C000 pctEFA.sys 675840 bytes (PC Tools, PC Tools Extended File Attributes)
0xF71B5000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xED97E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF1B0D000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xF6547000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEDB6A000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF7311000 pctDS.sys 356352 bytes (PC Tools, PC Tools Data Store)
0xB0C60000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xB0CDA000 C:\WINDOWS\system32\drivers\hardlock.sys 323584 bytes
0xB0E1E000 C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys 299008 bytes (Trend Micro Inc., Post Filter For XP)
0xBFA18000 C:\WINDOWS\System32\ati2cqag.dll 286720 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF9D5000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFA5E000 C:\WINDOWS\System32\atikvmag.dll 270336 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB06A9000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF1B91000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 249856 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xF7368000 PCTCore.sys 249856 bytes (PC Tools, PC Tools KDS Core Driver)
0xF650C000 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0xF65BD000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7425000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB0D79000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7188000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAF901000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEDA85000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6629000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xEDB1A000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF73CF000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xEDAF4000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF1B6D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6674000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6651000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEDAD2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEDAB0000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xB0FF4000 C:\WINDOWS\system32\DRIVERS\PSINAflt.sys 135168 bytes (Panda Security, S.L., PSINAflt Filter Driver for XP32)
0xB0B77000 C:\WINDOWS\system32\drivers\tmcomm.sys 135168 bytes (Trend Micro Inc., TrendMicro Common Module)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7453000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF73F5000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEDA66000 C:\WINDOWS\system32\DRIVERS\psinknc.sys 126976 bytes (Panda Security, S.L., PSINKNC Kernel Controller for XP32)
0xF716E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB0FA9000 C:\WINDOWS\system32\DRIVERS\PSINProc.sys 106496 bytes (Panda Security, S.L., PSINProc Filter Driver for XP32)
0xB0FDA000 C:\WINDOWS\system32\DRIVERS\PSINProt.sys 106496 bytes (Panda Security, S.L., PSINProt for XP32)
0xAF92C000 C:\DOCUME~1\ADMINI~1.539\LOCALS~1\Temp\fxtdqpog.sys 102400 bytes
0xF73B7000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB3115000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF65A5000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7255000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF65FE000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB0FC3000 C:\WINDOWS\system32\DRIVERS\PSINFile.sys 94208 bytes (Panda Security, S.L., PSINFile Filter Driver for XP32)
0xB03C4000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6615000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6698000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEDBC3000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7242000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF73A5000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7414000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF65ED000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF76C4000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xB3884000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7694000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76B4000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7774000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76A4000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB08E2000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6B42000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75B4000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76D4000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7604000 C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)
0xF7594000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF1E61000 C:\WINDOWS\system32\drivers\Haspnt.sys 49152 bytes (Aladdin Knowledge Systems, HASP Kernel Device Driver for Windows NT)
0xF76F4000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xEF188000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7584000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76E4000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6B82000 C:\WINDOWS\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0xF7574000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6B72000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF6B92000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75A4000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xED8FE000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7684000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF6BA2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEF1A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB05D1000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xEEE8C000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xEF279000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF796C000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7974000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xEF291000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xEDC1E000 C:\DOCUME~1\ADMINI~1.539\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF77F4000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEED10000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF783C000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7844000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xEF271000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xEF289000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xEED18000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xEF2A1000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xEF281000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77FC000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF780C000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7834000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF797C000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7964000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB364D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xED9FA000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7125000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB9E48000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A68000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7988000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB3587000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEDA02000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x86D51000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xED9F6000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A6C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6855000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF1914000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7AAA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A76000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB45EC000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AB0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AAC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A88000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7AAE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AEE000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7AF0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AF8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A74000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CB2000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BC5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEEB7D000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B3C000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x86CDE57B ?_empty_? 2693 bytes
==============================================
>Stealth
==============================================
0xF73B7000 WARNING: suspicious driver modification [atapi.sys::0x86CDE57B]
0x06220000 Hidden Image-->S2PCISE.exe [ EPROCESS 0x854D9920 ] PID: 152, 36864 bytes
0x06280000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x854D9920 ] PID: 152, 708608 bytes

-------------------------------------------------------------------------------

aswMBR

Link does not load. Tried Googling for it and none of the links work.

------------------------------------------------

I also tried 'rkill'
My PC came already installed with expired Trend Micro. It sits on tray and I never use it to scan or anything. Can't uninstall it as it asks for password. AVG was my virus program. I'm using Panda now because AVG failed to uninstall or reinstall. May still have remnants of AVG8 but it's not in the start up.
The 'Ambassadors of Surrogacy'
http://www.oneinsix.com or 1-in-6.com
Posted Image

#4 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 18 May 2011 - 11:55 AM

First a Question.
Is this a work computer?


To uninstall AVG products, that won't uninstall properly from add/remove programs, you can use AVG Remover or if that fails AppRemover (Which is useful for other security softwares as well that won't uninstall properly)


Trend Micro. It sits on tray and I never use it to scan or anything. Can't uninstall it as it asks for password

Is it Trend Micro Client/Server Security Agent you would like to uninstall?


Let's run an alternative to aswMBR as it seems like the tool is temporarily unavailable.


Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#5 creatures

creatures
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:14 AM

Posted 18 May 2011 - 12:11 PM

It used to be a work computer but now sits at home for personal use. Trend Micro Client/Server Security Agent can be done away with. The tool tip said it was recently updated which might explain the drag. I don't need it but happy if nothing can be done about it just now. The Malware is the main concern.

MBRCheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000005d

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0x86D51000 \WINDOWS\system32\KDCOM.DLL
0xF7988000 \WINDOWS\system32\BOOTVID.dll
0xF7453000 fltmgr.sys
0xF7425000 ACPI.sys
0xF7A74000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7414000 pci.sys
0xF7574000 isapnp.sys
0xF7B3C000 pciide.sys
0xF77F4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7584000 MountMgr.sys
0xF73F5000 ftdisk.sys
0xF7A76000 dmload.sys
0xF73CF000 dmio.sys
0xF77FC000 PartMgr.sys
0xF7594000 VolSnap.sys
0xF73B7000 atapi.sys
0xF75A4000 disk.sys
0xF75B4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73A5000 sr.sys
0xF7368000 PCTCore.sys
0xF7311000 pctDS.sys
0xF726C000 pctEFA.sys
0xF7255000 KSecDD.sys
0xF7242000 WudfPf.sys
0xF71B5000 Ntfs.sys
0xF7188000 NDIS.sys
0xF716E000 Mup.sys
0xF7684000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF66AC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6698000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7964000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6674000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF796C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7694000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76A4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6651000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6629000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7974000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6615000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76B4000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A68000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF76C4000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7AEE000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7CB2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A6C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF65FE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF797C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF65ED000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6BA2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF780C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7834000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF65BD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6B92000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF783C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7844000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6B82000 \SystemRoot\system32\DRIVERS\VClone.sys
0xF65A5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF7AF0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6547000 \SystemRoot\system32\DRIVERS\update.sys
0xF7125000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF650C000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0xF6B72000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6B42000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AF8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF1B91000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xF1B6D000 \SystemRoot\system32\drivers\portcls.sys
0xF7774000 \SystemRoot\system32\drivers\drmk.sys
0xF1B0D000 \SystemRoot\system32\drivers\Senfilt.sys
0xEF2A1000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AB0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEEB7D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AAA000 \SystemRoot\System32\Drivers\Beep.SYS
0xEF291000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEF289000 \SystemRoot\System32\drivers\vga.sys
0xF7AAC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AAE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEF281000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEF279000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6855000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDBC3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDB6A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDB1A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDAF4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF1914000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEDAD2000 \SystemRoot\System32\drivers\afd.sys
0xEF1A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDAB0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xEF271000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEDA85000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDA66000 \SystemRoot\system32\DRIVERS\psinknc.sys
0xED97E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEF188000 \SystemRoot\System32\Drivers\Fips.SYS
0xEEE8C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEED18000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xEED10000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xEDA02000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xED8FE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xED9FA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xED9F6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB3884000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB3115000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB45EC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3587000 \SystemRoot\System32\drivers\Dxapi.sys
0xB364D000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xF7BC5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\ati2dvag.dll
0xBFA18000 \SystemRoot\System32\ati2cqag.dll
0xBFA5E000 \SystemRoot\System32\atikvmag.dll
0xBFAA0000 \SystemRoot\System32\ati3duag.dll
0xBFD41000 \SystemRoot\System32\ativvaxx.dll
0xB0FF4000 \SystemRoot\system32\DRIVERS\PSINAflt.sys
0xB0FDA000 \SystemRoot\system32\DRIVERS\PSINProt.sys
0xB0FC3000 \SystemRoot\system32\DRIVERS\PSINFile.sys
0xB0FA9000 \SystemRoot\system32\DRIVERS\PSINProc.sys
0xF7604000 \??\C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
0xB0E67000 \??\C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
0xB0E1E000 \??\C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
0xB9E48000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB0D79000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF1E61000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys
0xF7A88000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB0CDA000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB0C60000 \SystemRoot\system32\DRIVERS\srv.sys
0xB0B77000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xB0992000 \??\C:\Program Files\Trend Micro\Client Server Security Agent\tm_cfw.sys
0xB06A9000 \SystemRoot\System32\Drivers\HTTP.sys
0xB03C4000 \SystemRoot\system32\drivers\wdmaud.sys
0xB08E2000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDC1E000 \??\C:\DOCUME~1\ADMINI~1.539\LOCALS~1\Temp\mbr.sys
0xAF92C000 \??\C:\DOCUME~1\ADMINI~1.539\LOCALS~1\Temp\fxtdqpog.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
812 C:\WINDOWS\system32\smss.exe
860 csrss.exe
888 C:\WINDOWS\system32\winlogon.exe
932 C:\WINDOWS\system32\services.exe
944 C:\WINDOWS\system32\lsass.exe
1156 C:\WINDOWS\system32\ati2evxx.exe
1172 C:\WINDOWS\system32\svchost.exe
1260 svchost.exe
1380 C:\WINDOWS\system32\svchost.exe
1488 C:\WINDOWS\system32\svchost.exe
1644 svchost.exe
1712 svchost.exe
1816 C:\WINDOWS\system32\spoolsv.exe
1952 svchost.exe
2020 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
296 C:\Program Files\Java\jre6\bin\jqs.exe
612 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
708 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
804 C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
1504 C:\WINDOWS\system32\svchost.exe
1660 C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
1848 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
1904 C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
2704 C:\WINDOWS\Temp\ZL932B.EXE
3312 alg.exe
4084 C:\WINDOWS\system32\svchost.exe
3968 C:\WINDOWS\system32\wscntfy.exe
152 C:\WINDOWS\explorer.exe
2748 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2820 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
2828 C:\Program Files\PC Tools Security\BDT\FGuard.exe
2560 C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
260 C:\WINDOWS\system32\ctfmon.exe
2876 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2144 C:\Program Files\Mozilla Firefox\firefox.exe
2072 C:\Documents and Settings\Administrator.539-36\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD080HJ/P, Rev: ZH100-34

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
The 'Ambassadors of Surrogacy'
http://www.oneinsix.com or 1-in-6.com
Posted Image

#6 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 18 May 2011 - 12:36 PM

Trend Micro Client/Server Security Agent can be done away with. The tool tip said it was recently updated which might explain the drag. I don't need it but happy if nothing can be done about it just now.

