Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with nasty trojan


  • This topic is locked This topic is locked
30 replies to this topic

#1 logit

logit

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 08 November 2011 - 09:43 PM

Hi guys,

I have major problems with my pc (it is now unuseable) and would greatly appreciate your help.

System: XP sp 3

Problem: was surfing the web and avira popped up to say a trojan had been detected. I denied access and thought that was the end of things. Rebooted the PC later that day and when XP loaded up I had the following problems:

- desktop blank and quick launch bar removed
- ALL my files and programme files can't be accessed. (when you click on the start button, it's just blank).
- Internet isn't working - warning that there are probs with IE.
- Random programs and warnings keep popping up trying to scan my machine for errors saying that there are multiple problems with the PC (Hard disc problems, RAM errors etc.). I also receive loads of "Windows - Delayed Write Failed" dialog boxes. I assume this is the trojan at work.

What I've done:

- You may curse me for this, but my first action was to run combofix (via a flash drive). However, like all the programs I've subsequently tried to run, it just freezes at the point where it says "scanning for infected files... this typically doesn't take more than 10mins but may double for badly infected machines". I've tried to run it about 10 times (both in safe mode and normally), but it always freezes at this point (having been left for over 3 hours!). Bizarrely, on one occasion, I got a pop up with the following message, "rootkit.zeroaccess has inserted into tcp/ip stack" and something about how it is a difficult trojan to remove.

- Attempts to run DDS have failed. I've tried to run it from a flash USB drive, but it either freezes at the start, or the window gets shutdown. I can only run GMER in safe mode (or the same thing happens as DDS) but i can only scan for services, registry, files and ADS. All of the other options are blanked out so i can't (de)select them.

I would really appreciate your help with this. My computer is unuseable, and there are some important files on there that i need to access (stupidly haven't backed them up - d'oh!).

Thanks!

Attached Files

  • Attached File  ark.log   13.77KB   4 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 13 November 2011 - 09:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426995 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 14 November 2011 - 12:17 PM

Hi, can you please download and run unhide.exe and let me know if that makes your files visible?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 logit

logit
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 14 November 2011 - 12:24 PM

14 November update:

Hi, thanks for helping me out with this. My computer is still unresponsive. I do not have access to any of my files on the computer or program files (the HD 'appears' to be blank)

I cannot run any programs off a usb flash drive when booting normally. When in safe mode, I can run GMER (new log attached to this post - though the only check boxes i can select are: services, registry, files and ADS. The other boxes are greyed out). I cannot run DDS - the black window always freezes at the start of the scan.

I have tried to run combofix on further occasions, but it always freezes at the same point as outlined in my above post - I have not seen the dialog box informing me that I may be infected with rootkit.zeroaccess since the one time it flashed up. EDIT: on the last occasion, the scan seemed to go a bit further (run in safe mode), and it seemed to skip to stage 49 and deleted TEMP folder and something to do with system restore - unfortunately it froze at the 'preparing log report' screen, so I dont have the report.

I have the original Windows XP Home Edition CD available (SP3)

Many thanks for all your help!

Attached Files

  • Attached File  ark.log   13.77KB   0 downloads


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 14 November 2011 - 12:47 PM

Hi, please try the following from Safe Mode from your flash drive.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 logit

logit
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 14 November 2011 - 01:21 PM

Hi, thanks for looking at this.

I have run unhide.exe (in safe mode) and I can now see and access my personal files and documents! Success! However, whilst I can now also see all the programme files via the start menu, most of the programmes appear to be empty (including MS Office and all of the virus/malware scanners I have installed). Strange. The OTL scan reports are below:

OTL

OTL logfile created on: 14/11/2011 18:08:33 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Zish\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.07 Mb Total Physical Memory | 700.38 Mb Available Physical Memory | 68.52% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.23% Paging File free
Paging file location(s): C:\pagefile.sys 1533 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 58.27 Gb Free Space | 39.10% Space Free | Partition Type: NTFS
Drive E: | 978.72 Mb Total Space | 949.80 Mb Free Space | 97.04% Space Free | Partition Type: FAT

Computer Name: JD-043BD9CCC83F | User Name: Zish | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 18:07:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zish\Desktop\OTL.exe
PRC - [2011/07/31 18:28:11 | 001,378,040 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/07/31 18:28:21 | 000,177,624 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/07/31 18:28:20 | 000,300,368 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/07/31 18:28:17 | 000,272,368 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2010/10/22 19:18:11 | 000,400,704 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2004/03/25 06:01:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Sonic\RecordNow!\shlext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/07/31 18:28:11 | 001,378,040 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/24 16:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/08/06 08:18:51 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/09 20:46:56 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/09 13:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 16:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/14 00:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/10 20:01:10 | 000,110,592 | ---- | M] (NinjaVideo) [Auto | Stopped] -- C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe -- (NinjaVideo Helper.exe)
SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/06/07 15:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
SRV - [2006/09/28 14:13:20 | 000,204,800 | ---- | M] (Anti-Malware Development a.s.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/31 18:28:22 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/23 07:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/13 14:52:36 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/13 14:52:36 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/06/13 14:52:36 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/07 20:30:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/09 20:46:56 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/27 13:27:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 10:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/25 12:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 12:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 12:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/13 19:15:45 | 000,064,512 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2006/09/28 14:13:34 | 000,004,096 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2006/09/05 16:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/03/24 15:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/20 22:14:28 | 000,646,825 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/11/20 22:13:40 | 001,232,741 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/11/20 22:12:56 | 000,059,717 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/11/20 22:12:42 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 21:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google.co.uk"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.3
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Zish\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Zish\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/07 18:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 18:37:26 | 000,000,000 | ---D | M]

