Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

List of Problems: Google Redirect, Iexplore.exe trojan, Random Proxy, etc...


  • This topic is locked This topic is locked
31 replies to this topic

#1 ChineseLaxer

ChineseLaxer

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 21 June 2011 - 12:56 PM

Well my computer has been infected by many things including......

  • Google Redirect
  • Proxy sets to something everytime
  • Iexplore.exe randomly pops up and sometimes even plays a video/audio
  • some items still hiding after using Unhider (Was infected with Windows XP Recovery)

I've tried using Malwarebytes, Avira, and Spybot Search and Destroy but nothing is found and/or fixed.

Here are my logs....

DDS

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
Run by Compaq_Administrator at 23:11:23 on 2011-06-20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.321 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=14196&l=dis
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = ;*.local;<local>
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Similar Pages
IE: Translate Page into English
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Trusted Zone: trymedia.com
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{D610191C-F344-45D2-835C-B34E2920CB39} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-10 11608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-1-26 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-10 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-10 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-5 61960]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-12-31 21992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2004-8-9 14336]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2011-1-28 28160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-1-9 100712]
S0 apbhlqw;apbhlqw;c:\windows\system32\drivers\djlt.sys --> c:\windows\system32\drivers\djlt.sys [?]
S0 hpcu;hpcu;c:\windows\system32\drivers\sompc.sys --> c:\windows\system32\drivers\sompc.sys [?]
S0 qipw;qipw;c:\windows\system32\drivers\hhei.sys --> c:\windows\system32\drivers\hhei.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 133104]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-5-1 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-5-1 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva348;XDva348;\??\c:\windows\system32\xdva348.sys --> c:\windows\system32\XDva348.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\xdva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\xdva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\xdva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva366;XDva366;\??\c:\windows\system32\xdva366.sys --> c:\windows\system32\XDva366.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\xdva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\xdva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]
.
=============== Created Last 30 ================
.
2011-06-21 06:08:09 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\Safe mirror
2011-06-21 06:07:53 -------- d-----w- c:\program files\Cobian Backup 10
2011-06-15 01:37:23 -------- dc----w- C:\Backup
2011-06-15 00:39:27 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-11 02:41:06 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\WMTools Downloaded Files
2011-06-11 00:45:40 -------- d-----w- c:\documents and settings\compaq_administrator\application data\SUPERAntiSpyware.com
2011-06-11 00:45:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-11 00:45:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-10 07:09:00 -------- d-----w- c:\program files\VideoSpirit Pro
2011-05-26 07:11:03 -------- d-----w- c:\program files\MetaStream
2011-05-22 17:07:11 814041040 -c--a-w- C:\War_Rock_20110307_G1.exe
2011-05-22 17:06:39 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\GamersFirst LIVE!
2011-05-22 17:06:00 -------- d-----w- c:\program files\GamersFirst
.
==================== Find3M ====================
.
2011-06-19 06:30:07 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 22:32:35 0 ----a-w- c:\windows\Bxujuwa.bin
2011-04-16 16:51:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-01 07:45:09 1328 -c--a-w- C:\FSUIPC_reg.bin
2011-03-31 09:12:56 737280 ----a-w- c:\windows\iun6002.exe
2011-03-27 03:38:24 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-27 03:38:24 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-22 05:08:18 2290745340 ----a-w- c:\program files\MSSetupv95.exe
.
============= FINISH: 23:12:39.98 ===============


---------------------------------------------------------------------------------------------------------------------------


GMER


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-21 10:49:13
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3200827AS rev.3.AHH
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\awddikob.sys


---- System - GMER 1.0.15 ----

SSDT F7C5E196 ZwCreateKey
SSDT F7C5E18C ZwCreateThread
SSDT F7C5E19B ZwDeleteKey
SSDT F7C5E1A5 ZwDeleteValueKey
SSDT F7C5E1AA ZwLoadKey
SSDT F7C5E178 ZwOpenProcess
SSDT F7C5E17D ZwOpenThread
SSDT F7C5E1B4 ZwReplaceKey
SSDT F7C5E1AF ZwRestoreKey
SSDT F7C5E1A0 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

INITc VolSnap.sys F755BBD0 4 Bytes [F0, 68, 53, 80]
INITc VolSnap.sys F755BBF8 4 Bytes [32, 8F, 4F, 80]
INITc VolSnap.sys F755BC20 4 Bytes [B0, 9B, 4F, 80]
INITc VolSnap.sys F755BC48 4 Bytes [9C, DF, 4F, 80] {PUSHF ; FISTTP WORD [EDI-0x80]}
INITc VolSnap.sys F755BC70 4 Bytes [E6, 95, 4F, 80]
INITc ...
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF59C53A0, 0x5CC259, 0xE8000020]
init C:\WINDOWS\System32\atkosdmini.dll entry point in "init" section [0xBD042480]
? C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[992] WININET.dll!HttpAddRequestHeadersA 771C40FA 7 Bytes JMP 00BA6A90
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WININET.dll!HttpAddRequestHeadersW 771CEF2C 5 Bytes JMP 00BA6C90
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00CA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!connect 71AB406A 5 Bytes JMP 004E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!send 71AB428A 5 Bytes JMP 0050000A
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 0051000A
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 004F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0076000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] WS2_32.dll!connect 71AB406A 5 Bytes JMP 0072000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] WS2_32.dll!send 71AB428A 5 Bytes JMP 0074000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 0075000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2292] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0073000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2632] USER32.dll!GetWindowInfo 7E41E77C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2632] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:120] 87135E7A
Thread System [4:124] 87138008

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xB3 0x06 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x3F 0x5B 0x3E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x74 0xFC 0xDD ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7C 0xC4 0x54 0x7C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x7C 0xC4 0x54 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xB3 0x06 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x3F 0x5B 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x74 0xFC 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7C 0xC4 0x54 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x7C 0xC4 0x54 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xB3 0x06 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x3F 0x5B 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x74 0xFC 0xDD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7C 0xC4 0x54 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x7C 0xC4 0x54 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xB3 0x06 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x3F 0x5B 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x74 0xFC 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7C 0xC4 0x54 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x7C 0xC4 0x54 0x7C ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@live[4].txt 234 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:44 AM

Posted 23 June 2011 - 04:40 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ChineseLaxer

ChineseLaxer
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 23 June 2011 - 06:32 PM

ComboFix 11-06-23.01 - Compaq_Administrator 23/06/2011 16:10:14.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.576 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100805.txt
c:\cflog\CrashLog_20100817.txt
c:\cflog\CrashLog_20100819.txt
c:\cflog\CrashLog_20100827.txt
c:\cflog\CrashLog_20101015.txt
c:\cflog\CrashLog_20101020.txt
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\WINDOWS
c:\documents and settings\Compaq_Administrator\Application Data\Ucin
c:\documents and settings\Compaq_Administrator\Application Data\Ucin\ugmo.sau
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{B24DDCDE-70D6-4BB8-917D-FA6EB9857738}
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{B24DDCDE-70D6-4BB8-917D-FA6EB9857738}\chrome.manifest
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{B24DDCDE-70D6-4BB8-917D-FA6EB9857738}\chrome\content\_cfg.js
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{B24DDCDE-70D6-4BB8-917D-FA6EB9857738}\chrome\content\overlay.xul
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{B24DDCDE-70D6-4BB8-917D-FA6EB9857738}\install.rdf
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
C:\install.exe
c:\windows\system32\config\systemprofile\WINDOWS
D:\Autorun.inf
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 03:53 . 2011-06-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2011-06-21 06:08 . 2011-06-21 06:08 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Safe mirror
2011-06-21 06:07 . 2011-06-21 06:08 -------- d-----w- c:\program files\Cobian Backup 10
2011-06-15 01:37 . 2011-06-15 01:38 -------- dc----w- C:\Backup
2011-06-15 00:39 . 2011-06-15 00:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-11 02:41 . 2011-06-12 06:58 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\WMTools Downloaded Files
2011-06-11 00:45 . 2011-06-11 00:45 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2011-06-11 00:45 . 2011-06-11 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-11 00:45 . 2011-06-11 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-10 07:09 . 2011-06-12 03:46 -------- d-----w- c:\program files\VideoSpirit Pro
2011-05-26 07:11 . 2011-05-26 07:11 -------- d-----w- c:\program files\MetaStream
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 21:41 . 2011-01-10 00:54 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2011-05-29 16:11 . 2010-04-05 06:23 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 17:19 . 2011-05-22 17:07 814041040 -c--a-w- C:\War_Rock_20110307_G1.exe
2011-05-13 00:55 . 2011-05-13 00:55 98304 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{32939827-D8E5-470A-B126-870DB3C69FDF}\python_icon.exe
2011-05-10 15:06 . 2010-04-10 19:49 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-10 15:06 . 2010-04-10 19:49 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-16 16:51 . 2011-04-16 16:51 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-31 09:12 . 2010-07-29 04:31 737280 ----a-w- c:\windows\iun6002.exe
2011-03-27 03:38 . 2011-03-27 03:38 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-27 03:38 . 2011-03-27 03:38 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-22 05:08 . 2011-02-22 04:00 2290745340 ----a-w- c:\program files\MSSetupv95.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-05-19 01:08 . 2011-05-19 01:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[7] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[7] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-24 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-25 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 10:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 11:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 06:19 77312 ------w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2009-10-24 06:57 1200128 ----a-w- c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 04:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-03-16 09:12 1077248 ----a-w- c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2006-03-16 09:11 61440 ----a-w- c:\program files\DISC\DISCUpdMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-30 04:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 03:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2006-02-16 05:34 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 21:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-05-26 00:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-05-29 16:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 20:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 20:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-08-26 08:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 18:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-23 05:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-08 11:54 16010240 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-27 01:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-24 20:48 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46 709992 ----a-r- c:\windows\vVX1000.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K11\\nba2k11.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58208:TCP"= 58208:TCP:Pando Media Booster
"58208:UDP"= 58208:UDP:Pando Media Booster
"1119:TCP"= 1119:TCP:sc2
"1119:UDP"= 1119:UDP:scII
"1120:TCP"= 1120:TCP:SCraft 2
"1120:UDP"= 1120:UDP:SC2
"59103:TCP"= 59103:TCP:Pando Media Booster
"59103:UDP"= 59103:UDP:Pando Media Booster
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26/01/2011 11:30 PM 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 11:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/01/2010 2:33 AM 136360]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [31/12/2010 8:19 PM 21992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25/05/2011 5:29 PM 1336712]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [09/08/2004 9:00 PM 14336]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [28/01/2011 1:40 AM 28160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [09/01/2011 7:18 PM 100712]
S0 apbhlqw;apbhlqw;c:\windows\system32\drivers\djlt.sys --> c:\windows\system32\drivers\djlt.sys [?]
S0 hpcu;hpcu;c:\windows\system32\drivers\sompc.sys --> c:\windows\system32\drivers\sompc.sys [?]
S0 qipw;qipw;c:\windows\system32\drivers\hhei.sys --> c:\windows\system32\drivers\hhei.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/01/2010 1:18 AM 133104]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/01/2010 1:18 AM 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [01/05/2010 2:56 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [01/05/2010 2:56 PM 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva348;XDva348;\??\c:\windows\system32\XDva348.sys --> c:\windows\system32\XDva348.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys --> c:\windows\system32\XDva366.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/05/2010 5:21 PM 691696]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-23 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-01-15 00:20]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 08:17]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 08:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=14196&l=dis
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = ;*.local;<local>
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages
IE: Translate Page into English
Trusted Zone: trymedia.com
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-conhost - c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\conhost.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
AddRemove-Fokker 70-100 - c:\program files\Microsoft Games\Flight Simulator 9\UnFokker70-FS9.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 16:20
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2011-06-23 16:27:15
ComboFix-quarantined-files.txt 2011-06-23 23:27
.
Pre-Run: 77,004,804,096 bytes free
Post-Run: 84,230,340,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=,1,2,3,4
- - End Of File - - D07497E69A5BA50AC6790E7B8C3F37AB

