Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox Redirect Problem

Started by Poet1960 , Aug 02 2010 11:32 PM

  • This topic is locked This topic is locked

#1
Poet1960
Posted 02 August 2010 - 11:32 PM

Poet1960

    New Member

  • Member
  • Pip
  • 7 posts
I keep getting redirected when I click on links generated by a yahoo search. I have done several scans with Malwarebytes, HijackThis, UnHackMe and several others. Malwarebytes, by the way will not update, I get an error message,"MBAM_ERROR_UPDATING (12007,0,WinHTTPSendRequest).

I have also done a goored scan as well as a Rootkit TDSS scan. It seems to be a bit better but something still doesn't seem quite right as it will still occasionally do the redirect. Comcast is my provider but I don't think they are the redirects from them as they seem to be either random or sometimes geared to what I actually searched for.

Here are my results for required scans:

MALWAREBYTES:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/2/2010 12:17:11 PM
mbam-log-2010-08-02 (12-17-11).txt

Scan type: Quick scan
Objects scanned: 112185
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-02 21:38:10
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB38156B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB3815574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB3815A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB381514C]
SSDT spsk.sys ZwEnumerateKey [0xF74F8E4C]
SSDT spsk.sys ZwEnumerateValueKey [0xF74F91DA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB381564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB381508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB38150F0]
SSDT spsk.sys ZwQueryKey [0xF74F92B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB381576E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB381572E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB38158AE]

INT 0x62 ? 89B5BC88
INT 0x73 ? 897F2F00
INT 0x82 ? 89B5BC88
INT 0x83 ? 897F2F00
INT 0x83 ? 897F2F00
INT 0x83 ? 897F2F00

---- Kernel code sections - GMER 1.0.15 ----

? spsk.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B78E28AC 5 Bytes JMP 897F2450
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xB7F84B8D]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6C8F3A0, 0x592C35, 0xE8000020]
.text aaisxjde.SYS B6C422E0 46 Bytes [00, 00, 00, 00, 10, 00, 00, ...]
.text aaisxjde.SYS B6C42310 28 Bytes [00, 70, 03, 00, 8C, 0F, 00, ...]
.text aaisxjde.SYS B6C4232E 33 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aaisxjde.SYS B6C42351 11 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aaisxjde.SYS B6C4235F 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB2C5B300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7797300, 0x1BCE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2452] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89B4A1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 89969470
Device \Driver\USBSTOR \Device\0000009b 8976E470
Device \Driver\USBSTOR \Device\0000009c 8976E470

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 897D51F8
Device \Driver\usbohci \Device\USBPDO-1 897D51F8
Device \Driver\sptd \Device\3786490648 spsk.sys
Device \Driver\usbehci \Device\USBPDO-2 899CF1F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89B5C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89B5C1F8
Device \Driver\Cdrom \Device\CdRom0 899CE1F8
Device \Driver\PCI_PNP9398 \Device\00000072 spsk.sys
Device \Driver\PCI_PNP9398 \Device\00000072 spsk.sys
Device \Driver\Cdrom \Device\CdRom1 899CE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8995B470
Device \Driver\NetBT \Device\NetbiosSmb 8995B470
Device \Driver\NetBT \Device\NetBT_Tcpip_{48F31FF7-2E56-476F-B009-D40BBF59CB8A} 8995B470

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\USBSTOR \Device\00000097 8976E470
Device \Driver\usbohci \Device\USBFDO-0 897D51F8
Device \Driver\USBSTOR \Device\00000099 8976E470
Device \Driver\usbohci \Device\USBFDO-1 897D51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8978D470
Device \Driver\usbehci \Device\USBFDO-2 899CF1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8978D470
Device \Driver\Ftdisk \Device\FtControl 89B5C1F8
Device \Driver\USBSTOR \Device\0000009a 8976E470
Device \Driver\aaisxjde \Device\Scsi\aaisxjde1 897D7470
Device \FileSystem\Fastfat \Fat 89969470

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 8995A470

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x06 0x64 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0xAD 0x80 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA2 0x7F 0x46 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2F 0x6F 0xAF 0xF7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x06 0x64 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0xAD 0x80 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA2 0x7F 0x46 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2F 0x6F 0xAF 0xF7 ...

---- EOF - GMER 1.0.15 ----


OTL:

OTL logfile created on: 8/2/2010 9:41:14 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.33 Gb Total Space | 62.63 Gb Free Space | 43.09% Space Free | Partition Type: NTFS
Drive D: | 3.71 Gb Total Space | 1.58 Gb Free Space | 42.64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/02 21:39:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/24 15:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/02 21:39:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/06/07 17:34:52 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2010/06/03 00:48:04 | 002,308,200 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2009/11/24 15:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/10 19:03:39 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/12 11:58:47 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010/06/11 14:40:59 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys -- (Sunkfiltp)
DRV - [2010/07/30 01:21:26 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/07/10 16:13:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2010/06/19 23:29:20 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/06/19 23:29:20 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/06/13 16:08:59 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/12 12:20:49 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2010/06/12 11:45:28 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2010/06/07 16:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/24 15:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 15:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 15:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 15:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 15:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 15:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/19 14:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/10/20 11:39:32 | 000,040,724 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/10/18 14:05:12 | 000,042,968 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/06/17 15:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 15:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/25 15:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/05/25 15:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/05/16 23:00:54 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/05/16 23:00:52 | 000,033,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/04/02 00:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 11:51:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 23:00:32 | 000,000,000 | ---D | M]