[2009/05/08 11:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Extensions
[2009/05/08 11:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/04/14 16:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/07 19:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions
[2010/07/20 17:15:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/05/10 00:51:50 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008/09/23 15:32:04 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/12/07 19:20:13 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\toolbar@ask.com
[2008/09/23 15:32:01 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\searchplugins\sweetim.xml
[2011/01/06 18:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/10 14:46:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 19:37:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 18:58:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/07/10 14:46:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/02/27 16:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2008/01/23 06:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/01/04 15:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 19:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/14 16:36:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SYSTRAN Premium 5.0 ) - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll (SYSTRAN)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GoEEXkUVxKiuuCO.exe] C:\Documents and Settings\All Users\Application Data\GoEEXkUVxKiuuCO.exe File not found
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 3.0\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [userinit] C:\WINDOWS\AppPatch\wqaxie.exe ()
O4 - HKU\S-1-5-18..\Run: [userinit] C:\WINDOWS\AppPatch\wqaxie.exe ()
F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\apppatch\wqaxie.exe) -C:\WINDOWS\AppPatch\wqaxie.exe ()
F3 - HKU\.DEFAULT WinNT: Run - (C:\WINDOWS\apppatch\wqaxie.exe) -C:\WINDOWS\AppPatch\wqaxie.exe ()
F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\apppatch\wqaxie.exe) -C:\WINDOWS\AppPatch\wqaxie.exe ()
F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\apppatch\wqaxie.exe) -C:\WINDOWS\AppPatch\wqaxie.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: run = C:\WINDOWS\apppatch\wqaxie.exe ()
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: run = C:\WINDOWS\apppatch\wqaxie.exe ()
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: ImTranslator - C:\Program Files\Smart Link\ImTranslator for IE\startup.html ()
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 File not found
O15 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} http://download.paltalk.com/wcloader_prod/wcloader.cab (WCLoaderCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://www.imgag.com/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA7690BC-829C-4AF4-9526-02FC0B92C7C5}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (C:\WINDOWS\apppatch\wqaxie.exe) -C:\WINDOWS\AppPatch\wqaxie.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\apppatch\wqaxie.exe) -C:\WINDOWS\AppPatch\wqaxie.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/20 01:02:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-1958367476-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 18:07:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zish\Desktop\OTL.exe
[2011/11/14 17:55:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/14 17:25:37 | 000,000,000 | --SD | C] -- C:\schauber11424s
[2011/11/14 16:35:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/11 21:09:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zish\Recent
[2011/11/09 01:58:07 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/11/08 01:17:38 | 000,000,000 | ---D | C] -- C:\schauber14349s
[2011/11/07 23:55:58 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.svs
[2011/11/07 22:49:39 | 000,000,000 | ---D | C] -- C:\schauber
[2011/11/07 21:46:11 | 000,000,000 | -HSD | C] -- C:\found.002
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/11/07 00:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zish\My Documents\Desi NRI Milf From Adroad [157 Pics] [DesiSeries]
[2011/11/07 00:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zish\My Documents\NRI Girl SelfShot & Cam Show [DesiSeries]
[2007/03/05 17:45:21 | 003,439,176 | ---- | C] (NeuroSoft Corp. ) -- C:\Program Files\pcdocpro35.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 18:07:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zish\Desktop\OTL.exe
[2011/11/14 18:00:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/14 17:48:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 16:36:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/13 16:19:02 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/11/13 16:01:02 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/13 15:43:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1958367476-839522115-1004UA.job
[2011/11/13 14:35:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/12 16:43:07 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1958367476-839522115-1004Core.job
[2011/11/09 02:42:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\temp02
[2011/11/09 02:42:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\Created00
[2011/11/09 02:42:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\temp00
[2011/11/09 02:42:46 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Zish\whitedirB
[2011/11/09 02:42:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\WhiteDir
[2011/11/09 02:42:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\InstallDate
[2011/11/09 02:42:45 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\Zish\FILES00
[2011/11/09 02:41:24 | 000,002,113 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\420c64b5
[2011/11/09 01:39:35 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/08 20:05:55 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\30mW7NVPoLxVtu
[2011/11/08 20:04:15 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtu
[2011/11/08 20:04:15 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtur
[2011/11/08 20:04:13 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\Zish\Desktop\System Restore.lnk
[2011/11/08 20:04:00 | 000,340,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\30mW7NVPoLxVtu.exe
[2011/11/07 21:30:08 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\420c6477
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/11/07 02:15:37 | 000,201,125 | ---- | M] () -- C:\Documents and Settings\Zish\My Documents\case-study-sample.pdf
[2011/11/07 01:55:29 | 050,264,720 | ---- | M] () -- C:\Documents and Settings\Zish\My Documents\100olymp 2.zip
[2011/11/07 01:06:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/07 00:07:35 | 000,172,032 | ---- | M] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 16:44:29 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Zish\Desktop\Google Chrome.lnk
[2011/10/30 17:43:38 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 17:43:38 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/09 02:42:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\temp02
[2011/11/09 02:42:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\temp00
[2011/11/09 02:42:46 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Zish\whitedirB
[2011/11/09 02:42:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\WhiteDir
[2011/11/09 02:42:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\InstallDate
[2011/11/09 02:42:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\Created00
[2011/11/09 02:42:45 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Zish\FILES00
[2011/11/09 01:39:32 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/08 20:04:15 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtur
[2011/11/08 20:04:14 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtu
[2011/11/08 20:04:13 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\Zish\Desktop\System Restore.lnk
[2011/11/08 20:04:06 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\30mW7NVPoLxVtu
[2011/11/08 20:04:00 | 000,340,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\30mW7NVPoLxVtu.exe
[2011/11/07 21:24:37 | 000,002,113 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\420c64b5
[2011/11/07 21:24:37 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\420c6477
[2011/11/07 02:15:37 | 000,201,125 | ---- | C] () -- C:\Documents and Settings\Zish\My Documents\case-study-sample.pdf
[2011/11/07 01:55:29 | 050,264,720 | ---- | C] () -- C:\Documents and Settings\Zish\My Documents\100olymp 2.zip
[2011/10/15 14:06:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/05 21:14:31 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948452r
[2011/06/05 21:14:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948452
[2011/06/05 21:14:14 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17948452
[2011/04/20 16:22:47 | 000,013,180 | -HS- | C] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\u583lc6udh7ii85kd17e5
[2011/04/20 16:22:47 | 000,013,180 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u583lc6udh7ii85kd17e5
[2010/11/04 20:11:39 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\start
[2010/06/12 22:32:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ehacapuhidono.bin
[2010/06/12 22:32:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ffevoqocefu.dat
[2009/04/03 12:54:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/19 21:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/25 15:36:17 | 000,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2008/06/25 14:24:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/17 17:31:37 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/17 17:31:37 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/10/11 17:35:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\DCMVWR.INI
[2007/08/13 22:00:00 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/07 17:07:10 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/05/15 18:30:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/13 21:01:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/04/18 19:05:08 | 000,026,491 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/03/13 01:52:29 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/11 14:40:25 | 006,252,136 | ---- | C] () -- C:\Program Files\winzip100.exe
[2007/03/09 13:26:25 | 034,722,920 | ---- | C] () -- C:\Program Files\DWGTrueConvert.exe
[2007/03/05 17:42:51 | 001,351,040 | ---- | C] () -- C:\Program Files\MNavi19.exe
[2007/03/03 09:27:04 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2007/01/16 18:51:31 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\$_hpcst$.hpc
[2006/10/27 16:55:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/08 02:03:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/08/24 12:41:48 | 000,002,001 | ---- | C] () -- C:\WINDOWS\System32\winerror.dat
[2006/08/24 12:41:11 | 000,000,278 | ---- | C] () -- C:\WINDOWS\System32\spi.dll
[2006/08/12 16:41:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI
[2006/07/16 13:23:32 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\FASTApp.html
[2006/07/04 18:17:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/06/21 13:57:01 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/06/06 18:06:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/02 13:17:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/06/01 11:35:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/05/21 00:40:30 | 000,002,937 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/20 23:54:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/05/20 23:54:02 | 000,086,214 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/05/20 23:54:02 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/05/20 23:54:02 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/05/20 23:54:02 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/05/20 23:54:02 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/05/20 23:54:02 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/05/20 23:54:02 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/05/20 23:54:02 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/05/20 23:54:02 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/05/20 23:54:02 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/05/20 23:54:02 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/05/20 23:54:02 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/05/20 23:54:02 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/05/20 23:54:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/05/20 23:54:02 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/05/20 23:54:02 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/05/20 23:51:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED88.ini
[2006/05/20 23:17:38 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/05/20 03:58:09 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/20 03:56:11 | 000,172,032 | ---- | C] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/20 02:45:33 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2006/05/20 02:44:54 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2006/05/20 02:17:00 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/20 01:51:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/20 01:50:25 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/20 01:39:13 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/05/20 01:34:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/20 01:20:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/05/20 01:04:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/20 00:59:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/12 14:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 14:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 14:04:57 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys
[2004/08/12 14:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 14:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 14:03:20 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 14:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 14:03:19 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 14:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 13:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 13:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 13:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 13:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/26 22:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/10 19:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 19:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

< End of report >


EXTRAS


OTL Extras logfile created on: 14/11/2011 18:08:33 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Zish\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.07 Mb Total Physical Memory | 700.38 Mb Available Physical Memory | 68.52% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.23% Paging File free
Paging file location(s): C:\pagefile.sys 1533 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 58.27 Gb Free Space | 39.10% Space Free | Partition Type: NTFS
Drive E: | 978.72 Mb Total Space | 949.80 Mb Free Space | 97.04% Space Free | Partition Type: FAT