We'll try remove it when done with the malware then. Please remind me in case I forget.

As it looks as the server hosting aswMBR is down for the moment, we'll use another tool to begin with.



Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Edited by heir, 18 May 2011 - 12:36 PM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#7 creatures

creatures
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:14 AM

Posted 19 May 2011 - 01:40 AM

I had to use AppRemover to rid of the AVG.

Did the Combofix. Never got to backup registry window as it said HIV-backup could not be deleted.

The rest as normal (7 hours later) Until it looked for a log file and I said create a new text file which it opened notepad. Several hours later the notepad was still empty so nothing to paste here.

Trend Micro started scanning and it removed 4 grayware cookies!

Combofix found 0filsys.bin

It still rediverts. Also noticed it never opens my homepage when restarting until I refresh it.
Automatic updates is now showing 'on' in security centre whereas before it showed 'off' but in Systems it was activated.
The 'Ambassadors of Surrogacy'
http://www.oneinsix.com or 1-in-6.com
Posted Image

#8 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 19 May 2011 - 02:26 AM

Have a look and see if this file was created and post it's content.

C:\ComboFix.txt


Step 1.
aswMBR:

The link to aswMBR is functional again so please do this:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Step 2.
DDS:

Please rerun DDS and post its logs in your reply.

Step 3.
Bootcheck:

Please download BootCheck.exe to your desktop.
  • Double click BootCheck.exe to run the check
  • When complete, a Notepad window will open with some text in it
  • Save the Notepad file to your desktop as BootCheck.txt
  • Copy the contents of BootCheck.txt and post it in your next reply

Step 4.
Things I would like to see in your reply:

  • The content of C:\ComboFix.txt
  • The content of the log from aswMBR in step 1
  • The content of the logs from DDS in step 2.
  • The content of Bootcheck.txt from step 3.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#9 creatures

creatures
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:14 AM

Posted 19 May 2011 - 02:56 AM

ComboFix

ComboFix 11-05-17.03 - Administrator 18/05/2011 19:52:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.990.516 [GMT 1:00]
Running from: c:\documents and settings\Administrator.539-36\My Documents\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Trend Micro Client-Server Security Agent Firewall *Disabled* {28C03845-0BBF-40E6-9DF0-19BD3C60F2BE}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0filsys.bin
c:\0filsys.bin\0filsys.bin.exe
c:\0filsys.bin\config.bin
c:\documents and settings\Administrator.539-36\WINDOWS
c:\windows\s.dll
c:\windows\u.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BACKUP_INFO
-------\Service_Backup_Info
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-18 10:04 . 2011-05-18 10:04 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Foxit Software
2011-05-18 10:02 . 2011-05-18 10:02 -------- d-----w- c:\program files\Ask.com
2011-05-18 10:01 . 2011-05-18 10:01 -------- d-----w- c:\program files\Foxit Software
2011-05-17 13:45 . 2011-05-18 09:58 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\SlimBrowser
2011-05-17 13:44 . 2011-05-17 13:45 -------- d-----w- c:\program files\SlimBrowser
2011-05-17 13:29 . 2011-05-17 13:36 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Enigma Browser
2011-05-17 13:27 . 2011-05-17 13:37 -------- d-----w- c:\program files\Enigma Browser
2011-05-16 18:30 . 2011-05-16 18:30 388096 ----a-r- c:\documents and settings\Administrator.539-36\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-15 12:04 . 2011-05-15 12:04 -------- d-----w- c:\documents and settings\Administrator.539-36\Local Settings\Application Data\Threat Expert
2011-05-15 10:39 . 2011-01-07 13:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-05-15 10:39 . 2011-01-07 13:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-05-15 10:39 . 2011-01-07 13:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-05-15 10:39 . 2011-01-07 13:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-05-15 10:37 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-05-15 10:37 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-05-15 10:37 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-15 10:37 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-15 10:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-15 10:37 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-15 10:36 . 2011-05-16 08:21 -------- d-----w- c:\program files\Common Files\PC Tools
2011-05-15 10:36 . 2011-05-17 09:12 -------- d-----w- c:\program files\PC Tools Security
2011-05-15 10:36 . 2011-05-15 10:36 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\PC Tools
2011-05-15 10:35 . 2011-05-15 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-05-11 19:03 . 2011-05-18 14:16 -------- d-----w- c:\program files\Airy Secrets
2011-05-11 09:22 . 2011-05-12 09:16 -------- d-----w- c:\program files\Lavasoft
2011-05-11 09:22 . 2011-05-12 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-10 11:33 . 2011-05-10 11:33 -------- d-----w- c:\documents and settings\Administrator.539-36\Local Settings\Application Data\Secunia PSI
2011-05-10 11:31 . 2011-05-10 11:31 -------- d-----w- c:\program files\Secunia
2011-05-10 06:38 . 2011-05-10 06:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-08 09:45 . 2011-05-10 06:26 0 ----a-w- c:\windows\system32\tmp.tmp
2011-05-03 19:49 . 2011-05-03 19:50 -------- d-----w- C:\Manual-PCProgram
2011-05-01 14:37 . 2011-05-01 14:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-01 11:35 . 2011-05-01 11:35 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Panda Security
2011-05-01 11:33 . 2011-05-01 11:33 -------- d-----w- c:\program files\Panda Security
2011-05-01 11:33 . 2011-05-01 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-05-01 11:23 . 2011-05-01 11:23 -------- d-----w- C:\$AVG
2011-05-01 11:19 . 2011-05-01 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-30 18:12 . 2011-04-30 18:12 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\BitDefender
2011-04-30 18:11 . 2011-04-30 18:11 -------- d-----w- c:\program files\BitDefender
2011-04-30 17:44 . 2011-04-30 21:31 -------- d-----w- c:\program files\Common Files\BitDefender
2011-04-30 17:44 . 2011-04-30 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2011-04-30 17:43 . 2011-04-30 20:20 542031 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin
2011-04-30 16:39 . 2011-04-30 21:32 -------- d-----w- c:\program files\iPod
2011-04-30 16:39 . 2011-04-30 21:32 -------- d-----w- c:\program files\iTunes
2011-04-30 16:39 . 2011-04-30 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-04-30 13:33 . 2011-05-06 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-30 13:33 . 2011-04-30 13:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-30 12:37 . 2010-04-01 17:58 552136 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-04-30 12:37 . 2010-04-01 17:58 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-04-30 12:37 . 2010-04-01 17:58 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-04-30 12:37 . 2010-04-01 17:58 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-04-30 12:37 . 2010-04-01 17:58 11676632 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2011-04-30 12:37 . 2010-04-01 17:58 17880 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2011-04-30 12:37 . 2010-04-01 17:58 243160 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2011-04-30 12:37 . 2010-04-01 17:58 140760 ----a-w- c:\program files\Mozilla Firefox\ssl3.dll
2011-04-30 12:37 . 2010-04-01 17:58 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-04-30 12:37 . 2010-04-01 15:56 155648 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll
2011-04-30 08:59 . 2011-05-18 16:01 -------- d-----w- c:\program files\Free Window Registry Repair
2011-04-30 08:52 . 2011-04-30 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-29 20:58 . 2011-04-29 20:58 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\SUPERAntiSpyware.com
2011-04-29 20:58 . 2011-04-30 08:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-21 15:10 . 2011-04-21 15:10 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-04-21 15:04 . 2011-04-21 15:04 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\vlc
2011-04-21 14:13 . 2011-04-21 14:14 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Media Player Classic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 19:34 . 2011-01-01 19:03 3348613 --sha-w- c:\program files\_msbackup.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 17:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 17:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-29 1432064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-16 423232]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-11-16 381005]
"Airy Secrets boot launcher"="c:\program files\Airy Secrets\as.exe" [2002-02-07 307200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MUTE\\fileSharingMUTE-MFC.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/15/2011 11:37 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [5/15/2011 11:37 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [5/15/2011 11:37 AM 656320]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 7:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 7:41 PM 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [5/15/2011 11:39 AM 247760]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [12/16/2010 6:19 PM 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [9/6/2006 8:27 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [9/6/2006 8:27 PM 36368]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/1/2011 1:48 PM 218688]
S0 vcqlwac;vcqlwac;c:\windows\system32\drivers\odrjx.sys --> c:\windows\system32\drivers\odrjx.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 10:23 AM 135664]
S2 r_server;Remote Administrator Service; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 10:23 AM 135664]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/10/2010 8:59 AM 14424]
S3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [12/4/2009 4:33 PM 103680]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [5/15/2011 11:36 AM 366840]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 09:23]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 09:23]
.
2011-05-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Administrator.539-36\Application Data\Mozilla\Firefox\Profiles\nl6kan84.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login|https://www.google.com/accounts/ServiceLogin?service=adsense&rm=hide&fpui=3&nui=15&alwf=true&ltmpl=adsense&passive=true&continue=https%3A%2F%2Fwww.google.com%2Fadsense%2Fgaiaauth2&followup=https%3A%2F%2Fwww.google.com%2Fadsense%2Fgaiaauth2&hl=en_US|https://www.google.com/accounts/ServiceLogin?service=adwords&hl=en_US&ltmpl=regionalc&passive=true&ifr=false&alwf=true&continue=https://adwords.google.com/um/gaiaauth?apt%3DNone
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 02:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD080HJ/P rev.ZH100-34 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86CEA57B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(932)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2800)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
c:\windows\TEMP\XB49FC.EXE
c:\program files\Trend Micro\Client Server Security Agent\pccntupd.exe
.
**************************************************************************
.
Completion time: 2011-05-19 03:12:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-19 02:12
.
Pre-Run: 13,715,066,880 bytes free
Post-Run: 14,043,942,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 83A79AF8A233BC7D9B2F26AC0BF47D10

--------------------------------------------------------------------------------------------