[2010/07/30 11:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/08/02 19:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ig2bpsk0.default\extensions
[2010/07/30 13:05:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ig2bpsk0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/31 17:59:24 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ig2bpsk0.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010/07/30 11:53:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ig2bpsk0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/31 13:23:16 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ig2bpsk0.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/07/30 11:51:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/30 22:18:40 | 000,414,870 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14347 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/30 01:48:10 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/07/30 01:48:12 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/02 21:39:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/02 12:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/08/02 12:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/02 12:08:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2010/08/02 12:05:55 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/08/02 11:40:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/02 11:40:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/02 11:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/02 11:24:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/08/01 22:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\NeoTracePro
[2010/08/01 07:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\BioWare
[2010/08/01 07:51:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2010/08/01 07:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/08/01 07:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/08/01 07:50:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/08/01 07:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2010/08/01 07:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/07/31 20:34:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/31 01:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\syncdb
[2010/07/30 22:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/30 22:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/30 21:56:12 | 000,133,440 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\LnkProtect.dll
[2010/07/30 13:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/30 13:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/30 13:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/30 13:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/30 12:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/30 11:59:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/30 11:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/07/30 11:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/30 03:05:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/07/30 03:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/30 02:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/30 02:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2010/07/30 01:48:10 | 000,000,000 | RHSD | C] -- C:\desktop.ini
[2010/07/30 01:48:10 | 000,000,000 | RHSD | C] -- C:\comment.htt
[2010/07/30 01:48:10 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/07/30 01:21:26 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/07/30 01:21:26 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/07/30 01:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\RegRun2
[2010/07/30 01:20:47 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/07/30 01:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2010/07/30 01:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/07/30 01:19:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/30 00:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/29 23:45:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/29 23:39:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/29 23:39:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/29 23:39:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/29 23:39:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/29 23:39:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/29 22:14:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/07/29 21:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/07/29 21:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/29 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/29 12:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Explorations
[2010/07/29 12:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\001
[2010/07/29 12:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My 001 Games
[2010/07/29 12:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\001
[2010/07/29 11:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Unity
[2010/07/29 00:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2010/07/29 00:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PACE Anti-Piracy
[2010/07/29 00:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
[2010/07/29 00:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/07/29 00:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Unity
[2010/07/29 00:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Unity Projects
[2010/07/29 00:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2010/07/28 22:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Thinstall
[2010/07/17 14:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2010/07/17 14:35:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/07/17 10:20:16 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup-1.46.exe
[2010/07/16 11:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Sponge Bob [season 01,02,03,04,05]
[2010/07/16 11:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Advanced System Care PRO 3.6
[2010/07/15 22:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Cisco_Network_Magic_v5.0.8282+patch_g4m3fre4k
[2010/07/15 22:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Cisco_Network_Magic_Pro_5.5.9195.0 TeaM RCP
[2010/07/15 22:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/07/15 22:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2010/07/15 22:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/07/15 21:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/07/15 21:22:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/07/12 23:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Games
[2010/07/12 22:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\TimeGate Studios
[2010/07/11 19:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[2010/07/11 18:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Paradox Interactive
[2010/07/10 22:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\LockHunter
[2010/07/10 22:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2010/07/10 20:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/10 17:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2010/07/10 17:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help
[2010/07/10 17:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\JVC
[2010/07/10 17:36:02 | 000,000,000 | ---D | C] -- C:\MWASPI
[2010/07/10 17:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2010/07/10 17:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Picture Navigator
[2010/07/10 17:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Photo Navigator 1.5
[2010/07/10 16:26:24 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/07/10 16:06:39 | 000,081,408 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\devcon_x64.exe
[2010/07/10 16:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Checker
[2010/07/10 15:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2010/07/10 14:05:47 | 000,013,239 | ---- | C] (SHARP Corporation) -- C:\WINDOWS\System32\scg726.acm
[2010/07/10 14:05:46 | 000,045,056 | ---- | C] (SHARP Corporation) -- C:\WINDOWS\System32\Sc726dec.ax
[2010/07/09 09:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/07/09 09:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/05 00:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\dominions3
[2010/07/05 00:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/07/05 00:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/07/05 00:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/07/03 10:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Adventures of Robin Hood (1938) Errol Flynn
[2010/07/02 13:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Strategy First
[2010/07/02 12:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\e-on software
[2010/07/02 12:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\e-on software
[2010/07/02 12:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\e-onsoftware
[2010/07/02 12:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\e-on software
[2010/07/01 22:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Vega Strike
[2010/06/29 21:31:58 | 005,698,388 | ---- | C] (Srimax Software Technology ) -- C:\Documents and Settings\All Users\Documents\outlookmessengerSetup.exe
[2010/06/29 21:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\OMessenger
[2010/06/29 21:27:23 | 000,495,616 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Scanner.dll
[2010/06/29 21:27:22 | 004,145,264 | ---- | C] (Kelly Ethridge) -- C:\WINDOWS\System32\vbcorlib.dll
[2010/06/29 21:27:22 | 000,856,064 | ---- | C] (Conaito) -- C:\WINDOWS\System32\EvoVoIP.dll
[2010/06/29 21:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Messenger
[2010/06/29 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\ConWare
[2010/06/29 16:51:59 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS
[2010/06/29 16:51:42 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/06/29 15:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\lx_cats
[2010/06/29 15:11:41 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2010/06/29 15:11:41 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2010/06/29 15:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2010/06/29 15:11:15 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2010/06/29 15:11:15 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2010/06/29 15:11:15 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2010/06/29 15:11:15 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2010/06/29 15:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2400 Series
[2010/06/29 15:11:14 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2010/06/29 15:11:14 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2010/06/29 15:11:14 | 000,495,616 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcoms.exe
[2010/06/29 15:11:14 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll
[2010/06/29 15:11:14 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrih.exe
[2010/06/29 15:11:13 | 000,073,728 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\LXCRcfg.dll
[2010/06/29 15:10:50 | 000,000,000 | ---D | C] -- C:\Lexmark
[2010/06/29 14:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/06/29 13:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/28 22:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dvd-cloner
[2010/06/28 21:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVD-Cloner Platinum
[2010/06/25 00:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.assistant
[2010/06/20 08:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2010/06/19 23:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Egosoft
[2010/06/19 23:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/19 23:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/19 23:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/06/19 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\EGOSOFT