Computer Name: JD-043BD9CCC83F | User Name: Zish | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"11296:TCP" = 11296:TCP:*:Enabled:BitComet 11296 TCP
"11296:UDP" = 11296:UDP:*:Enabled:BitComet 11296 UDP
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\Netgear\sph101\WiFiPhone Update.exe" = C:\Program Files\Netgear\sph101\WiFiPhone Update.exe:*:Enabled:WiFi Phone Update Wizard -- (NETGEAR Inc)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\O2\bin\wificfg.exe" = C:\Program Files\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)
"C:\Program Files\O2\agent\bin\bcont.exe" = C:\Program Files\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)
"C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe" = C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe -- (SupportSoft, Inc.)
"C:\Program Files\O2\agent\bin\bcont_nm.exe" = C:\Program Files\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Documents and Settings\Zish\Local Settings\temp\~!#2F.tmp" = C:\Documents and Settings\Zish\Local Settings\temp\~!#2F.tmp:*:Enabled:Windows Explorer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14032005-1129-0001-3530-007072656D69}" = SYSTRAN Premium 5.0
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EA0E0DD-4203-C20C-2740-582DFBF1CC59}" = BBC iPlayer Desktop
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FA07B1D-F000-4D87-93E6-4E6AB6CA6B29}" = sph101
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FCCD531-1B38-4A94-924C-127F722F1033}" = Nero 8
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{7007D1F9-8040-4C39-8667-441D8E1A1757}" = BTS Audit Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83FA27D5-25B5-4D24-B796-DF742F08A5CF}" = SweetIM Toolbar for Internet Explorer 3.2
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9785F3-26E3-4731-AD37-65044AE0A129}" = NinjaVideo Helper
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-BA7E-000000000002}" = Adobe Acrobat 7.0 Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C62F4BFA-3259-4B57-8643-AF905D9CC7F5}" = ScanSoft PDF Professional 3.0
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}" = iTunes
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Standard" = Adobe Acrobat 7.1.0 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Copy_is1" = AVS DVD Copy version 1.4
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter_is1" = AVS Video Converter 5.6
"AVSCoverEditor_AVSMedia_is1" = AVS Cover Editor 1.3.1.79 (AVSMedia)
"AxCrypt" = AxCrypt (Remove Only)
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"BitComet" = BitComet 1.10
"CCleaner" = CCleaner
"Citrix Web Client" = Citrix Web Client
"Dell Photo Printer 720" = Dell Photo Printer 720
"DG834" = DG834
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EPSON Printer and Utilities" = EPSON Printer Software
"ESD88 User's Guide" = ESD88 User's Guide
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla" = FileZilla (remove only)
"FrostWire" = FrostWire 4.21.6
"FrostWire 5" = FrostWire 5.1.4
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImTranslator for IE" = ImTranslator for IE
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"MailNavigator v.1.9" = MailNavigator v.1.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Naevius GVI Converter_is1" = Naevius GVI Converter 1.4
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nvu_is1" = Nvu 1.0
"Panda ActiveScan" = Panda ActiveScan
"PIXresizer_is1" = PIXresizer 1.0.9
"PROSet" = Intel® PRO Network Adapters and Drivers
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SopCast" = SopCast 3.0.3
"Spyware Doctor" = Spyware Doctor 6.0
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"TomTom HOME" = TomTom HOME 2.7.4.1962
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WETCable" = Windows Easy Transfer
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/11/2011 10:50:01 | Computer Name = JD-043BD9CCC83F | Source = Application Error | ID = 1000
Description = Faulting application pev.dat, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x03b594ac.

Error - 13/11/2011 11:38:00 | Computer Name = JD-043BD9CCC83F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x021a94ac.

Error - 13/11/2011 12:07:58 | Computer Name = JD-043BD9CCC83F | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x00ca94ac.

Error - 13/11/2011 12:17:49 | Computer Name = JD-043BD9CCC83F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x01f29c9c.

Error - 14/11/2011 10:27:39 | Computer Name = JD-043BD9CCC83F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/11/2011 11:37:21 | Computer Name = JD-043BD9CCC83F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/11/2011 13:21:48 | Computer Name = JD-043BD9CCC83F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 14/11/2011 13:47:24 | Computer Name = JD-043BD9CCC83F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 14/11/2011 13:48:49 | Computer Name = JD-043BD9CCC83F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x097b94ac.

Error - 14/11/2011 13:49:13 | Computer Name = JD-043BD9CCC83F | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ System Events ]
Error - 14/11/2011 14:00:46 | Computer Name = JD-043BD9CCC83F | Source = Service Control Manager | ID = 7001
Description = The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol
Driver service which failed to start because of the following error: %%31

Error - 14/11/2011 14:00:46 | Computer Name = JD-043BD9CCC83F | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 14/11/2011 14:00:46 | Computer Name = JD-043BD9CCC83F | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 14/11/2011 14:00:46 | Computer Name = JD-043BD9CCC83F | Source = Service Control Manager | ID = 7001
Description = The Simple TCP/IP Services service depends on the AFD service which
failed to start because of the following error: %%31

Error - 14/11/2011 14:00:46 | Computer Name = JD-043BD9CCC83F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AVG Anti-Spyware Driver avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RapportKELL
RasAcd
Rdbss
SASDIFSV
SASKUTIL
ssmdrv
Tcpip
Tcpip6
WS2IFSL

Error - 14/11/2011 14:01:13 | Computer Name = JD-043BD9CCC83F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 14/11/2011 14:04:11 | Computer Name = JD-043BD9CCC83F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 14/11/2011 14:04:58 | Computer Name = JD-043BD9CCC83F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 14/11/2011 14:07:36 | Computer Name = JD-043BD9CCC83F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 14/11/2011 14:07:48 | Computer Name = JD-043BD9CCC83F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 14 November 2011 - 01:27 PM

Hi again, it is possible you'll need to manually recreate the start menu shortcuts. However, first lets remove the remaining malware.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 logit

logit
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 14 November 2011 - 03:12 PM

Hi, I'll keep trying to run combofix, but it still seems to keep freezing just after it tries to prepare a log report (i'm not clicking the window). It's also saying that the combofix version has expired and needs to run in reduced functionality mode if I'm to continue - It jumps to stage 49 without appearing to go through the earlier stages. Combofix is also saying that the following scanners are still active: AntiVir Desktop and Lavasoft Ad-Watch Live! so I have to run with them active. I've definitely disabled antivir, and I don't even subscribe to Lavasoft adwatch (I checked as well, and it's def deactivated) so I'm not sure why it's giving this message.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 14 November 2011 - 03:40 PM

Lavasoft and Avira are both antivirus programs and may interfere with eachother as well as with many other programs, including Windows. It is not recommended to have two AVs installed at the same time. I recommend you to uninstall one of them.

When done, retry to run combofix from safe mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 logit

logit
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 15 November 2011 - 06:29 PM

Sorry for the delay. I have disabled avira antivir and have uninstalled lavasoft ad-aware, but combofix is still saying that lavasoft ad-watch live! is running. I don't understand this, as I have uninstalled it via add/remove programs. New OTL log below (there must still be some registry entries? The only entry I can see in the log is: DRV - [2010/09/23 07:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)).

The Extras log wasn't produced for some reason.

I've tried to run Combofix again and again and it is still freezing at the same point. Grateful for your continued help!