MBRCheck


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000005d

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0x86D51000 \WINDOWS\system32\KDCOM.DLL
0xF7988000 \WINDOWS\system32\BOOTVID.dll
0xF7453000 fltmgr.sys
0xF7425000 ACPI.sys
0xF7A74000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7414000 pci.sys
0xF7574000 isapnp.sys
0xF7B3C000 pciide.sys
0xF77F4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7584000 MountMgr.sys
0xF73F5000 ftdisk.sys
0xF7A76000 dmload.sys
0xF73CF000 dmio.sys
0xF77FC000 PartMgr.sys
0xF7594000 VolSnap.sys
0xF73B7000 atapi.sys
0xF75A4000 disk.sys
0xF75B4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73A5000 sr.sys
0xF7368000 PCTCore.sys
0xF7311000 pctDS.sys
0xF726C000 pctEFA.sys
0xF7255000 KSecDD.sys
0xF7242000 WudfPf.sys
0xF71B5000 Ntfs.sys
0xF7188000 NDIS.sys
0xF716E000 Mup.sys
0xF7684000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF66AC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6698000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7964000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6674000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF796C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7694000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76A4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6651000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6629000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7974000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6615000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76B4000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A68000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF76C4000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7AEE000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7CB2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A6C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF65FE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF797C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF65ED000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6BA2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF780C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7834000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF65BD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6B92000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF783C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7844000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6B82000 \SystemRoot\system32\DRIVERS\VClone.sys
0xF65A5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF7AF0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6547000 \SystemRoot\system32\DRIVERS\update.sys
0xF7125000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF650C000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0xF6B72000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6B42000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AF8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF1B91000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xF1B6D000 \SystemRoot\system32\drivers\portcls.sys
0xF7774000 \SystemRoot\system32\drivers\drmk.sys
0xF1B0D000 \SystemRoot\system32\drivers\Senfilt.sys
0xEF2A1000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AB0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEEB7D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AAA000 \SystemRoot\System32\Drivers\Beep.SYS
0xEF291000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEF289000 \SystemRoot\System32\drivers\vga.sys
0xF7AAC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AAE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEF281000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEF279000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6855000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDBC3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDB6A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDB1A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDAF4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF1914000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEDAD2000 \SystemRoot\System32\drivers\afd.sys
0xEF1A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDAB0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xEF271000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEDA85000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDA66000 \SystemRoot\system32\DRIVERS\psinknc.sys
0xED97E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEF188000 \SystemRoot\System32\Drivers\Fips.SYS
0xEEE8C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEED18000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xEED10000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xEDA02000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xED8FE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xED9FA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xED9F6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB3884000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB3115000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB45EC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3587000 \SystemRoot\System32\drivers\Dxapi.sys
0xB364D000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xF7BC5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\ati2dvag.dll
0xBFA18000 \SystemRoot\System32\ati2cqag.dll
0xBFA5E000 \SystemRoot\System32\atikvmag.dll
0xBFAA0000 \SystemRoot\System32\ati3duag.dll
0xBFD41000 \SystemRoot\System32\ativvaxx.dll
0xB0FF4000 \SystemRoot\system32\DRIVERS\PSINAflt.sys
0xB0FDA000 \SystemRoot\system32\DRIVERS\PSINProt.sys
0xB0FC3000 \SystemRoot\system32\DRIVERS\PSINFile.sys
0xB0FA9000 \SystemRoot\system32\DRIVERS\PSINProc.sys
0xF7604000 \??\C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
0xB0E67000 \??\C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
0xB0E1E000 \??\C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
0xB9E48000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB0D79000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF1E61000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys
0xF7A88000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB0CDA000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB0C60000 \SystemRoot\system32\DRIVERS\srv.sys
0xB0B77000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xB0992000 \??\C:\Program Files\Trend Micro\Client Server Security Agent\tm_cfw.sys
0xB06A9000 \SystemRoot\System32\Drivers\HTTP.sys
0xB03C4000 \SystemRoot\system32\drivers\wdmaud.sys
0xB08E2000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDC1E000 \??\C:\DOCUME~1\ADMINI~1.539\LOCALS~1\Temp\mbr.sys
0xAF92C000 \??\C:\DOCUME~1\ADMINI~1.539\LOCALS~1\Temp\fxtdqpog.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
812 C:\WINDOWS\system32\smss.exe
860 csrss.exe
888 C:\WINDOWS\system32\winlogon.exe
932 C:\WINDOWS\system32\services.exe
944 C:\WINDOWS\system32\lsass.exe
1156 C:\WINDOWS\system32\ati2evxx.exe
1172 C:\WINDOWS\system32\svchost.exe
1260 svchost.exe
1380 C:\WINDOWS\system32\svchost.exe
1488 C:\WINDOWS\system32\svchost.exe
1644 svchost.exe
1712 svchost.exe
1816 C:\WINDOWS\system32\spoolsv.exe
1952 svchost.exe
2020 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
296 C:\Program Files\Java\jre6\bin\jqs.exe
612 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
708 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
804 C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
1504 C:\WINDOWS\system32\svchost.exe
1660 C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
1848 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
1904 C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
2704 C:\WINDOWS\Temp\ZL932B.EXE
3312 alg.exe
4084 C:\WINDOWS\system32\svchost.exe
3968 C:\WINDOWS\system32\wscntfy.exe
152 C:\WINDOWS\explorer.exe
2748 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2820 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
2828 C:\Program Files\PC Tools Security\BDT\FGuard.exe
2560 C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
260 C:\WINDOWS\system32\ctfmon.exe
2876 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2144 C:\Program Files\Mozilla Firefox\firefox.exe
2072 C:\Documents and Settings\Administrator.539-36\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD080HJ/P, Rev: ZH100-34

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



-------------------------------------------------------------------------------------------------

BootCheck


CMDCONS Folder exists!

Contents of C:\boot.ini:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Attached Files


The 'Ambassadors of Surrogacy'
http://www.oneinsix.com or 1-in-6.com
Posted Image

#10 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 19 May 2011 - 02:59 AM

You posted a log from MBRCheck when I asked for a log from aswMBR.

Please redo step 1 and post the log

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#11 creatures

creatures
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:14 AM

Posted 19 May 2011 - 03:02 AM

Sorry, too many text files!

aswMBR


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-19 08:34:00
-----------------------------
08:34:00.937 OS Version: Windows 5.1.2600 Service Pack 3
08:34:00.937 Number of processors: 2 586 0x605
08:34:00.937 ComputerName: BOBBY UserName:
08:34:01.781 Initialize success
08:34:20.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:34:20.375 Disk 0 Vendor: SAMSUNG_HD080HJ/P ZH100-34 Size: 76293MB BusType: 3
08:34:20.375 Device \Driver\atapi -> DriverStartIo 86cea57b
08:34:22.375 Disk 0 MBR read successfully
08:34:22.375 Disk 0 MBR scan
08:34:22.375 Disk 0 TDL4@MBR code has been found
08:34:22.375 Disk 0 Windows XP default MBR code found via API
08:34:22.375 Disk 0 MBR hidden
08:34:22.375 Disk 0 MBR [TDL4] **ROOTKIT**
08:34:22.375 Disk 0 trace - called modules:
08:34:22.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x86cea730]<<
08:34:22.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d85ab8]
08:34:22.375 3 CLASSPNP.SYS[f75bcfd7] -> nt!IofCallDriver -> [0x86d2d920]
08:34:22.375 5 PCTCore.sys[f7381099] -> nt!IofCallDriver -> [0x86d5ad98]
08:34:22.375 \Driver\atapi[0x86d52270] -> IRP_MJ_CREATE -> 0x86cea730
08:34:22.375 Scan finished successfully
08:35:52.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.539-36\Desktop\MBR.dat"
08:35:52.625 The log file has been saved successfully to "C:\Documents and Settings\Administrator.539-36\Desktop\aswMBR.txt"
The 'Ambassadors of Surrogacy'
http://www.oneinsix.com or 1-in-6.com
Posted Image

#12 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 19 May 2011 - 03:12 AM

Sorry, too many text files!

Sorry too, as it's me having you create them. :whistle:

Now let's fix this

Step 1.
aswMBRFix:

Close all applications

Run aswMBR and Click Scan

On completion of the scan, click the Fix - button

Posted Image

When prompted to restart click Yes and let it reboot.
In some cases the computer freezes and needs to be manually reset.

Rerun aswMBR and save the log as before and post in your next reply


Step 2.
ComboFix:



  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Here is a howto for some of the applications.
    They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 3.
Things I would like to see in your reply:

  • The content of the log from aswMBR in step 1.
  • The content of C:\ComboFix.txt from step 2.
  • Information on how your computer is running after those steps.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#13 creatures

creatures
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:14 AM

Posted 20 May 2011 - 03:18 AM

aswMBR #2

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-19 09:19:24
-----------------------------
09:19:24.328 OS Version: Windows 5.1.2600 Service Pack 3
09:19:24.328 Number of processors: 2 586 0x605
09:19:24.328 ComputerName: BOBBY UserName:
09:19:25.000 Initialize success
09:19:26.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:19:26.796 Disk 0 Vendor: SAMSUNG_HD080HJ/P ZH100-34 Size: 76293MB BusType: 3
09:19:28.812 Disk 0 MBR read successfully
09:19:28.812 Disk 0 MBR scan
09:19:28.812 Disk 0 Windows XP default MBR code
09:19:30.812 Disk 0 scanning sectors +156232125
09:19:30.937 Disk 0 scanning C:\WINDOWS\system32\drivers
09:19:52.578 Service scanning
09:19:55.515 Disk 0 trace - called modules:
09:19:55.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
09:19:55.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d28ab8]
09:19:55.515 3 CLASSPNP.SYS[f75b4fd7] -> nt!IofCallDriver -> [0x86d69920]
09:19:55.515 5 PCTCore.sys[f7379099] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d6db00]
09:19:55.515 Scan finished successfully
09:24:10.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.539-36\Desktop\MBR.dat"
09:24:11.000 The log file has been saved successfully to "C:\Documents and Settings\Administrator.539-36\Desktop\aswMBR .2.txt"