Attached Files


Edited by ChineseLaxer, 23 June 2011 - 06:35 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:44 AM

Posted 23 June 2011 - 08:57 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic405246.html/page__view__findpost__p__2305492

Collect::
c:\windows\system32\drivers\djlt.sys
c:\windows\system32\drivers\sompc.sys
c:\windows\system32\drivers\hhei.sys 

FCopy::
c:\windows\system32\dllcache\ntkrnlpa.exe | c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\dllcache\ntkrnlpa.exe | c:\windows\Driver Cache\i386\ntkrnlpa.exe
c:\windows\system32\dllcache\ntkrnlpa.exe | c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

Driver::
apbhlqw
hpcu
qipw


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ChineseLaxer

ChineseLaxer
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 June 2011 - 12:41 PM

ComboFix 11-06-23.01 - Compaq_Administrator 23/06/2011 19:52:29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.617 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\ntkrnlpa.exe --> c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\dllcache\ntkrnlpa.exe --> c:\windows\Driver Cache\i386\ntkrnlpa.exe
c:\windows\system32\dllcache\ntkrnlpa.exe --> c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_apbhlqw
-------\Service_hpcu
-------\Service_qipw
.
.
((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))
.
.
2011-06-23 03:53 . 2011-06-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2011-06-21 06:08 . 2011-06-21 06:08 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Safe mirror
2011-06-21 06:07 . 2011-06-21 06:08 -------- d-----w- c:\program files\Cobian Backup 10
2011-06-15 01:37 . 2011-06-15 01:38 -------- dc----w- C:\Backup
2011-06-15 00:39 . 2011-06-15 00:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-11 02:41 . 2011-06-12 06:58 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\WMTools Downloaded Files
2011-06-11 00:45 . 2011-06-11 00:45 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2011-06-11 00:45 . 2011-06-11 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-11 00:45 . 2011-06-11 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-10 07:09 . 2011-06-12 03:46 -------- d-----w- c:\program files\VideoSpirit Pro
2011-05-26 07:11 . 2011-05-26 07:11 -------- d-----w- c:\program files\MetaStream
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 21:41 . 2011-01-10 00:54 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2011-05-29 16:11 . 2010-04-05 06:23 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 17:19 . 2011-05-22 17:07 814041040 -c--a-w- C:\War_Rock_20110307_G1.exe
2011-05-13 00:55 . 2011-05-13 00:55 98304 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{32939827-D8E5-470A-B126-870DB3C69FDF}\python_icon.exe
2011-05-10 15:06 . 2010-04-10 19:49 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-10 15:06 . 2010-04-10 19:49 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-16 16:51 . 2011-04-16 16:51 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-31 09:12 . 2010-07-29 04:31 737280 ----a-w- c:\windows\iun6002.exe
2011-03-27 03:38 . 2011-03-27 03:38 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-27 03:38 . 2011-03-27 03:38 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-22 05:08 . 2011-02-22 04:00 2290745340 ----a-w- c:\program files\MSSetupv95.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-05-19 01:08 . 2011-05-19 01:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-24 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-25 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 10:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 11:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 06:19 77312 ------w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2009-10-24 06:57 1200128 ----a-w- c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 04:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-03-16 09:12 1077248 ----a-w- c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2006-03-16 09:11 61440 ----a-w- c:\program files\DISC\DISCUpdMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-30 04:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 03:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2006-02-16 05:34 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 21:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-05-26 00:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-05-29 16:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 20:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 20:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-08-26 08:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 18:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-23 05:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-08 11:54 16010240 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-27 01:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-24 20:48 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46 709992 ----a-r- c:\windows\vVX1000.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K11\\nba2k11.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58208:TCP"= 58208:TCP:Pando Media Booster
"58208:UDP"= 58208:UDP:Pando Media Booster
"1119:TCP"= 1119:TCP:sc2
"1119:UDP"= 1119:UDP:scII
"1120:TCP"= 1120:TCP:SCraft 2
"1120:UDP"= 1120:UDP:SC2
"59103:TCP"= 59103:TCP:Pando Media Booster
"59103:UDP"= 59103:UDP:Pando Media Booster
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26/01/2011 11:30 PM 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 11:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/01/2010 2:33 AM 136360]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [31/12/2010 8:19 PM 21992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25/05/2011 5:29 PM 1336712]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [09/08/2004 9:00 PM 14336]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [28/01/2011 1:40 AM 28160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [09/01/2011 7:18 PM 100712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/01/2010 1:18 AM 133104]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/01/2010 1:18 AM 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [01/05/2010 2:56 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [01/05/2010 2:56 PM 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva348;XDva348;\??\c:\windows\system32\XDva348.sys --> c:\windows\system32\XDva348.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys --> c:\windows\system32\XDva366.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/05/2010 5:21 PM 691696]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-01-15 00:20]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 08:17]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 08:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=14196&l=dis
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = ;*.local;<local>
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages
IE: Translate Page into English
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 20:09
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2268)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\arservice.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2011-06-23 20:16:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-24 03:16
ComboFix2.txt 2011-06-23 23:27
.
Pre-Run: 84,203,941,888 bytes free
Post-Run: 83,992,358,912 bytes free
.
Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=,1,2,3,4
- - End Of File - - B4B20091FF9D875815A930F44D2F895D

---------------------------------------------------------------------------------------


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6935

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

23/06/2011 8:27:18 PM
mbam-log-2011-06-23 (20-27-18).txt

Scan type: Quick scan
Objects scanned: 203415
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



---------------------------------------------------------------------------------------



C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application
C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application
C:\Documents and Settings\Compaq_Administrator\My Documents\FrostWire\Torrent Data\frostwire-4.21.6.windows.exe Win32/OpenCandy application
C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\Nero_BurningRom8.3.2.1_GM83_ESD_01_CD14808.exe Win32/Toolbar.AskSBar application
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP10\A0008866.exe Win32/OpenCandy application
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP12\A0009055.exe Win32/OpenCandy application
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0018070.exe Win32/OpenCandy application
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP57\A0031336.exe Win32/Toolbar.AskSBar application
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0004755.exe Win32/OpenCandy application

Attached Files


Edited by ChineseLaxer, 24 June 2011 - 12:42 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:44 AM

Posted 24 June 2011 - 02:33 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe 
C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe 
C:\Documents and Settings\Compaq_Administrator\My Documents\FrostWire\Torrent Data\frostwire-4.21.6.windows.exe 

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Posted Image Your Java is out of date.
Java™ 6 Update 23 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT

Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 ChineseLaxer

ChineseLaxer
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 June 2011 - 03:16 PM