OTL logfile created on: 15/11/2011 22:59:10 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Zish\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.07 Mb Total Physical Memory | 803.09 Mb Available Physical Memory | 78.57% Memory free
2.40 Gb Paging File | 2.33 Gb Available in Paging File | 96.94% Paging File free
Paging file location(s): C:\pagefile.sys 1533 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 58.46 Gb Free Space | 39.22% Space Free | Partition Type: NTFS
Drive E: | 978.72 Mb Total Space | 946.33 Mb Free Space | 96.69% Space Free | Partition Type: FAT

Computer Name: JD-043BD9CCC83F | User Name: Zish | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 18:07:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zish\Desktop\OTL.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/09/24 16:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/08/06 08:18:51 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/09 20:46:56 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/09 13:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 16:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/14 00:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/10 20:01:10 | 000,110,592 | ---- | M] (NinjaVideo) [Auto | Stopped] -- C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe -- (NinjaVideo Helper.exe)
SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/06/07 15:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/09/23 07:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/13 14:52:36 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/13 14:52:36 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/06/13 14:52:36 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/07 20:30:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/09 20:46:56 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/27 13:27:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 10:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/25 12:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 12:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 12:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/03/24 15:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/20 22:14:28 | 000,646,825 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/11/20 22:13:40 | 001,232,741 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/11/20 22:12:56 | 000,059,717 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/11/20 22:12:42 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 21:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google.co.uk"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.3
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Zish\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Zish\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/07 18:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 18:37:26 | 000,000,000 | ---D | M]

[2009/05/08 11:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Extensions
[2009/05/08 11:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/04/14 16:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/07 19:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions
[2010/07/20 17:15:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/05/10 00:51:50 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008/09/23 15:32:04 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/12/07 19:20:13 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\toolbar@ask.com
[2008/09/23 15:32:01 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\searchplugins\sweetim.xml
[2011/01/06 18:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/10 14:46:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 19:37:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 18:58:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/07/10 14:46:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/02/27 16:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2008/01/23 06:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/01/04 15:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 19:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/14 16:36:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SYSTRAN Premium 5.0 ) - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll (SYSTRAN)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GoEEXkUVxKiuuCO.exe] C:\Documents and Settings\All Users\Application Data\GoEEXkUVxKiuuCO.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 3.0\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\apppatch\wqaxie.exe) - File not found
F3 - HKU\.DEFAULT WinNT: Run - (C:\WINDOWS\apppatch\wqaxie.exe) - File not found
F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\apppatch\wqaxie.exe) - File not found
F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\apppatch\wqaxie.exe) - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: run = C:\WINDOWS\apppatch\wqaxie.exe
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: run = C:\WINDOWS\apppatch\wqaxie.exe
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: ImTranslator - C:\Program Files\Smart Link\ImTranslator for IE\startup.html ()
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 File not found
O15 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} http://download.paltalk.com/wcloader_prod/wcloader.cab (WCLoaderCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://www.imgag.com/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA7690BC-829C-4AF4-9526-02FC0B92C7C5}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/20 01:02:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-1958367476-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 20:44:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/11/15 12:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zish\Start Menu\Programs\System Restore
[2011/11/14 21:44:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/14 20:08:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/14 19:51:30 | 004,287,742 | R--- | C] (Swearware) -- C:\Documents and Settings\Zish\Desktop\Schrauber1.exe
[2011/11/14 19:07:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/14 19:07:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/14 19:07:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/14 18:07:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zish\Desktop\OTL.exe
[2011/11/14 17:25:37 | 000,000,000 | --SD | C] -- C:\schauber11424s
[2011/11/11 21:09:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zish\Recent
[2011/11/09 01:58:07 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/11/08 01:17:38 | 000,000,000 | ---D | C] -- C:\schauber14349s
[2011/11/07 23:55:58 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.svs
[2011/11/07 22:49:39 | 000,000,000 | ---D | C] -- C:\schauber
[2011/11/07 21:46:11 | 000,000,000 | -HSD | C] -- C:\found.002
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/11/07 00:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zish\My Documents\Desi NRI Milf From Adroad [157 Pics] [DesiSeries]
[2011/11/07 00:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zish\My Documents\NRI Girl SelfShot & Cam Show [DesiSeries]
[2007/03/05 17:45:21 | 003,439,176 | ---- | C] (NeuroSoft Corp. ) -- C:\Program Files\pcdocpro35.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/15 22:56:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 22:05:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/15 21:54:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/15 12:43:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1958367476-839522115-1004UA.job
[2011/11/15 12:19:05 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/11/15 12:17:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\420c6477
[2011/11/15 12:02:28 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\30mW7NVPoLxVtu
[2011/11/15 12:02:27 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtu
[2011/11/15 12:02:27 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtur
[2011/11/15 12:01:02 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/15 11:54:28 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Zish\Desktop\Google Chrome.lnk
[2011/11/14 21:48:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/14 21:44:35 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\420c64b5
[2011/11/14 19:51:42 | 004,287,742 | R--- | M] (Swearware) -- C:\Documents and Settings\Zish\Desktop\Schrauber1.exe
[2011/11/14 18:07:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zish\Desktop\OTL.exe
[2011/11/14 16:36:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/12 16:43:07 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1958367476-839522115-1004Core.job
[2011/11/09 02:42:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\temp02
[2011/11/09 02:42:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\Created00
[2011/11/09 02:42:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\temp00
[2011/11/09 02:42:46 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Zish\whitedirB
[2011/11/09 02:42:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\WhiteDir
[2011/11/09 02:42:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\InstallDate
[2011/11/09 02:42:45 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\Zish\FILES00
[2011/11/09 01:39:35 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/11/07 02:15:37 | 000,201,125 | ---- | M] () -- C:\Documents and Settings\Zish\My Documents\case-study-sample.pdf
[2011/11/07 01:55:29 | 050,264,720 | ---- | M] () -- C:\Documents and Settings\Zish\My Documents\100olymp 2.zip
[2011/11/07 01:06:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/07 00:07:35 | 000,172,032 | ---- | M] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/30 17:43:38 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 17:43:38 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 21:48:12 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/14 19:07:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/14 19:07:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/14 19:07:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/14 19:07:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/14 19:07:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/09 02:42:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\temp02
[2011/11/09 02:42:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\temp00
[2011/11/09 02:42:46 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Zish\whitedirB
[2011/11/09 02:42:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\WhiteDir
[2011/11/09 02:42:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\InstallDate
[2011/11/09 02:42:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\Created00
[2011/11/09 02:42:45 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Zish\FILES00
[2011/11/09 01:39:32 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/08 20:04:15 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtur
[2011/11/08 20:04:14 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtu
[2011/11/08 20:04:06 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\30mW7NVPoLxVtu
[2011/11/07 21:24:37 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\420c64b5
[2011/11/07 21:24:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\420c6477
[2011/11/07 02:15:37 | 000,201,125 | ---- | C] () -- C:\Documents and Settings\Zish\My Documents\case-study-sample.pdf
[2011/11/07 01:55:29 | 050,264,720 | ---- | C] () -- C:\Documents and Settings\Zish\My Documents\100olymp 2.zip
[2011/10/15 14:06:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/05 21:14:31 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948452r
[2011/06/05 21:14:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948452
[2011/06/05 21:14:14 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17948452
[2011/04/20 16:22:47 | 000,013,180 | -HS- | C] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\u583lc6udh7ii85kd17e5
[2011/04/20 16:22:47 | 000,013,180 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u583lc6udh7ii85kd17e5
[2010/11/04 20:11:39 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\start
[2010/06/12 22:32:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ehacapuhidono.bin
[2010/06/12 22:32:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ffevoqocefu.dat
[2009/04/03 12:54:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/19 21:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/25 15:36:17 | 000,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2008/06/25 14:24:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/17 17:31:37 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/17 17:31:37 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/10/11 17:35:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\DCMVWR.INI
[2007/08/13 22:00:00 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/07 17:07:10 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/05/15 18:30:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/13 21:01:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/04/18 19:05:08 | 000,026,491 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/03/13 01:52:29 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/11 14:40:25 | 006,252,136 | ---- | C] () -- C:\Program Files\winzip100.exe
[2007/03/09 13:26:25 | 034,722,920 | ---- | C] () -- C:\Program Files\DWGTrueConvert.exe
[2007/03/05 17:42:51 | 001,351,040 | ---- | C] () -- C:\Program Files\MNavi19.exe
[2007/03/03 09:27:04 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2007/01/16 18:51:31 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\$_hpcst$.hpc
[2006/10/27 16:55:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/08 02:03:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/08/24 12:41:48 | 000,002,001 | ---- | C] () -- C:\WINDOWS\System32\winerror.dat
[2006/08/24 12:41:11 | 000,000,278 | ---- | C] () -- C:\WINDOWS\System32\spi.dll
[2006/08/12 16:41:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI
[2006/07/16 13:23:32 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\FASTApp.html
[2006/07/04 18:17:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/06/21 13:57:01 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/06/06 18:06:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/02 13:17:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/06/01 11:35:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/05/21 00:40:30 | 000,002,937 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/20 23:54:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/05/20 23:54:02 | 000,086,214 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/05/20 23:54:02 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/05/20 23:54:02 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/05/20 23:54:02 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/05/20 23:54:02 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/05/20 23:54:02 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/05/20 23:54:02 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/05/20 23:54:02 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/05/20 23:54:02 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/05/20 23:54:02 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/05/20 23:54:02 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/05/20 23:54:02 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/05/20 23:54:02 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/05/20 23:54:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/05/20 23:54:02 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/05/20 23:54:02 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/05/20 23:51:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED88.ini
[2006/05/20 23:17:38 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/05/20 03:58:09 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/20 03:56:11 | 000,172,032 | ---- | C] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/20 02:45:33 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2006/05/20 02:44:54 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2006/05/20 02:17:00 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/20 01:51:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/20 01:50:25 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/20 01:39:13 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/05/20 01:34:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/20 01:20:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/05/20 01:04:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/20 00:59:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/12 14:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 14:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 14:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 14:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 14:03:20 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 14:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 14:03:19 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 14:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 13:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 13:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 13:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 13:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/26 22:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/10 19:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 19:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