[2010/06/19 15:42:40 | 000,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/19 15:42:39 | 000,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/19 15:42:38 | 000,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/19 15:42:37 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/06/19 15:42:36 | 000,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/19 15:42:36 | 000,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/19 15:42:36 | 000,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/19 15:42:36 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/19 15:42:21 | 001,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/19 15:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/19 02:26:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2010/06/19 02:26:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/06/19 02:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/06/19 02:23:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/06/16 21:26:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2010/06/16 21:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Vso
[2010/06/16 21:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PcSetup
[2010/06/16 21:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\LG Software Innovations
[2010/06/16 13:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/06/16 12:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\1Click DVD Copy
[2010/06/16 12:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1click dvd copy
[2010/06/16 10:03:09 | 000,000,000 | ---D | C] -- C:\16c7de626a352af6c322900c74525e
[2010/06/16 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/16 01:15:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/06/16 01:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/06/15 11:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Runic
[2010/06/15 11:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Webroot
[2010/06/15 11:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Webroot Shared
[2010/06/15 11:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/06/15 11:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/06/15 11:07:21 | 000,194,888 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\Unwash6.exe
[2010/06/13 16:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\runic games
[2010/06/13 16:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Runic Games
[2010/06/13 16:11:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/06/13 16:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2010/06/13 16:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/06/13 14:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/06/12 17:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DriverGenius
[2010/06/12 17:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2010/06/12 15:57:16 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/06/12 13:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stardock
[2010/06/12 13:49:11 | 000,042,672 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbsys.dll
[2010/06/12 12:20:49 | 000,018,816 | ---- | C] (RIF) -- C:\WINDOWS\System32\drivers\dvd43llh.sys
[2010/06/12 12:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\dvd43
[2010/06/12 10:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/06/12 10:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2010/06/12 10:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/06/11 23:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/11 23:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe
[2010/06/11 23:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/11 22:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/11 22:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2010/06/11 22:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
[2010/06/11 22:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My eBooks
[2010/06/11 22:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/11 21:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/11 21:24:38 | 000,000,000 | ---D | C] -- C:\temp_dvd
[2010/06/11 21:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\[bleep] NFO Viewer
[2010/06/11 20:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/11 20:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/11 19:29:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\AdvUninstal
[2010/06/11 19:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Innovative Solutions
[2010/06/11 19:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2010/06/11 19:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/06/11 19:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/06/11 19:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2010/06/11 19:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/06/11 19:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010/06/11 19:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/06/11 18:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2010/06/11 18:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/06/11 18:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/06/11 18:30:03 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/06/11 18:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/06/11 18:16:44 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/06/11 18:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/06/11 18:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2010/06/11 18:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/06/11 18:08:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/06/11 18:08:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/11 18:07:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/06/11 18:06:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/06/11 18:06:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/06/11 17:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2010/06/11 17:55:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/11 17:44:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/11 17:44:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/11 17:44:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/06/11 17:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/11 17:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/11 17:40:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/11 17:37:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/11 17:37:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/11 15:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/06/11 15:43:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\UserData
[2010/06/11 15:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/11 15:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2010/06/11 15:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/11 14:51:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/06/11 14:51:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/11 14:51:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/11 14:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/11 14:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/06/11 14:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/06/11 14:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2010/06/11 14:43:38 | 000,341,064 | ---- | C] (McAfee, Inc) -- C:\WINDOWS\System32\mcinsctl.dll
[2010/06/11 14:43:38 | 000,279,624 | ---- | C] (McAfee, Inc) -- C:\WINDOWS\System32\mcgdmgr.dll
[2010/06/11 14:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Media Reader
[2010/06/11 14:42:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/06/11 14:42:31 | 000,020,480 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2010/06/11 14:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/06/11 14:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/06/11 14:40:44 | 000,212,480 | R--- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL
[2010/06/11 14:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/11 14:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/11 14:39:31 | 000,018,000 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2010/06/11 14:38:59 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/06/11 14:38:58 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2010/06/11 14:38:57 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll
[2010/06/11 14:38:57 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll
[2010/06/11 14:38:57 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll
[2010/06/11 14:38:57 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/06/11 14:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/06/11 14:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/06/11 14:38:45 | 000,102,400 | ---- | C] (4Developers LLC) -- C:\WINDOWS\System32\SimpleRegistry.dll
[2010/06/11 14:38:45 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2010/06/11 14:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/11 14:38:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2010/06/11 14:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Learn2.com
[2010/06/11 14:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/06/11 14:38:35 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010/06/11 14:38:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/06/11 14:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/11 14:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/06/11 14:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2010/06/11 14:38:22 | 000,000,000 | ---D | C] -- C:\My Music
[2010/06/11 14:38:21 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/06/11 14:38:21 | 000,157,696 | ---- | C] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/06/11 14:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/06/11 14:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/06/11 14:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2010/06/11 14:38:03 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010/06/11 14:38:03 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2010/06/11 14:38:03 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx
[2010/06/11 14:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2010/06/11 14:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/06/11 14:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/06/11 14:37:05 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/06/11 14:37:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/06/11 14:37:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/06/11 14:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
[2010/06/11 14:34:42 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/06/11 14:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NVIDIA Shared
[2010/06/11 14:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/11 14:33:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/06/11 14:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/06/11 14:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/06/11 14:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/11 14:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2010/06/11 14:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\New Boundary
[2010/06/11 14:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/06/11 14:28:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/06/11 14:24:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\CACHE
[2010/06/11 14:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\creator
[2010/06/11 14:23:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2010/06/11 14:23:34 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/06/11 14:23:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2010/06/11 14:23:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2010/06/11 14:23:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2010/06/11 14:23:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2010/06/11 14:23:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2010/06/11 14:23:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2010/06/11 14:23:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2010/06/11 14:23:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/06/11 14:23:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/06/11 14:23:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/06/11 14:23:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/06/11 14:23:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/06/11 14:23:10 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/06/11 14:21:07 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache

========== Files - Modified Within 90 Days ==========

[2010/08/02 21:39:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/02 12:18:59 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/02 12:08:50 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/02 12:08:41 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/08/02 12:08:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2010/08/02 12:05:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/08/02 11:40:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/02 11:39:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/02 11:38:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/02 11:37:43 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/02 11:37:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/02 11:29:23 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mbam-clean.exe
[2010/08/02 11:24:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/08/02 10:52:01 | 003,176,574 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/01 22:53:21 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NeoTracePro.lnk
[2010/08/01 20:31:56 | 000,034,528 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/01 20:24:03 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/31 01:49:33 | 003,468,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/31 01:32:25 | 000,000,135 | ---- | M] () -- C:\WINDOWS\disney.ini
[2010/07/31 00:58:36 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/30 22:18:40 | 000,414,870 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/30 22:10:30 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/07/30 22:02:07 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/30 21:56:12 | 000,133,440 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\LnkProtect.dll
[2010/07/30 12:34:29 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/07/30 11:51:38 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/30 11:51:37 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/30 03:05:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/07/30 01:22:23 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reanimator.lnk
[2010/07/30 01:21:26 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/07/30 01:21:26 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/07/30 01:21:17 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/30 01:21:17 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/07/30 01:21:17 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/07/30 01:20:47 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\UnHackMe.lnk
[2010/07/29 23:51:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/29 23:51:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100730-221840.backup
[2010/07/29 23:45:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/29 21:05:23 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/29 12:35:03 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/29 12:30:35 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Map001.lnk
[2010/07/29 00:10:17 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 13:45:05 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/17 10:19:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup-1.46.exe
[2010/07/15 22:11:39 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/07/15 22:11:05 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/07/13 09:17:26 | 000,000,300 | ---- | M] () -- C:\WINDOWS\EReg515.dat
[2010/07/12 23:35:51 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dragonshard.lnk
[2010/07/12 22:11:57 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Kohan.lnk
[2010/07/10 22:34:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PictNav.INI
[2010/07/10 17:36:02 | 000,000,291 | ---- | M] () -- C:\WINDOWS\msfsetup.ini
[2010/07/10 16:37:27 | 000,002,516 | ---- | M] () -- C:\Documents and Settings\Owner\updater.html
[2010/07/10 16:27:03 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/10 16:27:03 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/10 16:27:00 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/10 16:27:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/10 16:13:33 | 000,002,016 | ---- | M] () -- C:\WINDOWS\System32\nvsmb.nvu
[2010/07/10 16:07:50 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/10 16:07:50 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/10 16:07:50 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/07 21:32:32 | 115,567,192 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Burger Bustle LKRG.rar
[2010/07/07 10:14:14 | 000,012,808 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/07/07 09:51:00 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dominions 3 (2).lnk
[2010/07/05 00:43:51 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/07/02 13:22:11 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Space Empires V.lnk
[2010/06/30 07:01:38 | 000,749,568 | ---- | M] () -- C:\WINDOWS\System32\spk.dll
[2010/06/29 21:27:30 | 000,000,454 | ---- | M] () -- C:\Scanner.ECF
[2010/06/29 21:26:54 | 005,698,388 | ---- | M] (Srimax Software Technology ) -- C:\Documents and Settings\All Users\Documents\outlookmessengerSetup.exe
[2010/06/29 15:12:04 | 000,014,635 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/06/25 02:10:39 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\X Plugin Manager.lnk
[2010/06/19 23:29:20 | 000,279,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/06/19 23:29:20 | 000,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/06/19 23:23:31 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\X3 Terran Conflict.lnk
[2010/06/19 15:42:40 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/06/19 02:25:52 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/19 02:25:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/19 02:25:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/19 02:25:13 | 000,000,636 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/19 02:23:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/16 22:42:12 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2010/06/16 22:42:12 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/06/16 22:42:12 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/06/16 00:18:46 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to torchleech.lnk
[2010/06/15 11:07:48 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Window Washer.lnk
[2010/06/13 16:08:59 | 000,697,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/06/12 12:20:49 | 000,018,816 | ---- | M] (RIF) -- C:\WINDOWS\System32\drivers\dvd43llh.sys
[2010/06/11 21:37:44 | 000,084,156 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100611_213732.reg
[2010/06/11 21:36:10 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/06/11 19:01:30 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/11 18:44:36 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2010/06/11 18:44:16 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2010/06/11 18:30:44 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/06/11 18:12:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/11 17:56:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/11 17:40:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/11 14:48:44 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/11 14:48:43 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/06/11 14:48:42 | 000,000,029 | ---- | M] () -- C:\WINDOWS\wwwbatch.ini
[2010/06/11 14:48:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/11 14:44:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Gateway_C3060_Versionxx_CA75120007469.MRK
[2010/06/11 14:44:11 | 000,001,330 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/06/11 14:44:11 | 000,000,487 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
[2010/06/11 14:38:52 | 000,000,850 | -H-- | M] () -- C:\IPH.PH
[2010/06/11 14:38:23 | 000,157,696 | ---- | M] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/06/11 14:38:21 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/06/11 14:37:40 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/06/11 14:31:26 | 000,000,867 | ---- | M] () -- C:\WINDOWS\System32\VGASwitcher.lnk
[2010/06/11 14:24:10 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/06/07 16:57:00 | 002,186,342 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/07 16:57:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/06/07 16:57:00 | 000,025,836 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/06/07 16:57:00 | 000,007,959 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb

========== Files Created - No Company Name ==========

[2010/08/02 12:18:58 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/02 12:08:50 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/02 12:08:41 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/08/02 11:40:57 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/02 11:29:23 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mbam-clean.exe
[2010/08/01 22:53:21 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NeoTracePro.lnk
[2010/07/30 22:10:36 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/07/30 22:10:30 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/07/30 12:34:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/07/30 11:51:38 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/30 11:51:37 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/30 03:00:12 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/30 01:22:23 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Reanimator.lnk
[2010/07/30 01:21:17 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/07/30 01:20:47 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\UnHackMe.lnk
[2010/07/29 23:45:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/29 23:45:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/29 23:39:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/29 23:39:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/29 23:39:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/29 23:39:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/29 23:39:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/29 21:05:23 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/29 12:30:35 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Map001.lnk
[2010/07/27 22:47:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/18 23:02:04 | 000,047,984 | ---- | C] () -- C:\WINDOWS\System32\AdvUninstCPL.cpl
[2010/07/17 13:45:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/15 22:03:30 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/07/15 21:22:55 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/07/13 09:17:26 | 000,000,300 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2010/07/13 09:15:51 | 000,000,135 | ---- | C] () -- C:\WINDOWS\disney.ini
[2010/07/12 23:35:51 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dragonshard.lnk
[2010/07/12 22:11:57 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Kohan.lnk
[2010/07/10 22:34:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PictNav.INI
[2010/07/10 17:36:02 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2010/07/10 17:36:02 | 000,004,030 | ---- | C] () -- C:\WINDOWS\System\WINASPI.DLL
[2010/07/10 17:36:02 | 000,002,486 | ---- | C] () -- C:\WINDOWS\System\AS16POST.BIN
[2010/07/10 17:36:02 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2010/07/10 16:36:54 | 000,002,516 | ---- | C] () -- C:\Documents and Settings\Owner\updater.html
[2010/07/10 16:27:03 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/10 16:27:00 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/10 16:27:00 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/10 16:27:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/10 16:26:22 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/10 15:24:23 | 000,025,836 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/07/10 15:22:54 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/07/10 15:22:53 | 000,004,805 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2010/07/10 15:08:02 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/07/07 21:30:44 | 115,567,192 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Burger Bustle LKRG.rar
[2010/07/07 09:51:00 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dominions 3 (2).lnk
[2010/07/05 00:43:51 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/07/02 13:22:11 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Space Empires V.lnk
[2010/06/30 07:01:38 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\spk.dll
[2010/06/29 21:27:30 | 000,000,454 | ---- | C] () -- C:\Scanner.ECF
[2010/06/29 21:27:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2010/06/29 17:00:05 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Router Login.url
[2010/06/29 15:11:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2010/06/29 15:11:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2010/06/29 15:11:27 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2010/06/29 15:11:27 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2010/06/29 15:11:27 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2010/06/29 15:11:15 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2010/06/29 15:11:14 | 000,535,647 | ---- | C] () -- C:\WINDOWS\System32\lxcrhelp.chm
[2010/06/29 15:11:13 | 000,014,635 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/06/29 15:11:13 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\lxcr.loc
[2010/06/27 10:09:01 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/27 10:08:59 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 02:10:39 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\X Plugin Manager.lnk
[2010/06/19 23:29:20 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/06/19 23:29:20 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/06/19 23:23:31 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\X3 Terran Conflict.lnk
[2010/06/19 15:42:40 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/06/19 15:42:21 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/06/19 02:23:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/19 02:14:24 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/16 21:26:09 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2010/06/16 21:26:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/06/16 21:26:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/06/16 00:18:46 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to torchleech.lnk
[2010/06/15 11:07:48 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Window Washer.lnk
[2010/06/13 16:08:59 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/06/11 21:37:34 | 000,084,156 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100611_213732.reg
[2010/06/11 21:36:10 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/06/11 19:01:30 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/11 18:44:36 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2010/06/11 18:44:16 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2010/06/11 18:30:44 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/06/11 15:55:34 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/06/11 15:55:34 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/06/11 15:55:34 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/06/11 15:55:34 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/06/11 15:55:33 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/06/11 15:55:33 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/06/11 15:55:33 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/06/11 15:55:33 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/06/11 15:55:33 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/06/11 15:55:33 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/06/11 15:55:33 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/06/11 15:55:33 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/06/11 15:55:33 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/06/11 15:55:33 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/06/11 15:55:33 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/06/11 15:55:33 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/06/11 15:55:33 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/06/11 15:55:32 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/06/11 15:55:32 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/06/11 15:55:32 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/06/11 15:55:32 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/06/11 15:55:32 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/06/11 15:55:32 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/06/11 15:55:32 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/06/11 15:55:32 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/06/11 15:55:32 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/06/11 15:55:32 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/06/11 