ComboFix 11-06-23.01 - Compaq_Administrator 24/06/2011 12:45:25.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.608 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))
.
.
2011-06-24 05:02 . 2011-06-24 05:02 -------- d-----w- c:\windows\LastGood
2011-06-24 03:31 . 2011-06-24 03:31 -------- d-----w- c:\program files\ESET
2011-06-23 03:53 . 2011-06-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2011-06-21 06:08 . 2011-06-21 06:08 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Safe mirror
2011-06-21 06:07 . 2011-06-21 06:08 -------- d-----w- c:\program files\Cobian Backup 10
2011-06-15 01:37 . 2011-06-15 01:38 -------- dc----w- C:\Backup
2011-06-15 00:39 . 2011-06-15 00:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-11 02:41 . 2011-06-12 06:58 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\WMTools Downloaded Files
2011-06-11 00:45 . 2011-06-11 00:45 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2011-06-11 00:45 . 2011-06-11 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-11 00:45 . 2011-06-11 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-10 07:09 . 2011-06-12 03:46 -------- d-----w- c:\program files\VideoSpirit Pro
2011-05-26 07:11 . 2011-05-26 07:11 -------- d-----w- c:\program files\MetaStream
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 21:41 . 2011-01-10 00:54 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2011-05-29 16:11 . 2010-04-05 06:23 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 17:19 . 2011-05-22 17:07 814041040 -c--a-w- C:\War_Rock_20110307_G1.exe
2011-05-13 00:55 . 2011-05-13 00:55 98304 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{32939827-D8E5-470A-B126-870DB3C69FDF}\python_icon.exe
2011-05-10 15:06 . 2010-04-10 19:49 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-10 15:06 . 2010-04-10 19:49 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-16 16:51 . 2011-04-16 16:51 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-31 09:12 . 2010-07-29 04:31 737280 ----a-w- c:\windows\iun6002.exe
2011-03-27 03:38 . 2011-03-27 03:38 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-27 03:38 . 2011-03-27 03:38 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-22 05:08 . 2011-02-22 04:00 2290745340 ----a-w- c:\program files\MSSetupv95.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-05-19 01:08 . 2011-05-19 01:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-23_23.20.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-24 03:08 . 2011-06-24 03:08 16384 c:\windows\Temp\Perflib_Perfdata_26c.dat
- 2010-04-25 19:26 . 2010-12-21 18:36 17272 c:\windows\system32\spmsg.dll
+ 2010-04-25 19:26 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2005-08-31 04:07 . 2011-06-23 23:05 71928 c:\windows\system32\perfc009.dat
+ 2005-08-31 04:07 . 2011-06-24 03:13 71928 c:\windows\system32\perfc009.dat
- 2009-05-25 05:48 . 2011-04-15 05:20 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-25 05:48 . 2011-04-15 05:20 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-25 05:48 . 2011-04-15 05:20 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-11-23 08:41 . 2011-04-21 05:02 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-11-23 08:41 . 2011-06-24 05:04 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2005-08-31 04:07 . 2011-06-24 03:13 443646 c:\windows\system32\perfh009.dat
- 2005-08-31 04:07 . 2011-06-23 23:05 443646 c:\windows\system32\perfh009.dat
+ 2011-03-18 03:03 . 2011-03-18 03:03 308736 c:\windows\Installer\674b31.msp
- 2009-05-25 05:48 . 2011-04-15 05:20 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-05-25 05:48 . 2011-04-15 05:20 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-05-25 05:48 . 2011-04-15 05:20 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-05-25 05:48 . 2011-04-15 05:20 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-25 05:48 . 2011-04-15 05:20 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-25 05:48 . 2011-04-15 05:20 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-05-25 05:48 . 2011-04-15 05:20 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2004-08-10 11:00 . 2010-02-16 12:39 2058368 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-10 11:00 . 2010-02-16 12:39 2058368 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2010-04-08 01:36 . 2010-02-16 12:39 2058368 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2004-08-10 04:00 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2008-11-15 07:25 . 2010-02-16 12:39 2058368 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
+ 2011-04-29 19:31 . 2011-04-29 19:31 9006080 c:\windows\Installer\674b1b.msp
+ 2011-04-29 19:28 . 2011-04-29 19:28 1995264 c:\windows\Installer\674b04.msp
+ 2011-04-29 19:27 . 2011-04-29 19:27 4158464 c:\windows\Installer\674ae3.msp
+ 2011-04-28 12:42 . 2011-04-28 12:42 4990976 c:\windows\Installer\674acc.msp
+ 2011-04-29 19:33 . 2011-04-29 19:33 8173568 c:\windows\Installer\674ab5.msp
- 2009-05-25 05:48 . 2011-04-15 05:20 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-05-25 05:48 . 2011-04-15 05:20 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-05-25 05:48 . 2011-06-24 05:16 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-12 21:38 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-06-13 19:40 . 2011-06-04 00:56 47716296 c:\windows\system32\MRT.exe
+ 2011-04-23 02:41 . 2011-04-23 02:41 11507712 c:\windows\Installer\674b4c.msp
+ 2011-06-24 05:03 . 2011-06-24 05:03 20333056 c:\windows\Installer\674aee.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-24 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-6-7 2586736]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-25 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 10:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 11:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 06:19 77312 ------w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2009-10-24 06:57 1200128 ----a-w- c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 04:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-03-16 09:12 1077248 ----a-w- c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2006-03-16 09:11 61440 ----a-w- c:\program files\DISC\DISCUpdMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-30 04:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 03:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2006-02-16 05:34 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 21:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-05-26 00:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-05-29 16:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 20:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 20:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-08-26 08:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 18:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-23 05:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-08 11:54 16010240 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-27 01:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-24 20:48 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46 709992 ----a-r- c:\windows\vVX1000.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K11\\nba2k11.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58208:TCP"= 58208:TCP:Pando Media Booster
"58208:UDP"= 58208:UDP:Pando Media Booster
"1119:TCP"= 1119:TCP:sc2
"1119:UDP"= 1119:UDP:scII
"1120:TCP"= 1120:TCP:SCraft 2
"1120:UDP"= 1120:UDP:SC2
"59103:TCP"= 59103:TCP:Pando Media Booster
"59103:UDP"= 59103:UDP:Pando Media Booster
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26/01/2011 11:30 PM 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 11:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/01/2010 2:33 AM 136360]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [31/12/2010 8:19 PM 21992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25/05/2011 5:29 PM 1336712]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [09/08/2004 9:00 PM 14336]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [28/01/2011 1:40 AM 28160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [09/01/2011 7:18 PM 100712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/01/2010 1:18 AM 133104]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/01/2010 1:18 AM 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [01/05/2010 2:56 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [01/05/2010 2:56 PM 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva348;XDva348;\??\c:\windows\system32\XDva348.sys --> c:\windows\system32\XDva348.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys --> c:\windows\system32\XDva366.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/05/2010 5:21 PM 691696]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-01-15 00:20]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 08:17]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 08:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=14196&l=dis
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = ;*.local;<local>
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages
IE: Translate Page into English
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-24 13:02
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-24 13:06:26
ComboFix-quarantined-files.txt 2011-06-24 20:06
ComboFix2.txt 2011-06-24 03:16
ComboFix3.txt 2011-06-23 23:27
.
Pre-Run: 83,617,558,528 bytes free
Post-Run: 83,802,710,016 bytes free
.
Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=,1,2,3,4
- - End Of File - - ACCFD6D1A4001EE1D5D9371DAFCFCE74


------------------------------------------------------------------------------------------------------------------------------------

The computer seems to be running the same as before except that Google Redirect seems to be gone, at least for now. And same for Iexplore.exe, that has also seem to have disappeared. But the Proxy Thing seems to still be active. and also for the Online scan, did you want me to delete those files? or just to keep them?

Thanks for Everything!!

Edited by ChineseLaxer, 24 June 2011 - 03:16 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:44 AM

Posted 24 June 2011 - 04:29 PM

Please do the following:



  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
  • Click the Networking tab
  • Double-click on the Internet Protocol (TCP/IP) item.
  • Write down the settings in case you should need to change them back.
  • Select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice to get out of the properties screen and restart your computer.
  • If not prompted to reboot go ahead and reboot manually.

In I.E.
  • Check internet options settings.
  • Tools > Internet Options > Connections
  • LAN settings
  • Choose "automatically detect settings"
  • uncheck both proxy settings boxes

In FireFox
  • Click on Advanced -> Network -> Settings…
  • the No Proxy option should be selected



Just make certain these files are gone

C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe
C:\Documents and Settings\Compaq_Administrator\My Documents\FrostWire\Torrent Data\frostwire-4.21.6.windows.exe

the other files are in old restore points which we will clean up shortly

let me know if the above deals with the proxy issue


NEXT



Reset your Router:

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

NEXT

  • Go to Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between “..g /f…” it needs to be there)
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.


Let me know if there are still any unresolved issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 ChineseLaxer

ChineseLaxer
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 June 2011 - 07:43 PM

I Still get an error everytime I use "FIREFOX" only. Doesn't affect Internet Explorer as far as I know. Everytime, i start Firefox, i get this on the first page

------------------------------------------------------------
The proxy server is refusing connections
Firefox is configured to use a proxy server that is refusing connections.
Check the proxy settings to make sure that they are correct.
Contact your network administrator to make sure the proxy server is
working.

----------------------------------------------------

To make it work, i would have to go to tools > Options > Advanced > Network > Settings and hit No Proxy EVERYTIME for the internet to work.


Thanks again for everything!