< End of report >

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 16 November 2011 - 02:55 AM

Hi again,

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :otl
    O4 - HKLM..\Run: [GoEEXkUVxKiuuCO.exe] C:\Documents and Settings\All Users\Application Data\GoEEXkUVxKiuuCO.exe File not found
    F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\apppatch\wqaxie.exe) - File not found
    F3 - HKU\.DEFAULT WinNT: Run - (C:\WINDOWS\apppatch\wqaxie.exe) - File not found
    F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\apppatch\wqaxie.exe) - File not found
    F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\apppatch\wqaxie.exe) - File not found
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: run = C:\WINDOWS\apppatch\wqaxie.exe
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: run = C:\WINDOWS\apppatch\wqaxie.exe
    
    :commands
    [reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

When done, restart your computer in safe mode and see if combofix runs from there.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 logit

logit
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 16 November 2011 - 04:14 PM

Hi, I ran the OTL fix (prompted to reboot almost immediately) and then tried combofix again. It still says Lavasoft Ad-watch live is running. And it still freezes at the same point :( New Otl log below:


OTL logfile created on: 16/11/2011 21:07:44 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Zish\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.07 Mb Total Physical Memory | 807.71 Mb Available Physical Memory | 79.03% Memory free
2.40 Gb Paging File | 2.33 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1533 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 58.42 Gb Free Space | 39.20% Space Free | Partition Type: NTFS
Drive E: | 978.72 Mb Total Space | 946.31 Mb Free Space | 96.69% Space Free | Partition Type: FAT

Computer Name: JD-043BD9CCC83F | User Name: Zish | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 18:07:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zish\Desktop\OTL.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/26 06:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2010/09/24 16:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/08/06 08:18:51 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/09 20:46:56 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/09 13:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 16:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/14 00:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/10 20:01:10 | 000,110,592 | ---- | M] (NinjaVideo) [Auto | Stopped] -- C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe -- (NinjaVideo Helper.exe)
SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/06/07 15:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/09/23 07:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/13 14:52:36 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/13 14:52:36 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/06/13 14:52:36 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/07 20:30:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/09 20:46:56 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/27 13:27:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 10:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/25 12:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 12:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 12:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/03/24 15:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/20 22:14:28 | 000,646,825 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/11/20 22:13:40 | 001,232,741 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/11/20 22:12:56 | 000,059,717 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/11/20 22:12:42 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 21:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google.co.uk"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.3
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Zish\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Zish\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/07 18:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 18:37:26 | 000,000,000 | ---D | M]