ComboFix #2

ComboFix 11-05-17.03 - Administrator 19/05/2011 9:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.990.561 [GMT 1:00]
Running from: c:\documents and settings\Administrator.539-36\My Documents\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Trend Micro Client-Server Security Agent Firewall *Disabled* {28C03845-0BBF-40E6-9DF0-19BD3C60F2BE}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-18 10:04 . 2011-05-18 10:04 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Foxit Software
2011-05-18 10:02 . 2011-05-18 10:02 -------- d-----w- c:\program files\Ask.com
2011-05-18 10:01 . 2011-05-18 10:01 -------- d-----w- c:\program files\Foxit Software
2011-05-17 13:45 . 2011-05-18 09:58 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\SlimBrowser
2011-05-17 13:44 . 2011-05-17 13:45 -------- d-----w- c:\program files\SlimBrowser
2011-05-17 13:29 . 2011-05-17 13:36 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Enigma Browser
2011-05-17 13:27 . 2011-05-17 13:37 -------- d-----w- c:\program files\Enigma Browser
2011-05-16 18:30 . 2011-05-16 18:30 388096 ----a-r- c:\documents and settings\Administrator.539-36\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-15 12:04 . 2011-05-15 12:04 -------- d-----w- c:\documents and settings\Administrator.539-36\Local Settings\Application Data\Threat Expert
2011-05-15 10:39 . 2011-01-07 13:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-05-15 10:39 . 2011-01-07 13:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-05-15 10:39 . 2011-01-07 13:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-05-15 10:39 . 2011-01-07 13:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-05-15 10:37 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-05-15 10:37 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-05-15 10:37 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-15 10:37 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-15 10:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-15 10:37 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-15 10:36 . 2011-05-16 08:21 -------- d-----w- c:\program files\Common Files\PC Tools
2011-05-15 10:36 . 2011-05-17 09:12 -------- d-----w- c:\program files\PC Tools Security
2011-05-15 10:36 . 2011-05-15 10:36 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\PC Tools
2011-05-15 10:35 . 2011-05-15 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-05-11 19:03 . 2011-05-18 14:16 -------- d-----w- c:\program files\Airy Secrets
2011-05-11 09:22 . 2011-05-12 09:16 -------- d-----w- c:\program files\Lavasoft
2011-05-11 09:22 . 2011-05-12 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-10 11:33 . 2011-05-10 11:33 -------- d-----w- c:\documents and settings\Administrator.539-36\Local Settings\Application Data\Secunia PSI
2011-05-10 11:31 . 2011-05-10 11:31 -------- d-----w- c:\program files\Secunia
2011-05-10 06:38 . 2011-05-10 06:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-08 09:45 . 2011-05-10 06:26 0 ----a-w- c:\windows\system32\tmp.tmp
2011-05-03 19:49 . 2011-05-03 19:50 -------- d-----w- C:\Manual-PCProgram
2011-05-01 14:37 . 2011-05-01 14:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-01 11:35 . 2011-05-01 11:35 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Panda Security
2011-05-01 11:33 . 2011-05-01 11:33 -------- d-----w- c:\program files\Panda Security
2011-05-01 11:33 . 2011-05-01 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-05-01 11:23 . 2011-05-01 11:23 -------- d-----w- C:\$AVG
2011-05-01 11:19 . 2011-05-01 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-30 18:12 . 2011-04-30 18:12 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\BitDefender
2011-04-30 18:11 . 2011-04-30 18:11 -------- d-----w- c:\program files\BitDefender
2011-04-30 17:44 . 2011-04-30 21:31 -------- d-----w- c:\program files\Common Files\BitDefender
2011-04-30 17:44 . 2011-04-30 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2011-04-30 17:43 . 2011-04-30 20:20 542031 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin
2011-04-30 16:39 . 2011-04-30 21:32 -------- d-----w- c:\program files\iPod
2011-04-30 16:39 . 2011-04-30 21:32 -------- d-----w- c:\program files\iTunes
2011-04-30 16:39 . 2011-04-30 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-04-30 13:33 . 2011-05-06 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-30 13:33 . 2011-04-30 13:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-30 12:37 . 2010-04-01 17:58 552136 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-04-30 12:37 . 2010-04-01 17:58 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-04-30 12:37 . 2010-04-01 17:58 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-04-30 12:37 . 2010-04-01 17:58 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-04-30 12:37 . 2010-04-01 17:58 11676632 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2011-04-30 12:37 . 2010-04-01 17:58 17880 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2011-04-30 12:37 . 2010-04-01 17:58 243160 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2011-04-30 12:37 . 2010-04-01 17:58 140760 ----a-w- c:\program files\Mozilla Firefox\ssl3.dll
2011-04-30 12:37 . 2010-04-01 17:58 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-04-30 12:37 . 2010-04-01 15:56 155648 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll
2011-04-30 08:59 . 2011-05-18 16:01 -------- d-----w- c:\program files\Free Window Registry Repair
2011-04-30 08:52 . 2011-04-30 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-29 20:58 . 2011-04-29 20:58 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\SUPERAntiSpyware.com
2011-04-29 20:58 . 2011-04-30 08:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-21 15:10 . 2011-04-21 15:10 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-04-21 15:04 . 2011-04-21 15:04 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\vlc
2011-04-21 14:13 . 2011-04-21 14:14 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Media Player Classic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 19:34 . 2011-01-01 19:03 3348613 --sha-w- c:\program files\_msbackup.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 17:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 17:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-29 1432064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-16 423232]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-11-16 381005]
"Airy Secrets boot launcher"="c:\program files\Airy Secrets\as.exe" [2002-02-07 307200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MUTE\\fileSharingMUTE-MFC.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/15/2011 11:37 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [5/15/2011 11:37 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [5/15/2011 11:37 AM 656320]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 7:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 7:41 PM 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [5/15/2011 11:39 AM 247760]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [12/16/2010 6:19 PM 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [9/6/2006 8:27 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [9/6/2006 8:27 PM 36368]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/1/2011 1:48 PM 218688]
S0 vcqlwac;vcqlwac;c:\windows\system32\drivers\odrjx.sys --> c:\windows\system32\drivers\odrjx.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 10:23 AM 135664]
S2 r_server;Remote Administrator Service; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 10:23 AM 135664]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/10/2010 8:59 AM 14424]
S3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [12/4/2009 4:33 PM 103680]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [5/15/2011 11:36 AM 366840]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 09:23]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 09:23]
.
2011-05-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Administrator.539-36\Application Data\Mozilla\Firefox\Profiles\nl6kan84.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login|https://www.google.com/accounts/ServiceLogin?service=adsense&rm=hide&fpui=3&nui=15&alwf=true&ltmpl=adsense&passive=true&continue=https%3A%2F%2Fwww.google.com%2Fadsense%2Fgaiaauth2&followup=https%3A%2F%2Fwww.google.com%2Fadsense%2Fgaiaauth2&hl=en_US|https://www.google.com/accounts/ServiceLogin?service=adwords&hl=en_US&ltmpl=regionalc&passive=true&ifr=false&alwf=true&continue=https://adwords.google.com/um/gaiaauth?apt%3DNone
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 09:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(924)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(628)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-19 09:52:51
ComboFix-quarantined-files.txt 2011-05-19 08:52
ComboFix2.txt 2011-05-19 02:12
.
Pre-Run: 13,963,284,480 bytes free
Post-Run: 14,008,143,872 bytes free
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 68A2B88C7646F2A8C7326D8A4B442C6D

---------------------------------------------------------------------

It's gone! No more redirects. Windows Security alert icon gone. It's now updating again in a long time.

Firefox still doesn't remember passwords. That's why I got Airy Secrets password manager. May have to reinstall Firefox. Overall I'm happy.
I've installed Spyware Blaster.

Which leaves me to remember to donate when I next get my pay check! Can I delete the hundred txt files off my pc :)
The 'Ambassadors of Surrogacy'
http://www.oneinsix.com or 1-in-6.com
Posted Image

#14 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 20 May 2011 - 05:39 AM

Which leaves me to remember to donate when I next get my pay check! Can I delete the hundred txt files off my pc :)

Hold your horses we're not done yet.
I'll let you know when we shall do the housekeeping.

Do your recognize this file?
Have you placed it there on purpose?

c:\program files\_msbackup.exe


Step 1.
Filescan:

Please go to: VirusTotal

  • On the page you'll find a Browse - button.
  • Click on the Browse button.
  • In the Choose File to Upload window which opens, copy and paste this into the File Name box.

    c:\program files\_msbackup.exe
  • Next, click the Open button.
  • Then click the Send File - button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.


Step 2.
CFSCript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\system32\tmp.tmp
c:\windows\system32\drivers\odrjx.sys 
Folder::
C:\$AVG
c:\documents and settings\All Users\Application Data\MFAData
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-
Driver::
r_server
Remote Administrator Service
vcqlwac

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3.
MBAM:

  • Launch Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 4.
OTL-scan:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 90 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files,Use No-Company Name WhiteList, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in

    msconfig
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 5.
Things I would like to see in your reply:

  • Answers to the questions in the beginning of this post.
  • The links to the result from the filescan in step 1.
  • The content of C:\ComboFix.txt from step 2.
  • The content of the log from MBAM in step 3.
  • The content of OTL.txt and Extras.txt from step 4.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#15 creatures

creatures
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:14 AM

Posted 20 May 2011 - 07:51 AM

No I don't recognize the file c:\program files\_msbackup.exe

---------------------------------------------------------------

http://www.virustotal.com/file-scan/report.html?id=8d86483d6779e49d502e8f6df45dc1988e10542f244329ed6e6bf09eec1999cd-1305888632