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:44 AM

Posted 24 June 2011 - 07:45 PM

Hi

Please do the following:

  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 ChineseLaxer

ChineseLaxer
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 June 2011 - 08:33 PM

OTL logfile created on: 24/06/2011 6:24:38 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1022.48 Mb Total Physical Memory | 588.46 Mb Available Physical Memory | 57.55% Memory free
2.31 Gb Paging File | 1.92 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.10 Gb Total Space | 77.91 Gb Free Space | 43.75% Space Free | Partition Type: NTFS
Drive D: | 8.19 Gb Total Space | 0.55 Gb Free Space | 6.66% Space Free | Partition Type: FAT32

Computer Name: HENRYANDTHOMAS | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/24 18:23:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/04/27 15:12:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 14:46:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/20 17:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2010/11/03 00:39:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/29 11:20:10 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2011/06/24 18:23:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/27 15:12:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 14:46:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/21 13:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/29 11:20:10 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/06/29 01:46:00 | 023,276,032 | R-S- | M] (Safer Networking Limited ) [Auto | Running] -- C:\WINDOWS\system32\Rpcqt.dll -- (RPCQT) Remote Procedure Call (CQTPM)


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 14:46:15 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/26 23:30:39 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/23 15:41:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/09/07 13:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/05/23 17:21:32 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/06 12:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/10/06 12:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/23 10:41:58 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/30 12:15:54 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2009/07/07 19:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/17 19:22:56 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2009/02/17 19:22:54 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2009/02/17 19:22:52 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/10 14:46:53 | 001,966,312 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/03/08 13:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local>

========== FireFox ==========

FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.asktb.ff-original-keyword-url: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B24DDCDE-70D6-4BB8-917D-FA6EB9857738}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52586
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 18:08:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 18:08:35 | 000,000,000 | ---D | M]

[2010/04/10 12:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2010/04/10 12:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/23 13:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions
[2011/06/18 09:09:32 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/04/07 14:57:00 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/03/12 08:47:22 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions\personas@christopher.beard
[2011/05/14 12:04:16 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\searchplugins\askcom.xml
[2011/06/24 13:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 00:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/24 13:11:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BG0FNMK7.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BG0FNMK7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/04/04 23:34:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/18 18:08:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/21 18:17:06 | 000,103,864 | ---- | M] (ASP) -- C:\Program Files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
[2010/07/27 17:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 19:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/02/23 10:45:06 | 000,177,592 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2011/05/18 18:08:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/23 20:08:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 21:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/24 18:23:52 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/24 13:11:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/24 13:11:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/24 13:11:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/24 13:06:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/23 20:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/23 16:06:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/23 16:01:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/23 16:01:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/23 16:01:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/23 16:01:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/23 15:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/23 15:56:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/23 15:55:44 | 004,135,090 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2011/06/22 20:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/06/22 20:26:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/06/20 23:11:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/06/20 23:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Safe mirror
[2011/06/20 23:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2011/06/20 23:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/06/20 00:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/14 18:37:23 | 000,000,000 | ---D | C] -- C:\Backup
[2011/06/14 18:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\NHL Files
[2011/06/14 17:39:27 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/06/10 19:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2011/06/10 19:40:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/10 17:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
[2011/06/10 17:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/10 17:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\SUPERAntiSpyware
[2011/06/10 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/10 00:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoSpirit Pro
[2011/06/05 22:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\FrostWire
[2011/06/05 17:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Tiger Woods PGA TOUR 08
[2011/06/03 17:12:53 | 000,141,120 | ---- | C] (GridinSoft) -- C:\Documents and Settings\Compaq_Administrator\Desktop\unhider.exe
[2011/05/26 21:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/05/26 00:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\MetaStream
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 18:23:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/24 18:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/24 17:22:06 | 000,443,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/24 17:22:06 | 000,071,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/24 17:17:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/24 17:17:49 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/06/24 17:17:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/24 17:17:41 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 13:13:57 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to StarCraft II.lnk
[2011/06/24 11:33:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/06/24 11:33:03 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GamersFirst LIVE!.lnk
[2011/06/23 20:08:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/23 16:07:02 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/23 15:55:51 | 004,135,090 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2011/06/22 21:38:01 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\msexcr.ini
[2011/06/22 14:41:14 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2011/06/22 13:02:08 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 22:59:52 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\defogger_reenable
[2011/06/20 14:42:52 | 000,000,279 | ---- | M] () -- C:\Boot.bak
[2011/06/20 00:01:41 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/14 19:40:58 | 000,001,661 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NHL® 12.lnk
[2011/06/14 17:39:27 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/06/12 23:33:38 | 000,368,953 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MiniToolBox.exe
[2011/06/10 17:45:37 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/07 19:22:56 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Audacity.lnk
[2011/06/05 22:00:13 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/06/05 22:00:13 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FrostWire 4.21.7.lnk
[2011/06/05 17:46:13 | 000,001,939 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tiger Woods PGA TOUR 08 (2).lnk
[2011/06/05 16:17:33 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/04 23:39:37 | 000,434,050 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110607-234842.backup
[2011/06/04 23:03:11 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to avcenter.lnk
[2011/06/04 23:02:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to mbam.lnk
[2011/06/04 22:59:17 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to iTunes.lnk
[2011/06/03 17:32:20 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Firefox.lnk
[2011/06/03 16:40:03 | 000,141,120 | ---- | M] (GridinSoft) -- C:\Documents and Settings\Compaq_Administrator\Desktop\unhider.exe
[2011/06/03 00:25:44 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372
[2011/06/03 00:25:43 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372r
[2011/06/03 00:12:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15982372
[2011/06/01 23:02:53 | 003,713,534 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\guitarjamz_ultimate_guitar_manual.pdf
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/24 13:13:57 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to StarCraft II.lnk
[2011/06/24 11:33:03 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/06/24 11:33:03 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GamersFirst LIVE!.lnk
[2011/06/23 16:01:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/23 16:01:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/23 16:01:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/23 16:01:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/23 16:01:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/22 21:38:00 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2011/06/20 22:59:31 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\defogger_reenable
[2011/06/20 00:01:41 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/18 20:51:33 | 102,280,423 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Adobe Flash CS3.exe
[2011/06/14 17:59:08 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NHL® 12.lnk
[2011/06/12 23:33:39 | 000,368,953 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MiniToolBox.exe
[2011/06/10 19:40:23 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/10 17:45:37 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/07 19:22:56 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Audacity.lnk
[2011/06/05 22:00:13 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/06/05 22:00:13 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FrostWire 4.21.7.lnk
[2011/06/05 17:46:13 | 000,001,939 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tiger Woods PGA TOUR 08 (2).lnk
[2011/06/04 23:03:11 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to avcenter.lnk
[2011/06/04 23:02:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to mbam.lnk
[2011/06/04 22:59:17 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to iTunes.lnk
[2011/06/03 17:32:20 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Firefox.lnk
[2011/06/03 15:19:10 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/03 00:12:57 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15982372r
[2011/06/03 00:12:57 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15982372
[2011/06/03 00:12:45 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15982372
[2011/06/01 23:02:45 | 003,713,534 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\guitarjamz_ultimate_guitar_manual.pdf
[2011/05/27 00:33:30 | 000,011,516 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/27 00:33:30 | 000,011,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/23 15:11:30 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/05/22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y
[2011/05/22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y
[2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\x10e05rp0it3eboqp5
[2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x10e05rp0it3eboqp5
[2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub
[2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub
[2011/04/27 20:03:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bnawewizutero.dat
[2011/04/27 20:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bxujuwa.bin
[2011/04/24 00:42:27 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\default.rss
[2011/04/16 09:51:16 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/04/10 00:06:36 | 000,038,931 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\9C6A.7DE
[2011/02/21 21:00:21 | 2290,745,340 | ---- | C] () -- C:\Program Files\MSSetupv95.exe
[2011/02/14 00:12:20 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\myMPQ.ini
[2011/01/23 14:41:40 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\steam_md4.dat
[2011/01/09 17:54:51 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2011/01/09 17:54:51 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2011/01/09 17:54:51 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2011/01/09 17:54:50 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2011/01/09 17:54:49 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/09 17:54:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2011/01/09 17:54:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2011/01/09 17:34:00 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/01/09 17:06:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/09 17:06:27 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/29 22:20:36 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/21 01:59:40 | 000,271,200 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/11/20 02:46:37 | 000,241,200 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/20 02:46:33 | 000,241,200 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/20 02:46:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/20 02:45:51 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/20 02:04:00 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\PnkBstrK.sys
[2010/11/20 01:04:49 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/11/20 01:04:29 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/10/26 16:06:05 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe BMP Format CS5 Prefs
[2010/10/25 16:20:25 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe PNG Format CS5 Prefs
[2010/10/10 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/10 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/05/02 00:49:24 | 000,069,004 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/17 11:33:44 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/05 20:20:52 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/04/05 15:08:50 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/04 23:04:07 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/01/05 23:07:44 | 000,118,010 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2010/01/05 21:22:30 | 000,118,669 | ---- | C] () -- C:\WINDOWS\hpoins09.dat.temp
[2010/01/05 21:22:29 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat.temp
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/03 22:58:59 | 000,344,494 | ---- | C] () -- C:\WINDOWS\uninstall Canucks_.exe
[2009/07/27 12:13:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2009/07/25 01:49:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\RFP.ini
[2009/07/24 20:50:03 | 000,000,090 | -HS- | C] () -- C:\WINDOWS\cnerolf.dat
[2009/01/16 17:31:09 | 000,000,681 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2009/01/04 13:24:13 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/01/04 13:24:13 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2008/12/23 10:24:53 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/12/04 23:19:32 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/12/04 23:19:31 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/12/04 23:19:31 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/11/17 23:46:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/15 20:21:17 | 000,000,904 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/11/13 21:18:53 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/11 18:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/11 17:44:44 | 000,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2008/01/23 18:49:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\fs2cchk4.dll
[2006/05/25 12:59:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/25 12:38:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/25 12:35:01 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/05/25 12:34:21 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/05/25 12:34:21 | 000,001,235 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/05/25 12:34:13 | 000,012,987 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/25 12:34:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/25 12:31:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/25 12:30:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/25 12:20:57 | 000,000,184 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/25 12:19:43 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/05/25 12:19:43 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/25 12:14:55 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/05/25 12:13:56 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/25 12:11:03 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/25 12:11:03 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/25 12:09:47 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/25 11:49:22 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/25 11:49:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/25 11:49:06 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 17:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/03/09 10:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/08/30 21:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 21:07:46 | 000,443,646 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 21:07:46 | 000,071,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 21:05:30 | 003,613,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 21:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 20:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/02/24 16:59:49 | 000,318,014 | ---- | C] () -- C:\WINDOWS\System32\flt1chk4.dll
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 21:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 07:51:38 | 000,000,557 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/12/19 12:04:56 | 003,050,298 | ---- | C] () -- C:\WINDOWS\System32\PDFREPORT_XP.dll
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/08/23 08:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/01/23 19:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client
[2009/12/31 17:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
[2011/04/12 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bKn31002aLlMk31002
[2010/07/29 16:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CaptainSim
[2009/05/26 15:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2011/03/28 14:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2009/12/24 18:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2006/05/25 12:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/01/09 21:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/01/09 21:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/08/09 23:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/01/30 00:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/01/14 21:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/08/01 22:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iTunesFolderWatch
[2008/11/13 23:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/11/11 18:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/08/10 16:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/22 20:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2008/12/12 19:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/01/30 00:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/02/09 01:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/02/18 22:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/06/24 11:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/08/01 02:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/09 21:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011/04/01 20:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/29 20:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TmForever
[2009/03/31 19:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/14 16:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/03 14:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/20 22:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 10:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/12 16:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\.minecraft
[2011/02/20 03:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\2K Sports
[2010/08/31 19:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Atari
[2011/01/16 03:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Auslogics
[2011/05/12 17:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Blender Foundation
[2010/05/23 17:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DAEMON Tools Lite
[2010/06/23 22:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Facebook
[2011/06/18 18:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire
[2011/01/26 23:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ijjigame
[2010/08/07 21:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
[2010/06/30 23:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ImgBurn
[2010/08/31 19:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2010/07/09 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Nokia
[2010/05/01 15:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\PC Suite
[2010/08/01 02:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/25 22:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SystemRequirementsLab
[2010/11/12 14:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\temp
[2010/07/29 13:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TS3Client
[2011/06/24 17:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
[2010/07/27 15:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\VAT-Spy
[2011/06/24 17:17:49 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/01/01 12:54:09 | 000,000,190 | ---- | M] ()(C:\WINDOWS\?¯AVSCAN-20090101-115409-C9CB5DD0.avp) -- C:\WINDOWS\㔀̅AVSCAN-20090101-115409-C9CB5DD0.avp
[2009/01/01 12:54:09 | 000,000,190 | ---- | C] ()(C:\WINDOWS\?¯AVSCAN-20090101-115409-C9CB5DD0.avp) -- C:\WINDOWS\㔀̅AVSCAN-20090101-115409-C9CB5DD0.avp