[2009/05/08 11:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Extensions
[2009/05/08 11:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/04/14 16:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/07 19:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions
[2010/07/20 17:15:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/05/10 00:51:50 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008/09/23 15:32:04 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/12/07 19:20:13 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\extensions\toolbar@ask.com
[2008/09/23 15:32:01 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\Mozilla\Firefox\Profiles\1jqrhgct.default\searchplugins\sweetim.xml
[2011/01/06 18:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/10 14:46:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 19:37:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 18:58:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/07/10 14:46:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/02/27 16:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2008/01/23 06:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/01/04 15:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 19:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/14 16:36:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SYSTRAN Premium 5.0 ) - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll (SYSTRAN)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 3.0\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: ImTranslator - C:\Program Files\Smart Link\ImTranslator for IE\startup.html ()
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 File not found
O15 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} http://download.paltalk.com/wcloader_prod/wcloader.cab (WCLoaderCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://www.imgag.com/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA7690BC-829C-4AF4-9526-02FC0B92C7C5}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/20 01:02:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-1958367476-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-1958367476-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/16 19:04:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/16 18:59:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/15 12:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zish\Start Menu\Programs\System Restore
[2011/11/14 21:44:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/14 20:08:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/14 19:51:30 | 004,287,742 | R--- | C] (Swearware) -- C:\Documents and Settings\Zish\Desktop\Schrauber1.exe
[2011/11/14 19:07:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/14 19:07:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/14 19:07:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/14 18:07:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zish\Desktop\OTL.exe
[2011/11/14 17:25:37 | 000,000,000 | --SD | C] -- C:\schauber11424s
[2011/11/11 21:09:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zish\Recent
[2011/11/09 01:58:07 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/11/08 01:17:38 | 000,000,000 | ---D | C] -- C:\schauber14349s
[2011/11/07 23:55:58 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.svs
[2011/11/07 22:49:39 | 000,000,000 | ---D | C] -- C:\schauber
[2011/11/07 21:46:11 | 000,000,000 | -HSD | C] -- C:\found.002
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/11/07 00:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zish\My Documents\Desi NRI Milf From Adroad [157 Pics] [DesiSeries]
[2011/11/07 00:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zish\My Documents\NRI Girl SelfShot & Cam Show [DesiSeries]
[2007/03/05 17:45:21 | 003,439,176 | ---- | C] (NeuroSoft Corp. ) -- C:\Program Files\pcdocpro35.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/16 21:06:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 22:05:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/15 21:54:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/15 12:43:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1958367476-839522115-1004UA.job
[2011/11/15 12:19:05 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/11/15 12:17:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\420c6477
[2011/11/15 12:02:28 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\30mW7NVPoLxVtu
[2011/11/15 12:02:27 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtu
[2011/11/15 12:02:27 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtur
[2011/11/15 12:01:02 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/15 11:54:28 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Zish\Desktop\Google Chrome.lnk
[2011/11/14 21:48:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/14 21:44:35 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\420c64b5
[2011/11/14 19:51:42 | 004,287,742 | R--- | M] (Swearware) -- C:\Documents and Settings\Zish\Desktop\Schrauber1.exe
[2011/11/14 18:07:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zish\Desktop\OTL.exe
[2011/11/14 16:36:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/12 16:43:07 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1958367476-839522115-1004Core.job
[2011/11/09 02:42:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\temp02
[2011/11/09 02:42:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\Created00
[2011/11/09 02:42:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\temp00
[2011/11/09 02:42:46 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Zish\whitedirB
[2011/11/09 02:42:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\WhiteDir
[2011/11/09 02:42:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zish\InstallDate
[2011/11/09 02:42:45 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\Zish\FILES00
[2011/11/09 01:39:35 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Zish\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/11/07 02:15:37 | 000,201,125 | ---- | M] () -- C:\Documents and Settings\Zish\My Documents\case-study-sample.pdf
[2011/11/07 01:55:29 | 050,264,720 | ---- | M] () -- C:\Documents and Settings\Zish\My Documents\100olymp 2.zip
[2011/11/07 01:06:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/07 00:07:35 | 000,172,032 | ---- | M] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/30 17:43:38 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 17:43:38 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 21:48:12 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/14 19:07:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/14 19:07:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/14 19:07:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/14 19:07:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/14 19:07:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/09 02:42:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\temp02
[2011/11/09 02:42:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\temp00
[2011/11/09 02:42:46 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Zish\whitedirB
[2011/11/09 02:42:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\WhiteDir
[2011/11/09 02:42:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\InstallDate
[2011/11/09 02:42:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\Created00
[2011/11/09 02:42:45 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Zish\FILES00
[2011/11/09 01:39:32 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/08 20:04:15 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtur
[2011/11/08 20:04:14 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~30mW7NVPoLxVtu
[2011/11/08 20:04:06 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\30mW7NVPoLxVtu
[2011/11/07 21:24:37 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\420c64b5
[2011/11/07 21:24:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\420c6477
[2011/11/07 02:15:37 | 000,201,125 | ---- | C] () -- C:\Documents and Settings\Zish\My Documents\case-study-sample.pdf
[2011/11/07 01:55:29 | 050,264,720 | ---- | C] () -- C:\Documents and Settings\Zish\My Documents\100olymp 2.zip
[2011/10/15 14:06:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/05 21:14:31 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948452r
[2011/06/05 21:14:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948452
[2011/06/05 21:14:14 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17948452
[2011/04/20 16:22:47 | 000,013,180 | -HS- | C] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\u583lc6udh7ii85kd17e5
[2011/04/20 16:22:47 | 000,013,180 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u583lc6udh7ii85kd17e5
[2010/11/04 20:11:39 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\start
[2010/06/12 22:32:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ehacapuhidono.bin
[2010/06/12 22:32:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ffevoqocefu.dat
[2009/04/03 12:54:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/19 21:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/25 15:36:17 | 000,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2008/06/25 14:24:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/17 17:31:37 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/17 17:31:37 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/10/11 17:35:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\DCMVWR.INI
[2007/08/13 22:00:00 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/07 17:07:10 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/05/15 18:30:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/13 21:01:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/04/18 19:05:08 | 000,026,491 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/03/13 01:52:29 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/11 14:40:25 | 006,252,136 | ---- | C] () -- C:\Program Files\winzip100.exe
[2007/03/09 13:26:25 | 034,722,920 | ---- | C] () -- C:\Program Files\DWGTrueConvert.exe
[2007/03/05 17:42:51 | 001,351,040 | ---- | C] () -- C:\Program Files\MNavi19.exe
[2007/03/03 09:27:04 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2007/01/16 18:51:31 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Zish\Application Data\$_hpcst$.hpc
[2006/10/27 16:55:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/08 02:03:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/08/24 12:41:48 | 000,002,001 | ---- | C] () -- C:\WINDOWS\System32\winerror.dat
[2006/08/24 12:41:11 | 000,000,278 | ---- | C] () -- C:\WINDOWS\System32\spi.dll
[2006/08/12 16:41:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI
[2006/07/16 13:23:32 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\FASTApp.html
[2006/07/04 18:17:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/06/21 13:57:01 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/06/06 18:06:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/02 13:17:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/06/01 11:35:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/05/21 00:40:30 | 000,002,937 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/20 23:54:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/05/20 23:54:02 | 000,086,214 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/05/20 23:54:02 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/05/20 23:54:02 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/05/20 23:54:02 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/05/20 23:54:02 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/05/20 23:54:02 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/05/20 23:54:02 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/05/20 23:54:02 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/05/20 23:54:02 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/05/20 23:54:02 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/05/20 23:54:02 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/05/20 23:54:02 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/05/20 23:54:02 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/05/20 23:54:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/05/20 23:54:02 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/05/20 23:54:02 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/05/20 23:51:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED88.ini
[2006/05/20 23:17:38 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/05/20 03:58:09 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/20 03:56:11 | 000,172,032 | ---- | C] () -- C:\Documents and Settings\Zish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/20 02:45:33 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2006/05/20 02:44:54 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2006/05/20 02:17:00 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/20 01:51:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/20 01:50:25 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/20 01:39:13 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/05/20 01:34:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/20 01:20:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/05/20 01:04:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/20 00:59:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/12 14:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 14:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 14:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 14:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 14:03:20 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 14:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 14:03:19 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 14:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 13:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 13:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 13:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 13:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/26 22:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/10 19:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 19:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

< End of report >

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 16 November 2011 - 04:16 PM

Hello,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 logit

logit
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 17 November 2011 - 01:58 PM

Hi, one rootkit was picked up. Log below. Thanks!