15:55:32 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/06/11 15:55:30 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/06/11 15:55:30 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/06/11 15:55:30 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/06/11 15:55:28 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/06/11 15:55:28 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/06/11 15:55:28 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/06/11 15:55:28 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/06/11 15:55:28 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/06/11 15:55:28 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/06/11 15:55:27 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/06/11 15:55:27 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/06/11 15:55:27 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/06/11 15:55:27 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/06/11 15:55:25 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/06/11 15:55:24 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/06/11 15:55:22 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/06/11 15:55:21 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/06/11 15:55:19 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/06/11 15:55:19 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/06/11 15:55:19 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/06/11 15:55:19 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/06/11 15:55:19 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/06/11 15:55:19 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/06/11 15:55:19 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/06/11 15:55:19 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/06/11 15:55:19 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/06/11 15:55:19 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/06/11 15:55:19 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/06/11 15:55:19 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/06/11 15:55:19 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/06/11 15:55:19 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/06/11 15:55:19 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/06/11 15:55:19 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/06/11 15:55:16 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/06/11 15:55:15 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/06/11 15:55:15 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/06/11 15:55:14 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/06/11 15:55:08 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/06/11 15:55:08 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/06/11 15:55:08 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/06/11 15:55:08 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/06/11 15:55:07 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/06/11 15:55:06 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/06/11 15:54:57 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/06/11 15:54:53 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/06/11 15:54:49 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/06/11 15:54:48 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/06/11 15:54:48 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/06/11 15:54:48 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/06/11 15:54:48 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/06/11 15:54:48 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/06/11 15:54:47 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/06/11 15:54:47 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/06/11 15:54:47 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/06/11 15:54:47 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/06/11 15:54:47 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/06/11 15:54:46 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/06/11 15:54:45 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/06/11 14:48:42 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2010/06/11 14:44:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Gateway_C3060_Versionxx_CA75120007469.MRK
[2010/06/11 14:41:18 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/06/11 14:40:59 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2010/06/11 14:40:59 | 000,030,056 | ---- | C] () -- C:\WINDOWS\System32\oemlogo.bmp
[2010/06/11 14:39:45 | 000,003,126 | ---- | C] () -- C:\WINDOWS\emachines_32.bmp
[2010/06/11 14:39:21 | 000,023,512 | ---- | C] () -- C:\WINDOWS\UNNeroBurnRights.cfg
[2010/06/11 14:37:40 | 000,000,850 | -H-- | C] () -- C:\IPH.PH
[2010/06/11 14:37:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/11 14:34:10 | 000,004,624 | ---- | C] () -- C:\WINDOWS\System32\nvaudio.nvu
[2010/06/11 14:34:06 | 000,002,016 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2010/06/11 14:34:04 | 000,001,217 | ---- | C] () -- C:\WINDOWS\System32\nvmctl.nvu
[2010/06/11 14:33:57 | 000,002,124 | ---- | C] () -- C:\WINDOWS\System32\nvgart.nvu
[2010/06/11 14:24:10 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/06/11 14:23:57 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/27 03:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 09:12:43 | 000,001,330 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\emver.ini

========== LOP Check ==========

[2010/06/16 22:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1click dvd copy
[2010/06/12 18:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/05 00:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/13 16:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/07/20 11:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-onsoftware
[2010/07/30 03:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/18 23:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/07/29 11:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/06/11 23:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/11 14:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/16 13:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/10 20:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/29 13:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/05 00:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/06/13 16:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2010/07/02 12:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\e-on software
[2010/07/12 19:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010/06/13 14:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/07/10 22:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LockHunter
[2010/07/29 11:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
[2010/06/13 16:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\runic games
[2010/06/11 14:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/07/28 22:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thinstall
[2010/07/29 11:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2010/08/01 22:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/06/16 22:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/11 14:48:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/29 23:45:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/29 23:54:38 | 000,033,662 | ---- | M] () -- C:\ComboFix.txt
[2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/11 14:38:52 | 000,000,850 | -H-- | M] () -- C:\IPH.PH
[2010/07/31 13:49:50 | 000,007,248 | ---- | M] () -- C:\JavaRa.log
[2010/07/17 13:56:34 | 000,004,120 | ---- | M] () -- C:\lxcrscan.log
[2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/11 17:40:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/02 11:38:41 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/29 21:27:30 | 000,000,454 | ---- | M] () -- C:\Scanner.ECF
[2010/07/29 22:14:13 | 000,049,434 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_29.07.2010_22.11.29_log.txt
[2010/07/30 02:54:01 | 000,048,998 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_30.07.2010_02.50.08_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/26 11:03:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/01/12 10:20:04 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/26 03:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 03:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 03:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-02 17:49:07