========== Alternate Data Streams ==========

@Alternate Data Stream - 507 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1D5C6AA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00934A10
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

----------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------


OTL Extras logfile created on: 24/06/2011 6:24:38 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1022.48 Mb Total Physical Memory | 588.46 Mb Available Physical Memory | 57.55% Memory free
2.31 Gb Paging File | 1.92 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.10 Gb Total Space | 77.91 Gb Free Space | 43.75% Space Free | Partition Type: NTFS
Drive D: | 8.19 Gb Total Space | 0.55 Gb Free Space | 6.66% Space Free | Partition Type: FAT32

Computer Name: HENRYANDTHOMAS | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58208:TCP" = 58208:TCP:*:Enabled:Pando Media Booster
"58208:UDP" = 58208:UDP:*:Enabled:Pando Media Booster
"59103:TCP" = 59103:TCP:*:Enabled:Pando Media Booster
"59103:UDP" = 59103:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58208:TCP" = 58208:TCP:*:Enabled:Pando Media Booster
"58208:UDP" = 58208:UDP:*:Enabled:Pando Media Booster
"1119:TCP" = 1119:TCP:*:Enabled:sc2
"1119:UDP" = 1119:UDP:*:Enabled:scII
"1120:TCP" = 1120:TCP:*:Enabled:SCraft 2
"1120:UDP" = 1120:UDP:*:Enabled:SC2
"59103:TCP" = 59103:TCP:*:Enabled:Pando Media Booster
"59103:UDP" = 59103:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\2K Sports\NBA 2K11\nba2k11.exe" = C:\Program Files\2K Sports\NBA 2K11\nba2k11.exe:*:Enabled:2K Sports NBA 2K11 -- (2K Sports)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{164360E5-0AAD-48AD-8A36-3F8A859FAB6F}" = PMDG747_400F
"{188a765e-92ad-4918-8b0b-03282be23220}" = Nero InCD-Reader
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 26
"{2758F387-D016-4725-9D03-AB039364DF3D}" = PMDG_747-400_Sound_Update
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{304DAE83-906F-4005-BA09-2870349ABD14}" = PMDG 747-400 FS9 Update V1R12 (Unifies to FSX)
"{31088BCB-1A9F-431C-B7A5-829415637EF7}" = PMDG 747-400F GE China Southern Cargo
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{32939827-D8E5-470A-B126-870DB3C69FDF}" = Python 2.7.1
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{67f12a68-52b9-4a90-8204-5312c348c2b2}" = Nero InCD-Reader
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{765443B7-555F-4E8C-9C96-A52409AE4E4A}" = Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8302edd4-08a2-4820-9b9a-dcd400fd9e62}" = Nero InCD-Reader
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8BA8CE06-0C92-4A44-9924-2614DCD77F20}" = PMDG MD-11 FS9
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E63A443-BD9C-4E4F-9CF9-EBDD0E6B9812}" = PMDG 747-400F RR Cathay Pacific
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97679567-0095-464E-B5F2-E218A1CF3421}" = PMDG747_400 Queen of the Skies
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"763v2" = Level-D Simulations 767-300
"763v21" = Level-D Simulations 767-300 Update
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Blender" = Blender (remove only)
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CobBackup10" = Cobian Backup 10
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"DAEMON Tools Lite" = DAEMON Tools Lite
"DISCover" = DISCover
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FrostWire" = FrostWire 4.21.7
"Game Booster_is1" = Game Booster
"GamersFirst LIVE!" = GamersFirst LIVE!
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"ImgBurn" = ImgBurn
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare™ 1.1 Patch
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Revo Uninstaller" = Revo Uninstaller 1.91
"Speccy" = Speccy
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.1.9
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xfire" = Xfire (remove only)
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/06/2011 4:24:59 PM | Computer Name = HENRYANDTHOMAS | Source = Application Error | ID = 1000
Description = Faulting application nhl2009.exe, version 0.0.0.0, faulting module
nhl2009.exe, version 0.0.0.0, fault address 0x0044014b.

Error - 18/06/2011 4:26:07 PM | Computer Name = HENRYANDTHOMAS | Source = Application Error | ID = 1000
Description = Faulting application nhl2009.exe, version 0.0.0.0, faulting module
nhl2009.exe, version 0.0.0.0, fault address 0x0044014b.

Error - 18/06/2011 4:31:17 PM | Computer Name = HENRYANDTHOMAS | Source = Application Error | ID = 1000
Description = Faulting application nhl2009.exe, version 0.0.0.0, faulting module
nhl2009.exe, version 0.0.0.0, fault address 0x0044014b.

Error - 18/06/2011 10:34:32 PM | Computer Name = HENRYANDTHOMAS | Source = Application Error | ID = 1000
Description = Faulting application nhl2009.exe, version 0.0.0.0, faulting module
nhl2009.exe, version 0.0.0.0, fault address 0x0044014b.

Error - 19/06/2011 1:13:19 AM | Computer Name = HENRYANDTHOMAS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.3698, fault address 0x000aa220.

Error - 20/06/2011 3:11:33 AM | Computer Name = HENRYANDTHOMAS | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.5.172, faulting module
acrord32.dll, version 7.0.5.172, fault address 0x0006584e.

Error - 21/06/2011 3:12:41 AM | Computer Name = HENRYANDTHOMAS | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.54.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/06/2011 6:34:13 AM | Computer Name = HENRYANDTHOMAS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module shlwapi.dll, version 6.0.2900.3698, fault address 0x0002c4d8.

Error - 22/06/2011 3:00:13 PM | Computer Name = HENRYANDTHOMAS | Source = Application Error | ID = 1000
Description = Faulting application tw2008.exe, version 3.2.7.1, faulting module
quartz.dll, version 6.5.2600.3665, fault address 0x00088d42.

Error - 22/06/2011 9:39:09 PM | Computer Name = HENRYANDTHOMAS | Source = Application Error | ID = 1000
Description = Faulting application nhl2009.exe, version 0.0.0.0, faulting module
nhl2009.exe, version 0.0.0.0, fault address 0x0044014b.

[ OSession Events ]
Error - 23/04/2010 9:09:46 PM | Computer Name = HENRYANDTHOMAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6527.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 600
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/06/2011 5:48:08 PM | Computer Name = HENRYANDTHOMAS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001731AACD30 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/06/2011 5:53:52 PM | Computer Name = HENRYANDTHOMAS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001731AACD30 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/06/2011 6:07:46 PM | Computer Name = HENRYANDTHOMAS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001731AACD30 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/06/2011 6:09:56 PM | Computer Name = HENRYANDTHOMAS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001731AACD30 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/06/2011 6:24:23 PM | Computer Name = HENRYANDTHOMAS | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 24/06/2011 7:01:52 PM | Computer Name = HENRYANDTHOMAS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001731AACD30 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/06/2011 8:30:04 PM | Computer Name = HENRYANDTHOMAS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001731AACD30 has been denied by the DHCP server 64.59.144.40 (The DHCP Server
sent a DHCPNACK message).