18:50:37.0703 1132 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
18:50:37.0734 1132 ============================================================
18:50:37.0734 1132 Current date / time: 2011/11/17 18:50:37.0734
18:50:37.0734 1132 SystemInfo:
18:50:37.0734 1132
18:50:37.0734 1132 OS Version: 5.1.2600 ServicePack: 3.0
18:50:37.0734 1132 Product type: Workstation
18:50:37.0734 1132 ComputerName: JD-043BD9CCC83F
18:50:37.0734 1132 UserName: Zish
18:50:37.0734 1132 Windows directory: C:\WINDOWS
18:50:37.0734 1132 System windows directory: C:\WINDOWS
18:50:37.0734 1132 Processor architecture: Intel x86
18:50:37.0734 1132 Number of processors: 2
18:50:37.0734 1132 Page size: 0x1000
18:50:37.0734 1132 Boot type: Safe boot
18:50:37.0734 1132 ============================================================
18:50:40.0609 1132 Initialize success
18:50:52.0109 1152 ============================================================
18:50:52.0109 1152 Scan started
18:50:52.0109 1152 Mode: Manual;
18:50:52.0109 1152 ============================================================
18:50:53.0359 1152 Abiosdsk - ok
18:50:53.0578 1152 abp480n5 - ok
18:50:53.0859 1152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:50:53.0906 1152 ACPI - ok
18:50:54.0140 1152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:50:54.0140 1152 ACPIEC - ok
18:50:54.0343 1152 adpu160m - ok
18:50:54.0609 1152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:50:54.0640 1152 aec - ok
18:50:54.0890 1152 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:50:54.0937 1152 AFD - ok
18:50:55.0125 1152 Aha154x - ok
18:50:55.0328 1152 aic78u2 - ok
18:50:55.0515 1152 aic78xx - ok
18:50:55.0734 1152 AliIde - ok
18:50:55.0921 1152 amsint - ok
18:50:56.0156 1152 asc - ok
18:50:56.0359 1152 asc3350p - ok
18:50:56.0562 1152 asc3550 - ok
18:50:56.0828 1152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:50:56.0828 1152 AsyncMac - ok
18:50:57.0062 1152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:50:57.0062 1152 atapi - ok
18:50:57.0250 1152 Atdisk - ok
18:50:57.0515 1152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:50:57.0546 1152 Atmarpc - ok
18:50:57.0796 1152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:50:57.0796 1152 audstub - ok
18:50:57.0890 1152 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:50:57.0906 1152 avgio - ok
18:50:58.0140 1152 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:50:58.0156 1152 avgntflt - ok
18:50:58.0406 1152 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:50:58.0421 1152 avipbb - ok
18:50:58.0656 1152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:50:58.0656 1152 Beep - ok
18:50:58.0890 1152 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
18:50:58.0890 1152 bvrp_pci - ok
18:50:59.0015 1152 catchme - ok
18:50:59.0265 1152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:50:59.0265 1152 cbidf2k - ok
18:50:59.0468 1152 cd20xrnt - ok
18:50:59.0687 1152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:50:59.0703 1152 Cdaudio - ok
18:50:59.0937 1152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:50:59.0953 1152 Cdfs - ok
18:51:00.0203 1152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:51:00.0218 1152 Cdrom - ok
18:51:00.0421 1152 Changer - ok
18:51:00.0671 1152 CmdIde - ok
18:51:00.0921 1152 Cpqarray - ok
18:51:01.0125 1152 dac2w2k - ok
18:51:01.0312 1152 dac960nt - ok
18:51:01.0562 1152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:51:01.0578 1152 Disk - ok
18:51:02.0031 1152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:51:02.0250 1152 dmboot - ok
18:51:02.0500 1152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:51:02.0546 1152 dmio - ok
18:51:02.0765 1152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:51:02.0765 1152 dmload - ok
18:51:03.0000 1152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:51:03.0015 1152 DMusic - ok
18:51:03.0234 1152 dpti2o - ok
18:51:03.0453 1152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:51:03.0453 1152 drmkaud - ok
18:51:03.0656 1152 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:51:03.0687 1152 drvmcdb - ok
18:51:03.0906 1152 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
18:51:03.0921 1152 drvnddm - ok
18:51:04.0234 1152 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:51:04.0312 1152 E100B - ok
18:51:04.0609 1152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:51:04.0640 1152 Fastfat - ok
18:51:04.0859 1152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:51:04.0859 1152 Fdc - ok
18:51:05.0078 1152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:51:05.0093 1152 Fips - ok
18:51:05.0296 1152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:51:05.0296 1152 Flpydisk - ok
18:51:05.0546 1152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:51:05.0578 1152 FltMgr - ok
18:51:05.0781 1152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:51:05.0781 1152 Fs_Rec - ok
18:51:06.0015 1152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:51:06.0062 1152 Ftdisk - ok
18:51:06.0296 1152 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:51:06.0296 1152 GEARAspiWDM - ok
18:51:06.0500 1152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:51:06.0515 1152 Gpc - ok
18:51:06.0734 1152 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:51:06.0750 1152 HidUsb - ok
18:51:06.0937 1152 hpn - ok
18:51:07.0250 1152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:51:07.0312 1152 HTTP - ok
18:51:07.0531 1152 i2omgmt - ok
18:51:07.0734 1152 i2omp - ok
18:51:07.0937 1152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:51:07.0953 1152 i8042prt - ok
18:51:08.0187 1152 IKFileSec (ff9f262494fc23d77a6148d49d87d2de) C:\WINDOWS\system32\drivers\ikfilesec.sys
18:51:08.0203 1152 IKFileSec - ok
18:51:08.0453 1152 IKSysFlt (7e359671fd9595ecb1b0a33fb4184b19) C:\WINDOWS\system32\drivers\iksysflt.sys
18:51:08.0468 1152 IKSysFlt - ok
18:51:08.0687 1152 IKSysSec (a44cb3cf3af266665261a6e6c9cac27c) C:\WINDOWS\system32\drivers\iksyssec.sys
18:51:08.0718 1152 IKSysSec - ok
18:51:08.0953 1152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:51:08.0968 1152 Imapi - ok
18:51:09.0187 1152 ini910u - ok
18:51:09.0781 1152 IntelC51 (8e51bf1696821a72656444e0fd5081a3) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
18:51:10.0140 1152 IntelC51 - ok
18:51:10.0515 1152 IntelC52 (331ce31882754000ca2afbf7bd480513) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
18:51:10.0718 1152 IntelC52 - ok
18:51:10.0937 1152 IntelC53 (8001fac548eb0285d0085f4eb53c1e3f) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
18:51:10.0953 1152 IntelC53 - ok
18:51:11.0171 1152 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:51:11.0171 1152 IntelIde - ok
18:51:11.0406 1152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:51:11.0421 1152 intelppm - ok
18:51:11.0656 1152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:51:11.0671 1152 Ip6Fw - ok
18:51:11.0890 1152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:51:11.0890 1152 IpFilterDriver - ok
18:51:12.0109 1152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:51:12.0125 1152 IpInIp - ok
18:51:12.0359 1152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:51:12.0406 1152 IpNat - ok
18:51:12.0640 1152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:51:12.0671 1152 IPSec - ok
18:51:12.0875 1152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:51:12.0890 1152 IRENUM - ok
18:51:13.0109 1152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:51:13.0125 1152 isapnp - ok
18:51:13.0359 1152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:51:13.0359 1152 Kbdclass - ok
18:51:13.0609 1152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:51:13.0656 1152 kmixer - ok
18:51:13.0875 1152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:51:13.0906 1152 KSecDD - ok
18:51:14.0187 1152 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
18:51:14.0203 1152 Lbd - ok
18:51:14.0421 1152 lbrtfdc - ok
18:51:14.0656 1152 MBAMSwissArmy - ok
18:51:14.0906 1152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:51:14.0906 1152 mnmdd - ok
18:51:15.0109 1152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:51:15.0125 1152 Modem - ok
18:51:15.0343 1152 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:51:15.0343 1152 MODEMCSA - ok
18:51:15.0562 1152 mohfilt (bdd406003c0c340cf6c5501165e83dcd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
18:51:15.0578 1152 mohfilt - ok
18:51:15.0812 1152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:51:15.0828 1152 Mouclass - ok
18:51:16.0046 1152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:51:16.0046 1152 mouhid - ok
18:51:16.0265 1152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:51:16.0281 1152 MountMgr - ok
18:51:16.0468 1152 mraid35x - ok
18:51:16.0718 1152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:51:16.0765 1152 MRxDAV - ok
18:51:17.0109 1152 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:51:17.0281 1152 MRxSmb - ok
18:51:17.0500 1152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:51:17.0500 1152 Msfs - ok
18:51:17.0734 1152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:51:17.0734 1152 MSKSSRV - ok
18:51:17.0937 1152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:51:17.0953 1152 MSPCLOCK - ok
18:51:18.0156 1152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:51:18.0156 1152 MSPQM - ok
18:51:18.0390 1152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:51:18.0390 1152 mssmbios - ok
18:51:18.0625 1152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:51:18.0656 1152 Mup - ok
18:51:18.0921 1152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:51:18.0984 1152 NDIS - ok
18:51:19.0218 1152 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:51:19.0234 1152 NdisTapi - ok
18:51:19.0421 1152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:51:19.0437 1152 Ndisuio - ok
18:51:19.0656 1152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:51:19.0687 1152 NdisWan - ok
18:51:19.0890 1152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:51:19.0906 1152 NDProxy - ok