---------------------------------------------------------------

ComboFix .3

ComboFix 11-05-17.03 - Administrator 20/05/2011 11:58:24.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.990.563 [GMT 1:00]
Running from: c:\documents and settings\Administrator.539-36\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.539-36\My Documents\Downloads\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Trend Micro Client-Server Security Agent Firewall *Disabled* {28C03845-0BBF-40E6-9DF0-19BD3C60F2BE}
.
FILE ::
"c:\windows\system32\drivers\odrjx.sys"
"c:\windows\system32\tmp.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\$AVG
c:\$avg\$VAULT\V_00000072.fil
c:\$avg\$VAULT\V_00000073.fil
c:\$avg\$VAULT\V_00000074.fil
c:\$avg\$VAULT\V_00000075.fil
c:\$avg\$VAULT\V_00000076.fil
c:\$avg\$VAULT\V_00000077.fil
c:\$avg\$VAULT\V_00000078.fil
c:\$avg\$VAULT\V_00000079.fil
c:\$avg\$VAULT\V_00000080.fil
c:\$avg\$VAULT\V_00000081.fil
c:\$avg\$VAULT\V_00000082.fil
c:\$avg\$VAULT\V_00000083.fil
c:\$avg\$VAULT\V_00000084.fil
c:\$avg\$VAULT\V_00000085.fil
c:\$avg\$VAULT\V_00000086.fil
c:\$avg\$VAULT\V_00000087.fil
c:\$avg\$VAULT\V_00000088.fil
c:\$avg\$VAULT\V_00000089.fil
c:\$avg\$VAULT\V_00000090.fil
c:\$avg\$VAULT\V_00000091.fil
c:\$avg\$VAULT\V_00000092.fil
c:\$avg\$VAULT\V_00000093.fil
c:\$avg\$VAULT\V_00000094.fil
c:\$avg\$VAULT\V_00000095.fil
c:\$avg\$VAULT\V_00000096.fil
c:\$avg\$VAULT\V_00000097.fil
c:\$avg\$VAULT\V_00000098.fil
c:\$avg\$VAULT\V_00000099.fil
c:\$avg\$VAULT\V_00000100.fil
c:\$avg\$VAULT\V_00000101.fil
c:\$avg\$VAULT\V_00000102.fil
c:\$avg\$VAULT\V_00000103.fil
c:\$avg\$VAULT\V_00000104.fil
c:\$avg\$VAULT\V_00000105.fil
c:\$avg\$VAULT\V_00000106.fil
c:\$avg\$VAULT\V_00000107.fil
c:\$avg\$VAULT\V_00000108.fil
c:\$avg\$VAULT\V_00000109.fil
c:\$avg\$VAULT\V_00000110.fil
c:\$avg\$VAULT\V_00000111.fil
c:\$avg\$VAULT\vvfolder.idx
c:\documents and settings\All Users\Application Data\MFAData
c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110501-111909.log
c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110501-111924.log
c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110501-111924.log
c:\documents and settings\All Users\Application Data\MFAData\mfaurlconf.ini
c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\dm_marketing_message-hi.html
c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Installation-Page_LinkScanner.html
c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Installation-Page_Smart-Scanning.html
c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Installation-Page_Social-Networking.html
c:\documents and settings\All Users\Application Data\MFAData\mkt\res\LinkScanner-style.css
c:\documents and settings\All Users\Application Data\MFAData\mkt\res\LinkScanner.jpg
c:\documents and settings\All Users\Application Data\MFAData\mkt\res\OK.png
c:\documents and settings\All Users\Application Data\MFAData\mkt\res\Smart-Scanning.jpg
c:\documents and settings\All Users\Application Data\MFAData\mkt\res\SmartScanning-style.css
c:\documents and settings\All Users\Application Data\MFAData\mkt\res\Social-Networking.jpg
c:\documents and settings\All Users\Application Data\MFAData\mkt\res\SocialNetworking-style.css
c:\documents and settings\All Users\Application Data\MFAData\mkt\us\dm_marketing_message-en-us.html
c:\documents and settings\All Users\Application Data\MFAData\mkt\us\Installation-Page_LinkScanner.html
c:\documents and settings\All Users\Application Data\MFAData\mkt\us\Installation-Page_Smart-Scanning.html
c:\documents and settings\All Users\Application Data\MFAData\mkt\us\Installation-Page_Social-Networking.html
c:\documents and settings\All Users\Application Data\MFAData\pack\AntiRkx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\Antivirx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\avg10infoavi.ctf
c:\documents and settings\All Users\Application Data\MFAData\pack\avg10infooi.ctf
c:\documents and settings\All Users\Application Data\MFAData\pack\avg10infowin.ctf
c:\documents and settings\All Users\Application Data\MFAData\pack\avgmfapx.exe
c:\documents and settings\All Users\Application Data\MFAData\pack\avgmfarx.dll
c:\documents and settings\All Users\Application Data\MFAData\pack\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe
c:\documents and settings\All Users\Application Data\MFAData\pack\Avgx86.msi
c:\documents and settings\All Users\Application Data\MFAData\pack\AVIsx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\basex.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10antirkx1325qz.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10antivirx1325xf.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10avgx1325br.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10avisx1325bd.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10basex1325zi.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10guix1325qj.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10idatx1325bu.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10idpx1325sn.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10lng_usx1325ru.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10onlnscx1325tn.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10rdstx1325bq.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10resshldx1325zm.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10srchsrfx1325rb.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10sshttpbx1325re.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10tdidrvx1325fx.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10tuneupx1325ds.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10update2x1325gr.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10updatex1325cs.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10xplx1325ea.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\foi10cnet_lic8dn.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\foi10cnet_mis15ni.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\foi10cnet_mps16ro.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\bins\w10corex1500qj.bin
c:\documents and settings\All Users\Application Data\MFAData\pack\cnet_mis.mdf
c:\documents and settings\All Users\Application Data\MFAData\pack\cnet_mps.mdf
c:\documents and settings\All Users\Application Data\MFAData\pack\compat.ini
c:\documents and settings\All Users\Application Data\MFAData\pack\COREx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\COREx86.msi
c:\documents and settings\All Users\Application Data\MFAData\pack\GUIx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\htmlayout.dll
c:\documents and settings\All Users\Application Data\MFAData\pack\idatx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\IDPx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\lic.mdf
c:\documents and settings\All Users\Application Data\MFAData\pack\license_cz.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_da.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_es.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_fr.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_ge.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_hu.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_id.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_in.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_it.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_jp.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_ko.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_ms.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_nl.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_pb.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_pl.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_pt.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_ru.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_sc.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_sk.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_sp.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_tr.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_us.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_zh.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\license_zt.htm
c:\documents and settings\All Users\Application Data\MFAData\pack\lng_usx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\mfaconf.txt
c:\documents and settings\All Users\Application Data\MFAData\pack\mfacz.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfada.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfaes.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfafr.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfage.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfahu.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfaid.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfain.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfait.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfajp.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfako.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfams.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfanl.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfapb.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfapl.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfapt.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfaru.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfasc.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfask.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfasp.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfatr.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfaus.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfavera.txt
c:\documents and settings\All Users\Application Data\MFAData\pack\mfaverx.txt
c:\documents and settings\All Users\Application Data\MFAData\pack\mfazh.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\mfazt.lns
c:\documents and settings\All Users\Application Data\MFAData\pack\OnlnScx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\ResShldx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\SrchSrfx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\SSHttpBx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\TDIDrvx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\TuneUpx.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\Update2x.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\Updatex.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\vc_red.cab
c:\documents and settings\All Users\Application Data\MFAData\pack\vc_red.msi
c:\documents and settings\All Users\Application Data\MFAData\pack\xplx.cab
c:\documents and settings\All Users\Application Data\MFAData\public_installation_log.xml
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\avgmfarx.dll
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\avgrunasx.exe
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\bins\f10mfa1325b1321fz.bin
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\bins\f10mfa1325yq.bin
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\bins\f10upd1325b1321zo.bin
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\compat.ini
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\htmlayout.dll
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_cz.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_da.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_es.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_fr.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_ge.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_hu.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_id.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_in.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_it.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_jp.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_ko.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_ms.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_nl.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_pb.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_pl.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_pt.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_ru.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_sc.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_sk.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_sp.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_tr.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_us.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_zh.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\license_zt.htm
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfaconf.txt
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfacz.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfada.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfaes.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfafr.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfage.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfahu.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfaid.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfain.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfait.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfajp.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfako.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfams.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfanl.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfapb.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfapl.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfapt.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfaru.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfasc.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfask.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfasp.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfatr.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfaus.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfavera.txt
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfaverx.txt
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfazh.lns
c:\documents and settings\All Users\Application Data\MFAData\SelfUpd\mfazt.lns
c:\documents and settings\All Users\Application Data\MFAData\state.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_R_SERVER
-------\Service_r_server
-------\Service_vcqlwac
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-20 06:24 . 2011-05-20 06:24 -------- d-----w- c:\documents and settings\Administrator.539-36\Local Settings\Application Data\AskToolbar
2011-05-19 21:28 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-05-19 15:58 . 2002-07-17 08:05 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-05-19 15:58 . 2001-03-17 20:34 22528 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-05-19 15:58 . 2011-05-19 15:58 -------- d-----w- c:\program files\FLAC to MP3 Converter
2011-05-19 10:31 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-05-19 10:30 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-05-19 10:30 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-05-19 10:30 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-05-19 10:26 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-05-19 10:25 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-05-19 10:22 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-05-19 10:13 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-05-19 10:08 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-05-19 09:27 . 2011-05-19 09:42 -------- d-----w- c:\program files\SpywareBlaster
2011-05-18 10:04 . 2011-05-18 10:04 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Foxit Software
2011-05-18 10:02 . 2011-05-18 10:02 -------- d-----w- c:\program files\Ask.com
2011-05-18 10:01 . 2011-05-18 10:01 -------- d-----w- c:\program files\Foxit Software
2011-05-17 13:45 . 2011-05-18 09:58 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\SlimBrowser
2011-05-17 13:44 . 2011-05-17 13:45 -------- d-----w- c:\program files\SlimBrowser
2011-05-17 13:29 . 2011-05-17 13:36 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Enigma Browser
2011-05-17 13:27 . 2011-05-17 13:37 -------- d-----w- c:\program files\Enigma Browser
2011-05-16 18:30 . 2011-05-16 18:30 388096 ----a-r- c:\documents and settings\Administrator.539-36\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-15 12:04 . 2011-05-15 12:04 -------- d-----w- c:\documents and settings\Administrator.539-36\Local Settings\Application Data\Threat Expert
2011-05-15 10:39 . 2011-01-07 13:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-05-15 10:39 . 2011-01-07 13:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-05-15 10:39 . 2011-01-07 13:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-05-15 10:39 . 2011-01-07 13:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-05-15 10:37 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-05-15 10:37 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-05-15 10:37 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-15 10:37 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-15 10:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-15 10:37 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-15 10:36 . 2011-05-16 08:21 -------- d-----w- c:\program files\Common Files\PC Tools
2011-05-15 10:36 . 2011-05-17 09:12 -------- d-----w- c:\program files\PC Tools Security
2011-05-15 10:36 . 2011-05-15 10:36 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\PC Tools
2011-05-15 10:35 . 2011-05-15 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-05-11 19:03 . 2011-05-18 14:16 -------- d-----w- c:\program files\Airy Secrets
2011-05-11 09:22 . 2011-05-12 09:16 -------- d-----w- c:\program files\Lavasoft
2011-05-11 09:22 . 2011-05-12 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-10 11:33 . 2011-05-10 11:33 -------- d-----w- c:\documents and settings\Administrator.539-36\Local Settings\Application Data\Secunia PSI
2011-05-10 11:31 . 2011-05-10 11:31 -------- d-----w- c:\program files\Secunia
2011-05-10 06:38 . 2011-05-10 06:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-08 09:45 . 2011-05-10 06:26 0 ----a-w- c:\windows\system32\tmp.tmp
2011-05-03 19:49 . 2011-05-03 19:50 -------- d-----w- C:\Manual-PCProgram
2011-05-01 14:37 . 2011-05-01 14:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-01 11:35 . 2011-05-01 11:35 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Panda Security
2011-05-01 11:33 . 2011-05-01 11:33 -------- d-----w- c:\program files\Panda Security
2011-05-01 11:33 . 2011-05-01 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-04-30 18:12 . 2011-04-30 18:12 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\BitDefender
2011-04-30 18:11 . 2011-04-30 18:11 -------- d-----w- c:\program files\BitDefender
2011-04-30 17:44 . 2011-04-30 21:31 -------- d-----w- c:\program files\Common Files\BitDefender
2011-04-30 17:44 . 2011-04-30 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2011-04-30 17:43 . 2011-04-30 20:20 542031 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin
2011-04-30 16:39 . 2011-04-30 21:32 -------- d-----w- c:\program files\iPod
2011-04-30 16:39 . 2011-04-30 21:32 -------- d-----w- c:\program files\iTunes
2011-04-30 16:39 . 2011-04-30 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-04-30 16:38 . 2011-04-30 16:38 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-04-30 13:33 . 2011-05-06 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-30 13:33 . 2011-04-30 13:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-30 12:37 . 2010-04-01 17:58 552136 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-04-30 12:37 . 2010-04-01 17:58 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-04-30 12:37 . 2010-04-01 17:58 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-04-30 12:37 . 2010-04-01 17:58 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-04-30 12:37 . 2010-04-01 17:58 11676632 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2011-04-30 12:37 . 2010-04-01 17:58 17880 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2011-04-30 12:37 . 2010-04-01 17:58 243160 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2011-04-30 12:37 . 2010-04-01 17:58 140760 ----a-w- c:\program files\Mozilla Firefox\ssl3.dll
2011-04-30 12:37 . 2010-04-01 17:58 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-04-30 12:37 . 2010-04-01 15:56 155648 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll
2011-04-30 08:59 . 2011-05-18 16:01 -------- d-----w- c:\program files\Free Window Registry Repair
2011-04-30 08:52 . 2011-04-30 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-29 20:58 . 2011-04-29 20:58 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\SUPERAntiSpyware.com
2011-04-29 20:58 . 2011-04-30 08:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-21 15:10 . 2011-04-21 15:10 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-04-21 15:04 . 2011-04-21 15:04 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\vlc
2011-04-21 14:13 . 2011-04-21 14:14 -------- d-----w- c:\documents and settings\Administrator.539-36\Application Data\Media Player Classic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2007-02-20 14:23 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2009-10-27 19:34 . 2011-01-01 19:03 3348613 --sha-w- c:\program files\_msbackup.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 17:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 17:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-29 1432064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-16 423232]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-11-16 381005]
"Airy Secrets boot launcher"="c:\program files\Airy Secrets\as.exe" [2002-02-07 307200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SpywareBlaster (2).lnk - c:\program files\SpywareBlaster\spywareblaster.exe [2011-5-19 1385192]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MUTE\\fileSharingMUTE-MFC.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [15/05/2011 11:37 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [15/05/2011 11:37 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [15/05/2011 11:37 656320]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [16/12/2010 18:12 130376]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [15/05/2011 11:39 247760]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [16/12/2010 18:19 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [16/12/2010 18:12 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [16/12/2010 18:12 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [16/12/2010 18:12 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [16/12/2010 18:12 113096]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [06/09/2006 20:27 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [06/09/2006 20:27 36368]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [01/02/2011 13:48 218688]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/02/2010 10:23 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [19/05/2011 16:58 16512]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07/02/2010 10:23 135664]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/06/2010 08:59 14424]
S3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [04/12/2009 16:33 103680]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [15/05/2011 11:36 366840]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 09:23]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 09:23]
.
2011-05-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Administrator.539-36\Application Data\Mozilla\Firefox\Profiles\nl6kan84.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login|https://www.google.com/accounts/ServiceLogin?service=adsense&rm=hide&fpui=3&nui=15&alwf=true&ltmpl=adsense&passive=true&continue=https%3A%2F%2Fwww.google.com%2Fadsense%2Fgaiaauth2&followup=https%3A%2F%2Fwww.google.com%2Fadsense%2Fgaiaauth2&hl=en_US|https://www.google.com/accounts/ServiceLogin?service=adwords&hl=en_US&ltmpl=regionalc&passive=true&ifr=false&alwf=true&continue=https://adwords.google.com/um/gaiaauth?apt%3DNone
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-20 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(924)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(396)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
c:\windows\TEMP\GPB55C.EXE
c:\program files\Trend Micro\Client Server Security Agent\pccntupd.exe
.
**************************************************************************
.
Completion time: 2011-05-20 12:40:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-20 11:40
ComboFix2.txt 2011-05-19 08:52
ComboFix3.txt 2011-05-19 02:12
.
Pre-Run: 11,303,657,472 bytes free
Post-Run: 11,269,926,912 bytes free
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - CB60CBE6257E36CDD61D785C336AC286