Error - 24/06/2011 8:30:05 PM | Computer Name = HENRYANDTHOMAS | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 24/06/2011 8:34:52 PM | Computer Name = HENRYANDTHOMAS | Source = Dhcp | ID = 1002
Description = The IP address lease 70.68.62.97 for the Network Card with network
address 001731AACD30 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/06/2011 8:37:49 PM | Computer Name = HENRYANDTHOMAS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001731AACD30 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Attached Files


Edited by ChineseLaxer, 24 June 2011 - 08:35 PM.


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:44 AM

Posted 24 June 2011 - 08:49 PM

Hi,

Please do the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local>
    FF - prefs.js..network.proxy.http_port: 52586
    O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found.
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    [2011/06/03 00:25:44 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372
    [2011/06/03 00:25:43 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372r
    [2011/06/03 00:12:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15982372
    [2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt
    [2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt
    [2011/05/22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y
    [2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\x10e05rp0it3eboqp5
    [2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x10e05rp0it3eboqp5
    [2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub
    [2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub
    [2011/04/27 20:03:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bnawewizutero.dat
    [2011/04/27 20:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bxujuwa.bin
    [2011/04/12 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bKn31002aLlMk31002
    
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptyflash]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT



submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file C:\Documents and Settings\Compaq_Administrator\Application Data\9C6A.7DE
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.


Make sure you have copied and saved the results before continuing.
Do the same for the following file
C:\WINDOWS\System32\fs2cchk4.dll

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 ChineseLaxer

ChineseLaxer
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 June 2011 - 09:11 PM

OTL logfile created on: 24/06/2011 6:59:24 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1022.48 Mb Total Physical Memory | 564.25 Mb Available Physical Memory | 55.18% Memory free
2.31 Gb Paging File | 1.90 Gb Available in Paging File | 82.49% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.10 Gb Total Space | 77.89 Gb Free Space | 43.74% Space Free | Partition Type: NTFS
Drive D: | 8.19 Gb Total Space | 0.55 Gb Free Space | 6.66% Space Free | Partition Type: FAT32

Computer Name: HENRYANDTHOMAS | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/24 18:23:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/04/27 15:12:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 14:46:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/20 17:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2010/11/03 00:39:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/29 11:20:10 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2011/06/24 18:23:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/27 15:12:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 14:46:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/21 13:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/29 11:20:10 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/06/29 01:46:00 | 023,276,032 | R-S- | M] (Safer Networking Limited ) [Auto | Running] -- C:\WINDOWS\system32\Rpcqt.dll -- (RPCQT) Remote Procedure Call (CQTPM)


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 14:46:15 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/26 23:30:39 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/23 15:41:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/09/07 13:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/05/23 17:21:32 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/06 12:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/10/06 12:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/23 10:41:58 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/30 12:15:54 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2009/07/07 19:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/17 19:22:56 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2009/02/17 19:22:54 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2009/02/17 19:22:52 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/10 14:46:53 | 001,966,312 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/03/08 13:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local>

========== FireFox ==========

FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.asktb.ff-original-keyword-url: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B24DDCDE-70D6-4BB8-917D-FA6EB9857738}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52586
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 18:08:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 18:08:35 | 000,000,000 | ---D | M]

[2010/04/10 12:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2010/04/10 12:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/23 13:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions
[2011/06/18 09:09:32 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/04/07 14:57:00 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/03/12 08:47:22 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions\personas@christopher.beard
[2011/05/14 12:04:16 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\searchplugins\askcom.xml
[2011/06/24 13:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 00:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/24 13:11:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BG0FNMK7.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BG0FNMK7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/04/04 23:34:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/18 18:08:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/21 18:17:06 | 000,103,864 | ---- | M] (ASP) -- C:\Program Files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
[2010/07/27 17:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 19:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/02/23 10:45:06 | 000,177,592 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2011/05/18 18:08:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/23 20:08:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 21:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/24 18:23:52 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/24 13:11:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/24 13:11:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/24 13:11:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/24 13:06:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/23 20:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/23 16:06:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/23 16:01:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/23 16:01:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/23 16:01:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/23 16:01:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/23 15:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/23 15:56:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/23 15:55:44 | 004,135,090 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2011/06/22 20:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/06/22 20:26:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/06/20 23:11:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/06/20 23:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Safe mirror
[2011/06/20 23:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2011/06/20 23:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/06/20 00:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/14 18:37:23 | 000,000,000 | ---D | C] -- C:\Backup
[2011/06/14 18:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\NHL Files
[2011/06/14 17:39:27 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/06/10 19:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2011/06/10 19:40:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/10 17:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
[2011/06/10 17:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/10 17:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\SUPERAntiSpyware
[2011/06/10 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/10 00:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoSpirit Pro
[2011/06/05 22:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\FrostWire
[2011/06/05 17:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Tiger Woods PGA TOUR 08
[2011/06/03 17:12:53 | 000,141,120 | ---- | C] (GridinSoft) -- C:\Documents and Settings\Compaq_Administrator\Desktop\unhider.exe
[2011/05/26 21:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/05/26 00:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\MetaStream
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 18:23:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/24 18:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/24 17:22:06 | 000,443,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/24 17:22:06 | 000,071,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/24 17:17:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/24 17:17:49 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/06/24 17:17:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/24 17:17:41 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 13:13:57 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to StarCraft II.lnk
[2011/06/24 11:33:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/06/24 11:33:03 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GamersFirst LIVE!.lnk
[2011/06/23 20:08:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/23 16:07:02 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/23 15:55:51 | 004,135,090 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2011/06/22 21:38:01 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\msexcr.ini
[2011/06/22 14:41:14 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2011/06/22 13:02:08 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 22:59:52 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\defogger_reenable
[2011/06/20 14:42:52 | 000,000,279 | ---- | M] () -- C:\Boot.bak
[2011/06/20 00:01:41 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/14 19:40:58 | 000,001,661 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NHL® 12.lnk
[2011/06/14 17:39:27 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/06/12 23:33:38 | 000,368,953 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MiniToolBox.exe
[2011/06/10 17:45:37 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/07 19:22:56 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Audacity.lnk
[2011/06/05 22:00:13 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/06/05 22:00:13 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FrostWire 4.21.7.lnk
[2011/06/05 17:46:13 | 000,001,939 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tiger Woods PGA TOUR 08 (2).lnk
[2011/06/05 16:17:33 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/04 23:39:37 | 000,434,050 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110607-234842.backup
[2011/06/04 23:03:11 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to avcenter.lnk
[2011/06/04 23:02:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to mbam.lnk
[2011/06/04 22:59:17 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to iTunes.lnk
[2011/06/03 17:32:20 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Firefox.lnk
[2011/06/03 16:40:03 | 000,141,120 | ---- | M] (GridinSoft) -- C:\Documents and Settings\Compaq_Administrator\Desktop\unhider.exe
[2011/06/03 00:25:44 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372
[2011/06/03 00:25:43 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372r
[2011/06/03 00:12:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15982372
[2011/06/01 23:02:53 | 003,713,534 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\guitarjamz_ultimate_guitar_manual.pdf
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/24 13:13:57 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to StarCraft II.lnk
[2011/06/24 11:33:03 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/06/24 11:33:03 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GamersFirst LIVE!.lnk
[2011/06/23 16:01:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/23 16:01:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/23 16:01:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/23 16:01:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/23 16:01:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/22 21:38:00 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2011/06/20 22:59:31 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\defogger_reenable
[2011/06/20 00:01:41 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/18 20:51:33 | 102,280,423 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Adobe Flash CS3.exe
[2011/06/14 17:59:08 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NHL® 12.lnk
[2011/06/12 23:33:39 | 000,368,953 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MiniToolBox.exe
[2011/06/10 19:40:23 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/10 17:45:37 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/07 19:22:56 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Audacity.lnk
[2011/06/05 22:00:13 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/06/05 22:00:13 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FrostWire 4.21.7.lnk
[2011/06/05 17:46:13 | 000,001,939 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tiger Woods PGA TOUR 08 (2).lnk
[2011/06/04 23:03:11 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to avcenter.lnk
[2011/06/04 23:02:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to mbam.lnk
[2011/06/04 22:59:17 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to iTunes.lnk
[2011/06/03 17:32:20 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Firefox.lnk
[2011/06/03 15:19:10 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/03 00:12:57 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15982372r
[2011/06/03 00:12:57 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15982372
[2011/06/03 00:12:45 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15982372
[2011/06/01 23:02:45 | 003,713,534 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\guitarjamz_ultimate_guitar_manual.pdf
[2011/05/27 00:33:30 | 000,011,516 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/27 00:33:30 | 000,011,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/23 15:11:30 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/05/22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y
[2011/05/22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y
[2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\x10e05rp0it3eboqp5
[2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x10e05rp0it3eboqp5
[2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub
[2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub
[2011/04/27 20:03:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bnawewizutero.dat
[2011/04/27 20:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bxujuwa.bin
[2011/04/24 00:42:27 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\default.rss
[2011/04/16 09:51:16 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/04/10 00:06:36 | 000,038,931 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\9C6A.7DE
[2011/02/21 21:00:21 | 2290,745,340 | ---- | C] () -- C:\Program Files\MSSetupv95.exe
[2011/02/14 00:12:20 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\myMPQ.ini
[2011/01/23 14:41:40 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\steam_md4.dat
[2011/01/09 17:54:51 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2011/01/09 17:54:51 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2011/01/09 17:54:51 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2011/01/09 17:54:50 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2011/01/09 17:54:49 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/09 17:54:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2011/01/09 17:54:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2011/01/09 17:34:00 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/01/09 17:06:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/09 17:06:27 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/29 22:20:36 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/21 01:59:40 | 000,271,200 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/11/20 02:46:37 | 000,241,200 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/20 02:46:33 | 000,241,200 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/20 02:46:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/20 02:45:51 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/20 02:04:00 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\PnkBstrK.sys
[2010/11/20 01:04:49 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/11/20 01:04:29 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/10/26 16:06:05 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe BMP Format CS5 Prefs
[2010/10/25 16:20:25 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe PNG Format CS5 Prefs
[2010/10/10 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/10 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/05/02 00:49:24 | 000,069,004 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/17 11:33:44 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/05 20:20:52 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/04/05 15:08:50 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/04 23:04:07 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/01/05 23:07:44 | 000,118,010 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2010/01/05 21:22:30 | 000,118,669 | ---- | C] () -- C:\WINDOWS\hpoins09.dat.temp
[2010/01/05 21:22:29 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat.temp
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/03 22:58:59 | 000,344,494 | ---- | C] () -- C:\WINDOWS\uninstall Canucks_.exe
[2009/07/27 12:13:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2009/07/25 01:49:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\RFP.ini
[2009/07/24 20:50:03 | 000,000,090 | -HS- | C] () -- C:\WINDOWS\cnerolf.dat
[2009/01/16 17:31:09 | 000,000,681 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2009/01/04 13:24:13 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/01/04 13:24:13 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2008/12/23 10:24:53 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/12/04 23:19:32 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/12/04 23:19:31 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/12/04 23:19:31 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/11/17 23:46:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/15 20:21:17 | 000,000,904 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/11/13 21:18:53 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/11 18:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/11 17:44:44 | 000,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2008/01/23 18:49:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\fs2cchk4.dll
[2006/05/25 12:59:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/25 12:38:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/25 12:35:01 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/05/25 12:34:21 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/05/25 12:34:21 | 000,001,235 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/05/25 12:34:13 | 000,012,987 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/25 12:34:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/25 12:31:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/25 12:30:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/25 12:20:57 | 000,000,184 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/25 12:19:43 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/05/25 12:19:43 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/25 12:14:55 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/05/25 12:13:56 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/25 12:11:03 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/25 12:11:03 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/25 12:09:47 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/25 11:49:22 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/25 11:49:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/25 11:49:06 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 17:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/03/09 10:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/08/30 21:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 21:07:46 | 000,443,646 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 21:07:46 | 000,071,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 21:05:30 | 003,613,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 21:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 20:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/02/24 16:59:49 | 000,318,014 | ---- | C] () -- C:\WINDOWS\System32\flt1chk4.dll
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 21:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 07:51:38 | 000,000,557 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/12/19 12:04:56 | 003,050,298 | ---- | C] () -- C:\WINDOWS\System32\PDFREPORT_XP.dll
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/08/23 08:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< :OTL >

< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local> >

< FF - prefs.js..network.proxy.http_port: 52586 >

< O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found. >

< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. >

< O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found. >

< O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. >

< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >

< O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites) >

< O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites) >

< [2011/06/03 00:25:44 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372 >
Invalid Switch: 03 00:25:44 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372


< [2011/06/03 00:25:43 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372r >
Invalid Switch: 03 00:25:43 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372r


< [2011/06/03 00:12:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15982372 >
Invalid Switch: 03 00:12:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15982372


< [2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt >
Invalid Switch: 27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt


< [2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt >
Invalid Switch: 27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt


< [2011/05/22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y >
Invalid Switch: 22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y


< [2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\x10e05rp0it3eboqp5 >
Invalid Switch: 13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\x10e05rp0it3eboqp5


< [2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x10e05rp0it3eboqp5 >
Invalid Switch: 13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x10e05rp0it3eboqp5


< [2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub >
Invalid Switch: 05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub


< [2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub >
Invalid Switch: 05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub


< [2011/04/27 20:03:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bnawewizutero.dat >
Invalid Switch: 27 20:03:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bnawewizutero.dat


< [2011/04/27 20:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bxujuwa.bin >
Invalid Switch: 27 20:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bxujuwa.bin


< [2011/04/12 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bKn31002aLlMk31002 >
Invalid Switch: 12 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bKn31002aLlMk31002


< >

< >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< >

< :Commands >

< [resethosts] >

< [emptyflash] >

< [purity] >

< [emptytemp] >

< [Reboot] >

========== Files - Unicode (All) ==========
[2009/01/01 12:54:09 | 000,000,190 | ---- | M] ()(C:\WINDOWS\?¯AVSCAN-20090101-115409-C9CB5DD0.avp) -- C:\WINDOWS\㔀̅AVSCAN-20090101-115409-C9CB5DD0.avp
[2009/01/01 12:54:09 | 000,000,190 | ---- | C] ()(C:\WINDOWS\?¯AVSCAN-20090101-115409-C9CB5DD0.avp) -- C:\WINDOWS\㔀̅AVSCAN-20090101-115409-C9CB5DD0.avp

========== Alternate Data Streams ==========

@Alternate Data Stream - 507 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1D5C6AA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00934A10
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >




9c6a.7DE File Link
= http://www.virustotal.com/file-scan/report.html?id=69139000ccc65313dd6be5a0ae4a6a83dad0f90c8bad9fdd2832d34021e167f1-1308966987

fs2cchk4.dll File Link = http://www.virustotal.com/file-scan/report.html?id=c742c540cae61faa0b155f6d8a8dde4059bf65eb074ebf90617c07363513b5de-1308967130

Attached Files

  • Attached File  OTL.Txt   106.53KB   1 downloads


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:44 AM

Posted 24 June 2011 - 09:17 PM

Hi

That fix didn't appear to have run properly

please give it another try

please copy then paste the entries in the code box iinto the Custom Scans/Fixes box located at the bottom of OTL

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL fix log that it produces

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 ChineseLaxer

ChineseLaxer
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 June 2011 - 09:27 PM

OTL logfile created on: 24/06/2011 7:20:23 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1022.48 Mb Total Physical Memory | 602.88 Mb Available Physical Memory | 58.96% Memory free
2.31 Gb Paging File | 1.93 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.10 Gb Total Space | 77.89 Gb Free Space | 43.73% Space Free | Partition Type: NTFS
Drive D: | 8.19 Gb Total Space | 0.55 Gb Free Space | 6.66% Space Free | Partition Type: FAT32

Computer Name: HENRYANDTHOMAS | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/24 18:23:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/04/27 15:12:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 14:46:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/03 00:39:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/29 11:20:10 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2011/06/24 18:23:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/27 15:12:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 14:46:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/21 13:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/29 11:20:10 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/06/29 01:46:00 | 023,276,032 | R-S- | M] (Safer Networking Limited ) [Auto | Running] -- C:\WINDOWS\system32\Rpcqt.dll -- (RPCQT) Remote Procedure Call (CQTPM)


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 14:46:15 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/26 23:30:39 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/23 15:41:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/09/07 13:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/05/23 17:21:32 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/06 12:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/10/06 12:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/23 10:41:58 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/30 12:15:54 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2009/07/07 19:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/17 19:22:56 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2009/02/17 19:22:54 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2009/02/17 19:22:52 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/10 14:46:53 | 001,966,312 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/03/08 13:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local>

========== FireFox ==========

FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.asktb.ff-original-keyword-url: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B24DDCDE-70D6-4BB8-917D-FA6EB9857738}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52586
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 18:08:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 18:08:35 | 000,000,000 | ---D | M]