18:51:20.0187 1152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:51:20.0203 1152 NetBIOS - ok
18:51:20.0484 1152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:51:20.0531 1152 NetBT - ok
18:51:20.0859 1152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:51:20.0875 1152 Npfs - ok
18:51:21.0250 1152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:51:21.0437 1152 Ntfs - ok
18:51:21.0671 1152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:51:21.0671 1152 Null - ok
18:51:21.0890 1152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:51:21.0890 1152 NwlnkFlt - ok
18:51:22.0109 1152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:51:22.0109 1152 NwlnkFwd - ok
18:51:22.0312 1152 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
18:51:22.0328 1152 OMCI - ok
18:51:22.0593 1152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:51:22.0609 1152 Parport - ok
18:51:22.0812 1152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:51:22.0812 1152 PartMgr - ok
18:51:23.0015 1152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:51:23.0015 1152 ParVdm - ok
18:51:23.0218 1152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:51:23.0250 1152 PCI - ok
18:51:23.0437 1152 PCIDump - ok
18:51:23.0640 1152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:51:23.0640 1152 PCIIde - ok
18:51:23.0890 1152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:51:23.0937 1152 Pcmcia - ok
18:51:24.0125 1152 PDCOMP - ok
18:51:24.0328 1152 PDFRAME - ok
18:51:24.0515 1152 PDRELI - ok
18:51:24.0718 1152 PDRFRAME - ok
18:51:24.0906 1152 perc2 - ok
18:51:25.0109 1152 perc2hib - ok
18:51:25.0453 1152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:51:25.0468 1152 PptpMiniport - ok
18:51:25.0687 1152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:51:25.0718 1152 PSched - ok
18:51:25.0921 1152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:51:25.0921 1152 Ptilink - ok
18:51:26.0140 1152 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:51:26.0156 1152 PxHelp20 - ok
18:51:26.0328 1152 ql1080 - ok
18:51:26.0546 1152 Ql10wnt - ok
18:51:26.0734 1152 ql12160 - ok
18:51:26.0921 1152 ql1240 - ok
18:51:27.0109 1152 ql1280 - ok
18:51:27.0390 1152 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
18:51:27.0500 1152 RapportCerberus_32301 - ok
18:51:27.0609 1152 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
18:51:27.0640 1152 RapportEI - ok
18:51:27.0875 1152 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
18:51:27.0890 1152 RapportKELL - ok
18:51:28.0000 1152 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
18:51:28.0046 1152 RapportPG - ok
18:51:28.0296 1152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:51:28.0296 1152 RasAcd - ok
18:51:28.0562 1152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:51:28.0578 1152 Rasl2tp - ok
18:51:28.0781 1152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:51:28.0796 1152 RasPppoe - ok
18:51:29.0000 1152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:51:29.0015 1152 Raspti - ok
18:51:29.0265 1152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:51:29.0328 1152 Rdbss - ok
18:51:29.0515 1152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:51:29.0531 1152 RDPCDD - ok
18:51:29.0812 1152 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:51:29.0859 1152 RDPWD - ok
18:51:30.0093 1152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:51:30.0109 1152 redbook - ok
18:51:30.0296 1152 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:51:30.0312 1152 SASDIFSV - ok
18:51:30.0359 1152 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
18:51:30.0359 1152 SASENUM - ok
18:51:30.0421 1152 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
18:51:30.0437 1152 SASKUTIL - ok
18:51:30.0718 1152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:51:30.0734 1152 Secdrv - ok
18:51:31.0171 1152 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
18:51:31.0390 1152 senfilt - ok
18:51:31.0625 1152 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:51:31.0625 1152 serenum - ok
18:51:31.0812 1152 Serial - ok
18:51:32.0046 1152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:51:32.0062 1152 Sfloppy - ok
18:51:32.0281 1152 Simbad - ok
18:51:32.0609 1152 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
18:51:32.0687 1152 smwdm - ok
18:51:32.0890 1152 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:51:32.0890 1152 SONYPVU1 - ok
18:51:33.0093 1152 Sparrow - ok
18:51:33.0296 1152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:51:33.0296 1152 splitter - ok
18:51:33.0562 1152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:51:33.0578 1152 sr - ok
18:51:33.0906 1152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:51:34.0015 1152 Srv - ok
18:51:34.0203 1152 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
18:51:34.0218 1152 sscdbhk5 - ok
18:51:34.0453 1152 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:51:34.0453 1152 ssmdrv - ok
18:51:34.0640 1152 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
18:51:34.0656 1152 ssrtln - ok
18:51:34.0875 1152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:51:34.0890 1152 swenum - ok
18:51:35.0093 1152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:51:35.0109 1152 swmidi - ok
18:51:35.0328 1152 symc810 - ok
18:51:35.0531 1152 symc8xx - ok
18:51:35.0718 1152 sym_hi - ok
18:51:35.0906 1152 sym_u3 - ok
18:51:36.0125 1152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:51:36.0156 1152 sysaudio - ok
18:51:36.0484 1152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:51:36.0593 1152 Tcpip - ok
18:51:36.0859 1152 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
18:51:36.0921 1152 Tcpip6 - ok
18:51:37.0125 1152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:51:37.0125 1152 TDPIPE - ok
18:51:37.0343 1152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:51:37.0343 1152 TDTCP - ok
18:51:37.0546 1152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:51:37.0562 1152 TermDD - ok
18:51:37.0796 1152 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
18:51:37.0812 1152 tfsnboio - ok
18:51:37.0984 1152 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
18:51:37.0984 1152 tfsncofs - ok
18:51:38.0171 1152 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
18:51:38.0171 1152 tfsndrct - ok
18:51:38.0359 1152 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
18:51:38.0359 1152 tfsndres - ok
18:51:38.0578 1152 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
18:51:38.0593 1152 tfsnifs - ok
18:51:38.0781 1152 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
18:51:38.0781 1152 tfsnopio - ok
18:51:38.0968 1152 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
18:51:38.0968 1152 tfsnpool - ok
18:51:39.0187 1152 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
18:51:39.0234 1152 tfsnudf - ok
18:51:39.0437 1152 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
18:51:39.0468 1152 tfsnudfa - ok
18:51:39.0687 1152 TosIde - ok
18:51:39.0953 1152 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:51:39.0953 1152 tunmp - ok
18:51:40.0187 1152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:51:40.0218 1152 Udfs - ok
18:51:40.0437 1152 ultra - ok
18:51:40.0765 1152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:51:40.0906 1152 Update - ok
18:51:41.0171 1152 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:51:41.0187 1152 usbaudio - ok
18:51:41.0406 1152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:51:41.0421 1152 usbccgp - ok
18:51:41.0640 1152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:51:41.0656 1152 usbehci - ok
18:51:41.0859 1152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:51:41.0875 1152 usbhub - ok
18:51:42.0125 1152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:51:42.0125 1152 usbprint - ok
18:51:42.0359 1152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:51:42.0359 1152 usbscan - ok
18:51:42.0562 1152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:51:42.0578 1152 USBSTOR - ok
18:51:42.0781 1152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:51:42.0781 1152 usbuhci - ok
18:51:43.0031 1152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:51:43.0031 1152 VgaSave - ok
18:51:43.0218 1152 ViaIde - ok
18:51:43.0437 1152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:51:43.0453 1152 VolSnap - ok
18:51:43.0703 1152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:51:43.0718 1152 Wanarp - ok
18:51:43.0937 1152 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:51:43.0953 1152 wanatw - ok
18:51:44.0140 1152 WDICA - ok
18:51:44.0375 1152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:51:44.0406 1152 wdmaud - ok
18:51:44.0796 1152 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:51:44.0796 1152 WS2IFSL - ok
18:51:45.0062 1152 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:51:45.0093 1152 WudfPf - ok
18:51:45.0312 1152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:51:45.0343 1152 WudfRd - ok
18:51:45.0421 1152 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:51:45.0453 1152 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
18:51:45.0453 1152 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
18:51:45.0468 1152 Boot (0x1200) (1a339f6d0e469a22023ab57879f7bac9) \Device\Harddisk0\DR0\Partition0
18:51:45.0468 1152 \Device\Harddisk0\DR0\Partition0 - ok
18:51:45.0484 1152 ============================================================
18:51:45.0484 1152 Scan finished
18:51:45.0484 1152 ============================================================
18:51:45.0515 1144 Detected object count: 1
18:51:45.0515 1144 Actual detected object count: 1
18:52:51.0937 1144 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
18:52:51.0937 1144 \Device\Harddisk0\DR0 - ok
18:52:51.0937 1144 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
18:52:58.0546 1128 Deinitialize success

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:15 AM

Posted 17 November 2011 - 02:17 PM

Please see if combofix will run now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users