========== Alternate Data Streams ==========

@Alternate Data Stream - 1158 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:12M3ufBwU9psHFC9mujpUj
@Alternate Data Stream - 1068 bytes -> C:\Program Files\Common Files\Microsoft Shared:pDA0kK65g6HYEm0JQk4n1siq1F
< End of report >


OTL EXTRA:

OTL Extras logfile created on: 8/2/2010 9:41:14 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.33 Gb Total Space | 62.63 Gb Free Space | 43.09% Space Free | Partition Type: NTFS
Drive D: | 3.71 Gb Total Space | 1.58 Gb Free Space | 42.64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\lxcrcoms.exe" = C:\WINDOWS\system32\lxcrcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\e-on software\Vue 8 xStream\Application\Vue 8 xStream.eon" = C:\Program Files\e-on software\Vue 8 xStream\Application\Vue 8 xStream.eon:*:Enabled:Vue Application -- (e-on software)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0815DBB1-B3A7-4C43-8F3A-48CBADEBB86C}" = CoH Cheat Mod v2.301
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85DF2C7E-183B-4153-9B89-36D0E239E2CB}" = Dragonshard
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B939ADF3-FBC9-4C16-B544-390AF61560A5}" = Kohan
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D7D804B6-3BF8-4EDA-A69A-3377AADE6048}" = 179631
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AU10_is1" = Advanced Uninstaller PRO - Version 10
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dominions3" = Dominions 3 (remove only)
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD43_is1" = DVD43 v4.6.0
"DVD-CLONER VII_is1" = DVD-CLONER V7.30 Build 995
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Explorations v9.1" = Explorations v9.1
"Greatis Reanimator_is1" = RegRun Reanimator
"HijackThis" = HijackThis 2.0.2
"Lexmark 2400 Series" = Lexmark 2400 Series
"LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Map001" = Map001
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NeoTrace Pro 3.25" = NeoTrace Pro 3.25
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIA SMBus Driver" = NVIDIA SMBus Driver
"Runic Games TorchED" = TorchED
"Runic Games Torchlight" = Torchlight
"Space Empires V_is1" = Space Empires V
"UnHackMe_is1" = UnHackMe 5.95 release
"Unlocker" = Unlocker 1.8.9
"Vue 8 xStream 32bit" = Vue 8 xStream 32bit
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X3TC Bonus Package_is1" = X3TC Bonus Package 4.1.01
"X3TerranConflict_is1" = X3 Terran Conflict v2.7.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/4/2010 3:16:46 PM | Computer Name = JIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\spool\drivers\W32X86\3\lxcrtime.exe failed, 00000005.

Error - 7/4/2010 3:16:47 PM | Computer Name = JIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\spool\drivers\W32X86\3\lxcrtsfw.dll failed, 00000005.

Error - 7/4/2010 3:16:48 PM | Computer Name = JIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\spool\drivers\W32X86\3\lxcruldr.dll failed, 00000005.

Error - 7/4/2010 3:16:48 PM | Computer Name = JIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\spool\drivers\W32X86\3\lxcrupd.dll failed, 00000005.

Error - 7/4/2010 3:16:49 PM | Computer Name = JIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\spool\drivers\W32X86\3\lxcrupdb.dll failed, 00000005.

Error - 7/4/2010 3:16:50 PM | Computer Name = JIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\spool\drivers\W32X86\3\lxcrupdr.dll failed, 00000005.

Error - 7/4/2010 3:16:51 PM | Computer Name = JIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\spool\drivers\W32X86\3\lxcrupld.exe failed, 00000005.

Error - 7/4/2010 3:16:52 PM | Computer Name = JIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\spool\drivers\W32X86\3\lxcrutil.dll failed, 00000005.

Error - 7/4/2010 3:16:53 PM | Computer Name = JIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\spool\drivers\W32X86\3\lxcrview.exe failed, 00000005.

Error - 7/4/2010 3:16:54 PM | Computer Name = JIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\spool\drivers\W32X86\3\lxcrwavs.exe failed, 00000005.

[ Application Events ]
Error - 7/31/2010 4:34:14 AM | Computer Name = JIM | Source = MsiInstaller | ID = 11316
Description = Product: Microsoft Money 2004 -- Error 1316.A network error occurred
while attempting to read from the file: C:\WINDOWS\Installer\money.msi

Error - 8/2/2010 10:57:39 AM | Computer Name = JIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 7/20/2010 5:00:00 PM | Computer Name = JIM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 7/21/2010 5:00:00 PM | Computer Name = JIM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 7/22/2010 5:00:00 PM | Computer Name = JIM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 7/23/2010 5:00:00 PM | Computer Name = JIM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 7/24/2010 5:00:00 PM | Computer Name = JIM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 7/25/2010 5:00:00 PM | Computer Name = JIM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 7/26/2010 5:00:00 PM | Computer Name = JIM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 7/27/2010 2:11:40 AM | Computer Name = JIM | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.2 on
the Network Card with network address 0040CA216366.