[2010/04/10 12:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2010/04/10 12:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/23 13:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions
[2011/06/18 09:09:32 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/04/07 14:57:00 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/03/12 08:47:22 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\extensions\personas@christopher.beard
[2011/05/14 12:04:16 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bg0fnmk7.default\searchplugins\askcom.xml
[2011/06/24 13:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 00:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/24 13:11:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BG0FNMK7.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BG0FNMK7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/04/04 23:34:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/18 18:08:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/21 18:17:06 | 000,103,864 | ---- | M] (ASP) -- C:\Program Files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
[2010/07/27 17:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 19:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/02/23 10:45:06 | 000,177,592 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2011/05/18 18:08:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/23 20:08:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 21:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/24 18:23:52 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/24 13:11:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/24 13:11:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/24 13:11:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/24 13:06:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/23 20:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/23 16:06:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/23 16:01:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/23 16:01:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/23 16:01:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/23 16:01:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/23 15:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/23 15:56:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/23 15:55:44 | 004,135,090 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2011/06/22 20:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/06/22 20:26:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/06/20 23:11:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/06/20 23:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Safe mirror
[2011/06/20 23:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2011/06/20 23:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/06/20 00:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/14 18:37:23 | 000,000,000 | ---D | C] -- C:\Backup
[2011/06/14 18:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\NHL Files
[2011/06/14 17:39:27 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/06/10 19:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2011/06/10 19:40:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/10 17:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
[2011/06/10 17:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/10 17:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\SUPERAntiSpyware
[2011/06/10 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/10 00:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoSpirit Pro
[2011/06/05 22:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\FrostWire
[2011/06/05 17:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Tiger Woods PGA TOUR 08
[2011/06/03 17:12:53 | 000,141,120 | ---- | C] (GridinSoft) -- C:\Documents and Settings\Compaq_Administrator\Desktop\unhider.exe
[2011/05/26 21:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/05/26 00:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\MetaStream
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 19:07:38 | 000,443,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/24 19:07:38 | 000,071,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/24 19:06:45 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/24 19:05:27 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/06/24 19:03:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/24 19:03:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/24 19:03:09 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 18:23:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/24 13:13:57 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to StarCraft II.lnk
[2011/06/24 11:33:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/06/24 11:33:03 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GamersFirst LIVE!.lnk
[2011/06/23 20:08:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/23 16:07:02 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/23 15:55:51 | 004,135,090 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2011/06/22 21:38:01 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\msexcr.ini
[2011/06/22 14:41:14 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2011/06/22 13:02:08 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 22:59:52 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\defogger_reenable
[2011/06/20 14:42:52 | 000,000,279 | ---- | M] () -- C:\Boot.bak
[2011/06/20 00:01:41 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/14 19:40:58 | 000,001,661 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NHL® 12.lnk
[2011/06/14 17:39:27 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/06/12 23:33:38 | 000,368,953 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MiniToolBox.exe
[2011/06/10 17:45:37 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/07 19:22:56 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Audacity.lnk
[2011/06/05 22:00:13 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/06/05 22:00:13 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FrostWire 4.21.7.lnk
[2011/06/05 17:46:13 | 000,001,939 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tiger Woods PGA TOUR 08 (2).lnk
[2011/06/05 16:17:33 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/04 23:39:37 | 000,434,050 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110607-234842.backup
[2011/06/04 23:03:11 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to avcenter.lnk
[2011/06/04 23:02:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to mbam.lnk
[2011/06/04 22:59:17 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to iTunes.lnk
[2011/06/03 17:32:20 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Firefox.lnk
[2011/06/03 16:40:03 | 000,141,120 | ---- | M] (GridinSoft) -- C:\Documents and Settings\Compaq_Administrator\Desktop\unhider.exe
[2011/06/03 00:25:44 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372
[2011/06/03 00:25:43 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372r
[2011/06/03 00:12:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15982372
[2011/06/01 23:02:53 | 003,713,534 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\guitarjamz_ultimate_guitar_manual.pdf
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/24 13:13:57 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to StarCraft II.lnk
[2011/06/24 11:33:03 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/06/24 11:33:03 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GamersFirst LIVE!.lnk
[2011/06/23 16:01:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/23 16:01:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/23 16:01:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/23 16:01:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/23 16:01:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/22 21:38:00 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2011/06/20 22:59:31 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\defogger_reenable
[2011/06/20 00:01:41 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/18 20:51:33 | 102,280,423 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Adobe Flash CS3.exe
[2011/06/14 17:59:08 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NHL® 12.lnk
[2011/06/12 23:33:39 | 000,368,953 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MiniToolBox.exe
[2011/06/10 19:40:23 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/10 17:45:37 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/07 19:22:56 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Audacity.lnk
[2011/06/05 22:00:13 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.7.lnk
[2011/06/05 22:00:13 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FrostWire 4.21.7.lnk
[2011/06/05 17:46:13 | 000,001,939 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tiger Woods PGA TOUR 08 (2).lnk
[2011/06/04 23:03:11 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to avcenter.lnk
[2011/06/04 23:02:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to mbam.lnk
[2011/06/04 22:59:17 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to iTunes.lnk
[2011/06/03 17:32:20 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Firefox.lnk
[2011/06/03 15:19:10 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/03 00:12:57 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15982372r
[2011/06/03 00:12:57 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15982372
[2011/06/03 00:12:45 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15982372
[2011/06/01 23:02:45 | 003,713,534 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\guitarjamz_ultimate_guitar_manual.pdf
[2011/05/27 00:33:30 | 000,011,516 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/27 00:33:30 | 000,011,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/23 15:11:30 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/05/22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y
[2011/05/22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y
[2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\x10e05rp0it3eboqp5
[2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x10e05rp0it3eboqp5
[2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub
[2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub
[2011/04/27 20:03:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bnawewizutero.dat
[2011/04/27 20:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bxujuwa.bin
[2011/04/24 00:42:27 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\default.rss
[2011/04/16 09:51:16 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/04/10 00:06:36 | 000,038,931 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\9C6A.7DE
[2011/02/21 21:00:21 | 2290,745,340 | ---- | C] () -- C:\Program Files\MSSetupv95.exe
[2011/02/14 00:12:20 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\myMPQ.ini
[2011/01/23 14:41:40 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\steam_md4.dat
[2011/01/09 17:54:51 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2011/01/09 17:54:51 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2011/01/09 17:54:51 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2011/01/09 17:54:51 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2011/01/09 17:54:50 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2011/01/09 17:54:49 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/09 17:54:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2011/01/09 17:54:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2011/01/09 17:54:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2011/01/09 17:34:00 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/01/09 17:06:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/09 17:06:27 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/29 22:20:36 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/21 01:59:40 | 000,271,200 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/11/20 02:46:37 | 000,241,200 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/20 02:46:33 | 000,241,200 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/20 02:46:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/20 02:45:51 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/20 02:04:00 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\PnkBstrK.sys
[2010/11/20 01:04:49 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/11/20 01:04:29 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/10/26 16:06:05 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe BMP Format CS5 Prefs
[2010/10/25 16:20:25 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe PNG Format CS5 Prefs
[2010/10/10 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/10 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/05/02 00:49:24 | 000,069,004 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/17 11:33:44 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/05 20:20:52 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/04/05 15:08:50 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/04 23:04:07 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/01/05 23:07:44 | 000,118,010 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2010/01/05 21:22:30 | 000,118,669 | ---- | C] () -- C:\WINDOWS\hpoins09.dat.temp
[2010/01/05 21:22:29 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat.temp
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/03 22:58:59 | 000,344,494 | ---- | C] () -- C:\WINDOWS\uninstall Canucks_.exe
[2009/07/27 12:13:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2009/07/25 01:49:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\RFP.ini
[2009/07/24 20:50:03 | 000,000,090 | -HS- | C] () -- C:\WINDOWS\cnerolf.dat
[2009/01/16 17:31:09 | 000,000,681 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2009/01/04 13:24:13 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/01/04 13:24:13 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2008/12/23 10:24:53 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/12/04 23:19:32 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/12/04 23:19:31 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/12/04 23:19:31 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/11/17 23:46:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/15 20:21:17 | 000,000,904 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/11/13 21:18:53 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/11 18:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/11 17:44:44 | 000,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2008/01/23 18:49:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\fs2cchk4.dll
[2006/05/25 12:59:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/25 12:38:31 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/25 12:35:01 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/05/25 12:34:21 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/05/25 12:34:21 | 000,001,235 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/05/25 12:34:13 | 000,012,987 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/25 12:34:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/25 12:31:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/25 12:30:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/25 12:20:57 | 000,000,184 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/25 12:19:43 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/05/25 12:19:43 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/25 12:14:55 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/05/25 12:13:56 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/25 12:11:03 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/25 12:11:03 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/25 12:09:47 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/25 11:49:22 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/25 11:49:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/25 11:49:06 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 17:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/03/09 10:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/08/30 21:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 21:07:46 | 000,443,646 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 21:07:46 | 000,071,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 21:05:30 | 003,613,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 21:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 20:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/02/24 16:59:49 | 000,318,014 | ---- | C] () -- C:\WINDOWS\System32\flt1chk4.dll
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 21:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 07:51:38 | 000,000,557 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/12/19 12:04:56 | 003,050,298 | ---- | C] () -- C:\WINDOWS\System32\PDFREPORT_XP.dll
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/08/23 08:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< :OTL >

< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local;<local> >

< FF - prefs.js..network.proxy.http_port: 52586 >

< O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found. >

< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. >

< O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found. >

< O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. >

< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >

< O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites) >

< O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites) >

< [2011/06/03 00:25:44 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372 >
Invalid Switch: 03 00:25:44 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372


< [2011/06/03 00:25:43 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372r >
Invalid Switch: 03 00:25:43 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15982372r


< [2011/06/03 00:12:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15982372 >
Invalid Switch: 03 00:12:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15982372


< [2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt >
Invalid Switch: 27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\232r7u660p253f31dil511257hxrt


< [2011/05/27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt >
Invalid Switch: 27 00:41:45 | 000,011,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\232r7u660p253f31dil511257hxrt


< [2011/05/22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y >
Invalid Switch: 22 17:50:52 | 000,016,724 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y


< [2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\x10e05rp0it3eboqp5 >
Invalid Switch: 13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\x10e05rp0it3eboqp5


< [2011/05/13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x10e05rp0it3eboqp5 >
Invalid Switch: 13 22:03:49 | 000,014,978 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x10e05rp0it3eboqp5


< [2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub >
Invalid Switch: 05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub


< [2011/05/05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub >
Invalid Switch: 05 20:49:52 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\efw7mk2wi2bny11j802y46e84pgr574ub


< [2011/04/27 20:03:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bnawewizutero.dat >
Invalid Switch: 27 20:03:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bnawewizutero.dat


< [2011/04/27 20:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bxujuwa.bin >
Invalid Switch: 27 20:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bxujuwa.bin


< [2011/04/12 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bKn31002aLlMk31002 >
Invalid Switch: 12 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bKn31002aLlMk31002


< >

< >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< >

< :Commands >

< [resethosts] >

< [emptyflash] >

< [purity] >

< [emptytemp] >

< [Reboot] >

< >

< >

========== Files - Unicode (All) ==========
[2009/01/01 12:54:09 | 000,000,190 | ---- | M] ()(C:\WINDOWS\?¯AVSCAN-20090101-115409-C9CB5DD0.avp) -- C:\WINDOWS\㔀̅AVSCAN-20090101-115409-C9CB5DD0.avp
[2009/01/01 12:54:09 | 000,000,190 | ---- | C] ()(C:\WINDOWS\?¯AVSCAN-20090101-115409-C9CB5DD0.avp) -- C:\WINDOWS\㔀̅AVSCAN-20090101-115409-C9CB5DD0.avp

========== Alternate Data Streams ==========

@Alternate Data Stream - 507 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1D5C6AA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00934A10
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Attached Files

  • Attached File  OTL.Txt   106.44KB   0 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users