-------------------------------------------------------------------------------

MalwareBytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6624

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20/05/2011 13:03:06
mbam-log-2011-05-20 (13-03-06).txt

Scan type: Quick scan
Objects scanned: 151050
Time elapsed: 17 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------

OTL

OTL logfile created on: 20/05/2011 13:09:26 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator.539-36\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

990.00 Mb Total Physical Memory | 480.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 10.52 Gb Free Space | 14.12% Space Free | Partition Type: NTFS

Computer Name: BOBBY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 13:06:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.539-36\My Documents\Downloads\OTL.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/12/16 18:35:40 | 000,423,232 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2010/12/16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/16 16:55:46 | 000,381,005 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2007/11/16 16:27:52 | 000,598,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2007/11/16 16:27:20 | 000,655,448 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2007/01/30 00:39:34 | 001,432,064 | ---- | M] (Phoenix Labs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2006/11/10 00:17:12 | 000,118,861 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTUpd.exe
PRC - [2006/11/10 00:15:38 | 000,278,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
PRC - [2006/11/10 00:15:30 | 000,172,099 | ---- | M] () -- C:\WINDOWS\Temp\GPB55C.EXE
PRC - [2006/09/28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2002/02/07 22:29:46 | 000,307,200 | ---- | M] (AXAR Team) -- C:\Program Files\Airy Secrets\as.exe


========== Modules (SafeList) ==========

MOD - [2011/05/20 13:06:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.539-36\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2007/11/16 16:27:52 | 000,598,104 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2007/11/16 16:27:20 | 000,655,448 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2006/11/10 00:15:38 | 000,278,608 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe -- (OfcPfwSvc)
SRV - [2006/09/28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/02/01 13:48:26 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/12/16 18:12:59 | 000,113,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2010/12/16 18:12:51 | 000,111,944 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2010/12/16 18:12:42 | 000,130,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2010/12/16 18:12:34 | 000,097,352 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/12/16 18:12:26 | 000,141,768 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/13 14:51:05 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/07/23 15:18:36 | 000,103,680 | R--- | M] (AMOI Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\S2usbser.sys -- (S2usbser)
DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/04/03 12:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 12:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 12:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 12:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 12:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 12:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/01/30 00:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/01/29 21:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 21:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2006/09/15 10:01:46 | 001,835,008 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TM_CFW.sys -- (TM_CFW)
DRV - [2006/06/07 18:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/17 12:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/17 19:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2003/12/08 12:01:02 | 000,322,400 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login|https://www.google.com/accounts/ServiceLogin?service=adsense&rm=hide&fpui=3&nui=15&alwf=true&ltmpl=adsense&passive=true&continue=https%3A%2F%2Fwww.google.com%2Fadsense%2Fgaiaauth2&followup=https%3A%2F%2Fwww.google.com%2Fadsense%2Fgaiaauth2&hl=en_US|https://www.google.com/accounts/ServiceLogin?service=adwords&hl=en_US&ltmpl=regionalc&passive=true&ifr=false&alwf=true&continue=https://adwords.google.com/um/gaiaauth?apt%3DNone"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/05/15 11:39:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 17:50:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 19:14:30 | 000,000,000 | ---D | M]

[2011/05/05 11:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.539-36\Application Data\Mozilla\Extensions
[2011/05/05 11:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.539-36\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/05/18 18:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.539-36\Application Data\Mozilla\Firefox\Profiles\nl6kan84.default\extensions
[2011/05/17 09:42:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator.539-36\Application Data\Mozilla\Firefox\Profiles\nl6kan84.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/18 18:57:15 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\Administrator.539-36\Application Data\Mozilla\Firefox\Profiles\nl6kan84.default\extensions\toolbar@ask.com
[2011/05/05 11:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.539-36\Application Data\Mozilla\SeaMonkey\Profiles\qo6jwcv9.default\extensions
[2011/05/05 11:25:20 | 000,000,000 | ---D | M] (NewsFox) -- C:\Documents and Settings\Administrator.539-36\Application Data\Mozilla\SeaMonkey\Profiles\qo6jwcv9.default\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}
[2011/04/30 13:53:20 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Application Data\Mozilla\Firefox\Profiles\nl6kan84.default\searchplugins\ixquick---uk.xml
[2011/05/18 18:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/10 10:13:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2002/09/12 11:17:56 | 000,171,008 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
[2002/09/12 11:17:56 | 000,171,008 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll

O1 HOSTS File: ([2011/05/20 12:19:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Airy Secrets boot launcher] C:\Program Files\Airy Secrets\as.exe (AXAR Team)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpywareBlaster (2).lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/20 15:25:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2011/05/20 07:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\AskToolbar
[2011/05/19 19:30:15 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/19 16:58:33 | 000,022,528 | ---- | C] (Jukka Poikolainen Software) -- C:\WINDOWS\System32\WNASPI32.DLL
[2011/05/19 16:58:33 | 000,016,512 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS
[2011/05/19 16:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FLAC to MP3 Converter
[2011/05/19 16:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC to MP3 Converter
[2011/05/19 10:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/05/19 10:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/05/18 19:23:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/18 19:18:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/18 19:18:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/18 19:18:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/18 19:18:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/18 19:16:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/18 18:48:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/18 11:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\Foxit Software
[2011/05/18 11:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/05/18 11:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/05/18 11:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/05/17 14:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\SlimBrowser
[2011/05/17 14:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FlashPeak SlimBrowser
[2011/05/17 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\SlimBrowser
[2011/05/17 14:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\Enigma Browser
[2011/05/17 14:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Browser
[2011/05/17 10:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Desktop\Peter and the Wolf (1946) DVDRip DivX3 MP3
[2011/05/16 19:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Start Menu\Programs\HiJackThis
[2011/05/16 19:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\My Documents\spyware was in c windows prefetch
[2011/05/15 13:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\Threat Expert
[2011/05/15 11:39:07 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/05/15 11:39:06 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/05/15 11:39:06 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/05/15 11:37:35 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/05/15 11:37:35 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/05/15 11:37:29 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/05/15 11:37:21 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/05/15 11:37:20 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/05/15 11:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/05/15 11:37:04 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/05/15 11:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/05/15 11:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/05/15 11:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\PC Tools
[2011/05/15 11:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/05/12 15:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Desktop\2 install 2
[2011/05/11 20:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Start Menu\Programs\Airy Secrets
[2011/05/11 20:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Airy Secrets
[2011/05/11 19:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/05/11 10:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/11 10:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/05/10 12:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\Secunia PSI
[2011/05/10 12:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/05/05 18:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Desktop\bedlam
[2011/05/05 13:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Desktop\The Bowery Boys - Spook Busters (1946) VHSRip (SiRiUs sHaRe)
[2011/05/03 20:49:53 | 000,000,000 | ---D | C] -- C:\Manual-PCProgram
[2011/05/01 15:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/05/01 15:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/01 12:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\Panda Security
[2011/05/01 12:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2011/05/01 12:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/05/01 12:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/05/01 11:38:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.539-36\Recent
[2011/05/01 11:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/30 19:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\BitDefender
[2011/04/30 19:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2011/04/30 18:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2011/04/30 18:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/04/30 17:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/30 17:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/30 17:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/30 17:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/30 16:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Desktop\itunes
[2011/04/30 14:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/30 14:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/30 14:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/30 13:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\Mozilla
[2011/04/30 09:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/04/30 09:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/30 09:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/29 21:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\SUPERAntiSpyware.com
[2011/04/29 21:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/28 16:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/27 19:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Desktop\daisy
[2011/04/27 19:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Desktop\dhillon
[2011/04/21 16:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/21 16:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2011/04/21 16:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\vlc
[2011/04/21 16:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/21 16:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/21 15:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/04/21 15:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\Media Player Classic
[2011/04/21 15:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/04/21 15:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/04/21 15:12:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2011/04/21 15:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/04/21 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/04/14 18:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PocketSoft
[2011/04/14 18:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ascaron Entertainment
[2011/04/14 16:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\Garena
[2011/04/01 13:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\MP4 MP3 Converter 4
[2011/03/29 15:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Desktop\Geoff Love
[2011/03/27 08:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Xobni
[2011/03/26 17:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xobni
[2011/03/26 17:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\Trillian
[2011/03/26 17:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian
[2011/03/24 10:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/03/24 10:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Fox
[2011/03/18 10:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/03/16 21:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Desktop\season 2
[2011/03/14 13:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2011/03/14 09:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VidShot Capturer
[2011/03/14 09:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\GeoVid
[2011/03/10 17:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\My Documents\Ulead VideoStudio SE
[2011/03/01 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\UFOAI
[2011/02/26 16:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Application Data\Malwarebytes
[2011/02/26 16:30:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/26 16:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/26 16:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/26 16:30:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/26 16:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/26 15:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\{CDCB0192-1E20-46B2-BA02-ECE35DA4830B}
[2011/02/26 15:48:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eOdCoNh06300
[2011/02/22 10:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.539-36\Desktop\TOM AND JERRY-COLLECTORS EDITION-VOLUME 4 AAC MP4 BY WINKER
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/05/20 13:01:05 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/20 12:58:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 12:23:27 | 000,404,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/20 12:23:27 | 000,063,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/20 12:21:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/20 12:19:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/20 12:19:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/20 12:19:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/20 08:49:48 | 000,702,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/05/20 07:20:52 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/20 05:55:24 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/19 21:55:41 | 000,001,065 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\My Documents\AAAiry Secrets.eco
[2011/05/19 10:53:26 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpywareBlaster (2).lnk
[2011/05/19 09:24:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Desktop\MBR.dat
[2011/05/19 08:26:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/18 19:23:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/18 15:12:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\defogger_reenable
[2011/05/18 10:04:01 | 000,000,495 | ---- | M] () -- C:\WINDOWS\I_VIEW32.INI
[2011/05/17 19:58:22 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/17 14:45:20 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBrowser.lnk
[2011/05/17 11:46:49 | 000,002,524 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\My Documents\cc_20110517_114628.reg
[2011/05/17 08:58:55 | 062,916,134 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Desktop\Whoever dies, let him die such that he does not die again [www.keepvid.com].mp4
[2011/05/17 08:31:37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\My Documents\NULL.htm
[2011/05/15 18:08:11 | 000,015,794 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/05/15 18:08:11 | 000,015,794 | -HS- | M] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/05/14 08:29:46 | 032,747,259 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Desktop\main sikhi haan [www.keepvid.com].mp4
[2011/05/13 11:53:23 | 000,000,200 | ---- | M] () -- C:\WINDOWS\Multique.ini
[2011/05/11 19:16:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/10 07:31:56 | 000,014,792 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0mxjs5a03c1mm1i1x7kon3121l0e4c6g522216hv7dy17
[2011/05/10 07:31:55 | 000,014,792 | -HS- | M] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\0mxjs5a03c1mm1i1x7kon3121l0e4c6g522216hv7dy17
[2011/05/09 11:47:49 | 000,015,934 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1136148036
[2011/05/09 11:47:35 | 000,015,926 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1059506545
[2011/05/09 11:47:35 | 000,015,926 | -HS- | M] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\1059506545
[2011/05/09 11:47:24 | 000,015,918 | -HS- | M] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\1136148036
[2011/05/09 11:47:12 | 000,015,918 | -HS- | M] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\04573030yi177i63m056r15qr6
[2011/05/09 11:43:08 | 000,015,914 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\04573030yi177i63m056r15qr6
[2011/05/04 14:19:48 | 000,022,506 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\My Documents\07577767(2).pdf
[2011/05/03 08:23:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/05/01 12:34:13 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/05/01 11:45:41 | 000,031,168 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\My Documents\cc_20110501_114520.reg
[2011/04/30 21:20:28 | 000,542,031 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/04/30 17:04:10 | 000,000,290 | ---- | M] () -- C:\WINDOWS\OB1.INI
[2011/04/28 15:24:19 | 000,739,095 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Desktop\womansown300 copy.jpg
[2011/04/25 18:03:14 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17fs0v.dat
[2011/03/20 13:49:12 | 000,026,784 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Desktop\Daisyangle.jpg
[2011/03/20 13:48:46 | 000,027,812 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Desktop\dhillonangle.jpg
[2011/03/18 10:24:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/03/17 13:12:52 | 000,034,717 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\My Documents\apartment2.jpg
[2011/03/17 13:12:23 | 000,049,449 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\My Documents\apartment1.jpg
[2011/03/14 15:25:08 | 000,034,823 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\My Documents\bookf.jpg
[2011/03/14 15:11:05 | 001,601,711 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\My Documents\Two Flew Over A Cuckoo's Nest - The 1-in-6 Story Mar2011small sec.pdf
[2011/03/14 12:30:43 | 000,006,682 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Application Data\PrimoPDFSet.xml
[2011/03/01 17:52:38 | 000,689,657 | ---- | M] () -- C:\Documents and Settings\Administrator.539-36\Desktop\womansown300.jpg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/19 18:13:55 | 000,001,809 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/19 10:53:26 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpywareBlaster (2).lnk
[2011/05/19 08:35:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Desktop\MBR.dat
[2011/05/18 19:23:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/18 19:23:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/18 19:18:08 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/18 19:18:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/18 19:18:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/18 19:18:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/18 19:18:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/18 15:12:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\defogger_reenable
[2011/05/18 11:02:46 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/17 14:45:20 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBrowser.lnk
[2011/05/17 11:46:34 | 000,002,524 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\My Documents\cc_20110517_114628.reg
[2011/05/17 08:48:45 | 062,916,134 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Desktop\Whoever dies, let him die such that he does not die again [www.keepvid.com].mp4
[2011/05/17 08:31:36 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\My Documents\NULL.htm
[2011/05/15 11:39:09 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/05/15 11:39:07 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/05/15 11:39:07 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/05/15 11:39:07 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/05/15 11:39:07 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/05/15 11:37:40 | 000,702,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/05/15 11:09:52 | 000,015,794 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/05/15 11:09:52 | 000,015,794 | -HS- | C] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/05/14 09:36:46 | 032,747,259 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Desktop\main sikhi haan [www.keepvid.com].mp4
[2011/05/12 10:20:10 | 000,001,065 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\My Documents\AAAiry Secrets.eco
[2011/05/10 07:17:25 | 000,014,792 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0mxjs5a03c1mm1i1x7kon3121l0e4c6g522216hv7dy17
[2011/05/10 07:17:25 | 000,014,792 | -HS- | C] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\0mxjs5a03c1mm1i1x7kon3121l0e4c6g522216hv7dy17
[2011/05/09 11:42:27 | 000,015,914 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\04573030yi177i63m056r15qr6
[2011/05/09 07:27:04 | 000,015,918 | -HS- | C] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\1136148036
[2011/05/09 07:20:47 | 000,015,934 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1136148036
[2011/05/09 07:20:47 | 000,015,926 | -HS- | C] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\1059506545
[2011/05/09 07:15:48 | 000,015,926 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1059506545
[2011/05/09 07:15:48 | 000,015,918 | -HS- | C] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\04573030yi177i63m056r15qr6
[2011/05/09 07:00:29 | 000,015,914 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\04573030yi177i63m056r15qr6
[2011/05/09 07:00:29 | 000,015,908 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\04573030yi177i63m056r15qr6
[2011/05/04 16:16:28 | 000,011,309 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xxxrefalag.dll.Encrypted
[2011/05/04 14:19:47 | 000,022,506 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\My Documents\07577767(2).pdf
[2011/05/01 12:34:13 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/05/01 11:45:28 | 000,031,168 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\My Documents\cc_20110501_114520.reg
[2011/04/30 18:43:30 | 000,542,031 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/04/30 17:02:57 | 000,000,290 | ---- | C] () -- C:\WINDOWS\OB1.INI
[2011/04/30 13:37:08 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/28 15:24:17 | 000,739,095 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Desktop\womansown300 copy.jpg
[2011/04/25 18:03:14 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17fs0v.dat
[2011/04/21 15:12:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/04/21 15:12:23 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/03/20 13:47:02 | 000,027,812 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Desktop\dhillonangle.jpg
[2011/03/20 13:46:28 | 000,026,784 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Desktop\Daisyangle.jpg
[2011/03/18 10:24:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/03/17 13:12:52 | 000,034,717 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\My Documents\apartment2.jpg
[2011/03/17 13:12:21 | 000,049,449 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\My Documents\apartment1.jpg
[2011/03/14 15:25:08 | 000,034,823 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\My Documents\bookf.jpg
[2011/03/14 15:11:03 | 001,601,711 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\My Documents\Two Flew Over A Cuckoo's Nest - The 1-in-6 Story Mar2011small sec.pdf
[2011/03/14 13:16:29 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
[2011/03/14 13:16:29 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2011/03/14 13:16:29 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Designer 7.0.lnk
[2011/03/14 09:48:10 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/14 09:48:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/14 09:48:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2011/03/01 17:49:04 | 000,689,657 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Desktop\womansown300.jpg
[2011/03/01 17:14:49 | 000,003,150 | ---- | C] () -- C:\WINDOWS\site.dll
[2011/01/23 21:44:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/23 15:33:25 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/01/01 20:03:28 | 003,348,613 | -HS- | C] () -- C:\Program Files\_msbackup.exe
[2010/12/17 11:12:45 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2010/03/09 17:08:43 | 000,001,047 | ---- | C] () -- C:\WINDOWS\MQPreset.ini
[2010/03/09 17:08:43 | 000,000,200 | ---- | C] () -- C:\WINDOWS\Multique.ini
[2010/03/02 17:09:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2010/02/01 16:45:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/01/03 20:43:13 | 000,000,720 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009/12/22 17:49:19 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/12/22 17:49:18 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2009/12/22 17:49:16 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/12/16 20:18:23 | 000,052,180 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/09 16:08:54 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Application Data\APUSet.xml
[2009/12/09 16:08:53 | 000,006,682 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Application Data\PrimoPDFSet.xml
[2009/12/09 16:02:04 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/12/04 16:37:09 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\PCSuiteConfigFile.ini
[2009/12/04 16:37:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PCSuiteShareFile.ini
[2009/12/04 16:37:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PCSuiteParamFile.ini
[2009/08/16 19:10:11 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/08/13 15:32:10 | 000,010,381 | ---- | C] () -- C:\WINDOWS\MARK9.INI
[2009/08/13 14:51:30 | 000,322,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\hardlock.sys
[2009/08/13 14:51:05 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/08/13 14:49:48 | 000,006,937 | ---- | C] () -- C:\WINDOWS\Optikad.ini
[2009/07/28 14:26:03 | 000,000,170 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009/07/28 14:25:17 | 000,002,252 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V8 Codec.dat
[2009/07/28 14:24:03 | 000,020,898 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2009/07/28 14:24:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/07/25 16:55:40 | 000,000,495 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI
[2009/01/23 16:13:31 | 000,000,036 | ---- | C] () -- C:\WINDOWS\TSNPL.dat
[2009/01/23 16:13:30 | 000,001,332 | ---- | C] () -- C:\WINDOWS\System32\tsdigsgn.dat
[2009/01/23 16:11:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/04 11:19:30 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 14:28:32 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Administrator.539-36\Local Settings\Application Data\fusioncache.dat
[2007/07/02 09:29:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO5130.INI
[2007/04/25 12:41:40 | 000,003,705 | ---- | C] () -- C:\WINDOWS\cfgspyps.ini
[2007/04/25 12:41:39 | 000,004,537 | ---- | C] () -- C:\WINDOWS\cfgps.ini
[2007/03/07 17:54:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_7050.ini
[2007/03/07 17:54:57 | 000,000,079 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/03/07 17:54:48 | 000,000,457 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/03/07 17:54:48 | 000,000,130 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/03/05 03:42:40 | 000,003,935 | ---- | C] () -- C:\WINDOWS\cfgrs.ini
[2007/03/05 03:42:40 | 000,003,139 | ---- | C] () -- C:\WINDOWS\cfgrs_ex.ini
[2007/02/26 12:47:33 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2007/02/26 12:47:33 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DAT
[2007/02/26 11:23:20 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/26 11:08:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/26 10:48:27 | 000,008,764 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2007/02/21 13:22:54 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/02/21 13:22:42 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/02/20 15:28:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/02/20 15:22:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/20 14:20:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/20 14:19:20 | 000,345,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/06 23:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,404,276 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,063,304 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/13 13:00:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\tsseCryp.dll
[2000/01/07 01:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/07 01:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/03/30 15:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\bang
[2011/04/30 19:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\BitDefender
[2010/06/21 10:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\COWON
[2011/02/01 13:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\DAEMON Tools Lite
[2011/05/17 14:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Enigma Browser
[2011/05/18 11:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Foxit Software
[2011/04/14 16:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Garena
[2010/01/28 12:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\GetRightToGo
[2011/05/10 07:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\GlarySoft
[2009/08/23 09:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\JAM Software
[2009/12/17 11:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\K-Meleon
[2009/01/22 18:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Leadertech
[2009/12/06 11:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\LG Electronics
[2010/02/13 15:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\MSNInstaller
[2011/02/16 11:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Orca Profiles
[2011/05/01 12:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Panda Security
[2011/01/30 17:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Sims 3 Package Explorer
[2011/05/18 10:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\SlimBrowser
[2010/06/18 20:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\StreamTorrent
[2011/03/26 17:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Trillian
[2011/03/01 20:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\UFOAI
[2010/02/01 17:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Ulead Systems
[2011/05/19 21:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\uTorrent
[2011/04/30 22:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/08/15 17:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/02/26 11:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CounterPath
[2011/02/01 13:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/02/01 10:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/02/26 16:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eOdCoNh06300
[2009/08/13 15:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaceOnBody
[2007/10/25 15:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/01 12:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/05/20 12:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/01 17:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/08/15 18:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft
[2011/04/30 17:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/20 13:01:05 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2007/08/10 16:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/12/16 20:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/04/30 17:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/04/30 22:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/08/15 17:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/02/26 11:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CounterPath
[2011/02/01 13:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/02/01 10:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/02/26 16:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eOdCoNh06300
[2009/08/13 15:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaceOnBody
[2009/04/02 13:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/01 17:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/05/12 10:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/02/26 16:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/03 08:23:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/10/25 15:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/07/29 07:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/05/01 12:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/05/15 11:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/21 15:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/08/15 17:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2011/05/06 13:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/30 09:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/20 12:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/23 15:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2010/02/01 17:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/08/15 18:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft
[2007/02/26 11:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/12/18 09:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/04/30 17:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2011/03/26 17:32:25 | 000,523,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011/05/15 11:35:52 | 037,895,784 | ---- | M] (PC Tools ) -- C:\Documents and Settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_en_dl_aff.exe
[2009/03/18 17:55:46 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

< %APPDATA%\*. >
[2010/03/24 14:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Adobe
[2009/01/22 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\AdobeAUM
[2008/11/30 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\AdobeUM
[2011/04/30 17:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Apple Computer
[2009/12/29 16:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\ArcSoft
[2008/11/28 14:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\ATI
[2010/03/30 15:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\bang
[2011/04/30 19:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\BitDefender
[2010/06/21 10:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\COWON
[2011/02/01 13:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\DAEMON Tools Lite
[2011/05/17 14:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Enigma Browser
[2011/05/18 11:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Foxit Software
[2011/04/14 16:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Garena
[2010/01/28 12:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\GetRightToGo
[2011/05/10 07:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\GlarySoft
[2011/03/18 10:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Google
[2009/08/14 15:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Help
[2008/11/28 14:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Identities
[2009/08/15 17:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\InstallShield
[2009/08/23 09:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\JAM Software
[2009/12/17 11:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\K-Meleon
[2009/01/22 18:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Leadertech
[2009/12/06 11:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\LG Electronics
[2010/03/30 15:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Macromedia
[2011/02/26 16:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Malwarebytes
[2011/04/21 15:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Media Player Classic
[2011/01/24 11:44:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Microsoft
[2011/05/05 11:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Mozilla
[2010/02/13 15:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\MSNInstaller
[2011/02/16 11:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Orca Profiles
[2011/05/01 12:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Panda Security
[2011/05/15 11:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\PC Tools
[2010/01/03 20:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Real
[2011/01/25 18:00:01 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\SecuROM
[2011/01/30 17:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Sims 3 Package Explorer
[2011/05/18 10:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\SlimBrowser
[2010/06/18 20:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\StreamTorrent
[2009/07/10 10:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Sun
[2011/04/29 21:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\SUPERAntiSpyware.com
[2010/12/04 04:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Tor
[2011/03/26 17:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Trillian
[2011/03/01 20:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\UFOAI
[2010/02/01 17:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Ulead Systems
[2011/05/19 21:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\uTorrent
[2010/12/04 04:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Vidalia
[2011/04/21 16:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\vlc
[2009/08/13 12:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\WinRAR
[2009/12/24 19:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.539-36\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2011/05/16 19:30:39 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.539-36\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011/01/24 11:44:19 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrator.539-36\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2003/12/08 12:01:02 | 000,322,400 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hardlock.sys

< %systemroot%\System32\config\*.sav >
[2007/02/20 14:18:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/20 14:18:36 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/20 14:18:36 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

---------------------------------------------------------

Extras
OTL Extras logfile created on: 20/05/2011 13:09:26 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator.539-36\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

990.00 Mb Total Physical Memory | 480.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 10.52 Gb Free Space | 14.12% Space Free | Partition Type: NTFS

Computer Name: BOBBY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"53:UDP" = 53:UDP:*:Enabled:Promo

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe" = C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe:*:Enabled:eyeBeam

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\MUTE\fileSharingMUTE-MFC.exe" = C:\Program Files\MUTE\fileSharingMUTE-MFC.exe:*:Disabled:MFC MUTE Anonymous P2P Application 0.0.7 -- (http://www.sourceforge.net/projects/mfc-mute-net http://mute-net.sourceforge.net)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00180409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.107.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7C977DE7-EC85-46E1-A7D9-52C04EB52AE6}" = S2 Mobile Modem
"{7D3A6B8F-45C1-4814-967E-6D84BBB868CD}" = ATI Catalyst Control Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{919955B0-50EB-45DD-9165-C3BCFBF6B2D1}" = S2 PCSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A3D9B19F-D678-4CEC-81EE-280C467124CA}" = CLDAlf
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}" = MSN Messenger 7.0
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver
"{C48AD49C-9BBF-4056-B756-846C8548507E}_is1" = Oxin's Style
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"{FFD25152-1916-4744-BAAF-F2D2EBF38284}" = LG SyncManager
"4Musics FLAC to MP3 Converter 4.0 Shareware_is1" = 4Musics FLAC to MP3 Converter 4.0
"525B631E25DA7D8F03CAFCB6E66A95DA0F0B57CB" = Windows Driver Package - Amoi Incorporated (S2usbser) Ports (01/01/2007 2.0.5.0)
"ABC 3GP/MP4 Converter" = ABC 3GP/MP4 Converter 3.00
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Airy Secrets" = Airy Secrets
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audio Recorder for FREE_is1" = Audio Recorder for FREE v10.4
"Browser Defender_is1" = Browser Defender 3.0
"Cool Page 2.7" = Cool Page 2.7
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP WMA V8 Codec" = dBpowerAMP WMA V8 Codec
"DVD X Player 4.0 Professional_is1" = DVD X Player 4.0 Professional
"EB8470242F68F946AB0A751A9E60217725DCA27F" = Windows Driver Package - Amoi Incorporated (S2usbser) Modem (01/01/2007 2.0.5.0)
"Electronic Piano 2.5_is1" = Electronic Piano 2.5
"FaceOnBody" = FaceOnBody
"FileRestorePlus™_is1" = FileRestorePlus™ 3.0.1.1111
"fileSharingMUTE_is1" = MUTE
"Foxit Reader" = Foxit Reader
"HandyBits EasyCrypto Deluxe" = HandyBits EasyCrypto Deluxe
"InstallShield_{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 2.1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MKV Player_is1" = MKV Player 2.0
"MMH Split" = MMH Split 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyAlbum_is1" = MyAlbum version 2.1
"OfficeScanNT" = Trend Micro Client/Server Security Agent
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"PeerGuardian_is1" = PeerGuardian 2.0
"Polipo" = Polipo 1.0.4.1
"PrimoPDF4.0" = PrimoPDF
"RTPatch_is1" = RTPatch Update
"SikhiToTheMAX II" = SikhiToTheMAX II
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"SlimBrowser" = FlashPeak SlimBrowser
"SlowView" = SlowView
"SopCast" = SopCast 2.0.4
"Spyware Doctor" = Spyware Doctor 8.0
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = Simply COOL FTP!
"STARWARS: The Battle of Endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"STARWARS: The Battle of Yavin v1.1_is1" = STARWARS: The Battle of Yavin version 1.1
"The KMPlayer" = The KMPlayer (remove only)
"Tor" = Tor 0.2.1.26
"TreeSize Free_is1" = TreeSize Free V2.3.3
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.9
"VidShot Capturer_is1" = VidShot Capturer
"Virtual Plastic Surgery Software - VPSS_is1" = Virtual Plastic Surgery Software - VPSS v1.0
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Zuma's Revenge!1.0" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/05/2011 11:15:41 | Computer Name = BOBBY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 18/05/2011 02:56:42 | Computer Name = BOBBY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 18/05/2011 02:56:42 | Computer Name = BOBBY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 18/05/2011 06:00:38 | Computer Name = BOBBY | Source = Application Hang | ID = 1002
Description = Hanging application Acrobat.exe, version 7.0.0.1333, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 18/05/2011 21:58:03 | Computer Name = BOBBY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 18/05/2011 21:58:03 | Computer Name = BOBBY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 18/05/2011 23:58:10 | Computer Name = BOBBY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 18/05/2011 23:58:14 | Computer Name = BOBBY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 19/05/2011 03:28:00 | Computer Name = BOBBY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20/05/2011 02:22:53 | Computer Name = BOBBY | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

[ System Events ]
Error - 18/05/2011 14:10:17 | Computer Name = BOBBY | Source = Service Control Manager | ID = 7000
Description = The Remote Administrator Service service failed to start due to the
following error: %%3

Error - 18/05/2011 14:13:36 | Computer Name = BOBBY | Source = Service Control Manager | ID = 7031
Description = The Panda Cloud Antivirus Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.

Error - 18/05/2011 14:48:22 | Computer Name = BOBBY | Source = Service Control Manager | ID = 7000
Description = The Remote Administrator Service service failed to start due to the
following error: %%3

Error - 18/05/2011 14:49:55 | Computer Name = BOBBY | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 18/05/2011 21:55:35 | Computer Name = BOBBY | Source = Service Control Manager | ID = 7000
Description = The Remote Administrator Service service failed to start due to the
following error: %%3

Error - 18/05/2011 22:00:00 | Computer Name = BOBBY | Source = Schedule | ID = 7901
Description = The At4.job command failed to start due to the following error: %%2147942402

Error - 19/05/2011 04:17:26 | Computer Name = BOBBY | Source = Service Control Manager | ID = 7000
Description = The Remote Administrator Service service failed to start due to the
following error: %%3

Error - 19/05/2011 04:25:43 | Computer Name = BOBBY | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Client/Server Security Agent RealTime Scan service
terminated unexpectedly. It has done this 1 time(s).

Error - 19/05/2011 04:25:49 | Computer Name = BOBBY | Source = Service Control Manager | ID = 7031
Description = The Panda Cloud Antivirus Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.

Error - 19/05/2011 05:03:14 | Computer Name = BOBBY | Source = Service Control Manager | ID = 7000
Description = The Remote Administrator Service service failed to start due to the
following error: %%3


< End of report >
The 'Ambassadors of Surrogacy'
http://www.oneinsix.com or 1-in-6.com
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users