Error - 7/27/2010 5:00:00 PM | Computer Name = JIM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 7/28/2010 5:00:00 PM | Computer Name = JIM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402


< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 03 August 2010 - 07:38 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
Poet1960
Posted 03 August 2010 - 11:30 AM

Poet1960

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the combofix log:






ComboFix 10-08-02.03 - Owner 08/03/2010 9:57.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1558 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100803-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-02 19:08 . 2010-08-02 19:08 -------- d-----w- c:\program files\ERUNT
2010-08-02 18:40 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-02 18:40 . 2010-08-02 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 18:40 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-02 05:53 . 2010-08-02 05:54 -------- d-----w- c:\program files\NeoTracePro
2010-08-01 14:50 . 2010-08-01 14:50 -------- d-----w- c:\windows\Logs
2010-08-01 14:28 . 2010-08-02 02:25 -------- d-----w- c:\program files\Common Files\BioWare
2010-08-01 14:00 . 2010-08-01 14:00 -------- d-----w- c:\program files\7-Zip
2010-07-31 08:15 . 2010-07-31 08:15 -------- d-----w- c:\windows\system32\syncdb
2010-07-31 05:10 . 2010-07-31 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-31 05:10 . 2010-07-31 05:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-31 04:56 . 2010-07-31 04:56 133440 ----a-w- c:\windows\system32\LnkProtect.dll
2010-07-30 20:01 . 2010-07-30 20:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-30 20:01 . 2010-07-30 20:01 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-30 20:01 . 2010-07-31 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-30 19:34 . 2010-07-30 19:34 -------- d-----w- c:\program files\Trend Micro
2010-07-30 10:05 . 2010-07-30 10:05 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-07-30 10:00 . 2010-07-31 07:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-30 10:00 . 2010-07-30 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-30 09:07 . 2010-07-30 09:07 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7592c673-n\msvcp71.dll
2010-07-30 09:07 . 2010-07-30 09:07 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7592c673-n\jmc.dll
2010-07-30 09:07 . 2010-07-30 09:07 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7592c673-n\msvcr71.dll
2010-07-30 09:07 . 2010-07-30 09:07 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-23a527f8-n\decora-sse.dll
2010-07-30 09:07 . 2010-07-30 09:07 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-23a527f8-n\decora-d3d.dll
2010-07-30 09:07 . 2010-07-30 09:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-30 08:48 . 2010-07-30 08:48 -------- d-----r- C:\comment.htt
2010-07-30 08:21 . 2010-07-30 08:21 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-07-30 08:21 . 2010-07-30 08:21 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-07-30 08:21 . 2010-07-30 08:21 2 --shatr- c:\windows\winstart.bat
2010-07-30 08:20 . 2010-07-07 17:14 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-07-30 08:20 . 2010-08-02 17:57 -------- d-----w- c:\program files\UnHackMe
2010-07-30 07:17 . 2010-07-30 07:17 -------- d-----w- c:\program files\ESET
2010-07-30 05:14 . 2010-07-30 05:14 -------- d-----w- C:\TDSSKiller_Quarantine
2010-07-30 04:05 . 2010-07-30 04:05 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 04:05 . 2010-07-30 04:05 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 04:05 . 2010-07-30 04:05 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-30 04:05 . 2010-07-30 04:05 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-07-30 04:05 . 2010-07-30 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 04:05 . 2010-07-30 04:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-29 19:38 . 2010-07-29 19:44 -------- d-----w- c:\program files\Explorations
2010-07-29 19:30 . 2010-07-29 19:30 -------- d-----w- c:\program files\001
2010-07-29 18:45 . 2010-07-29 18:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Unity
2010-07-29 07:28 . 2010-07-29 18:44 -------- d-----w- c:\documents and settings\Owner\Application Data\PACE Anti-Piracy
2010-07-29 07:28 . 2010-07-29 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-07-29 07:28 . 2010-07-29 07:28 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-07-29 07:28 . 2010-07-29 07:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PACE Anti-Piracy
2010-07-29 07:25 . 2010-07-30 11:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity
2010-07-29 07:23 . 2010-07-29 18:49 -------- d-----w- c:\program files\Unity
2010-07-29 05:54 . 2010-07-29 05:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Thinstall
2010-07-28 05:47 . 2010-08-02 03:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-17 21:38 . 2010-07-31 08:36 -------- d-----w- c:\program files\THQ
2010-07-17 21:35 . 2010-07-17 21:35 -------- d-sh--w- c:\windows\ftpcache
2010-07-16 05:10 . 2009-07-07 21:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-16 05:10 . 2009-07-07 21:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-16 05:10 . 2010-07-16 05:10 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-07-16 05:03 . 2010-07-16 05:03 -------- d-----w- c:\program files\Pure Networks
2010-07-16 05:02 . 2009-07-16 23:28 34226736 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-07-16 05:02 . 2010-07-16 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-07-16 04:23 . 2010-07-16 04:23 -------- d-----w- c:\program files\WebEx
2010-07-16 04:22 . 2010-07-16 05:10 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-14 06:07 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 16:17 . 2010-07-13 16:17 300 ----a-w- c:\windows\EReg515.dat
2010-07-13 05:11 . 2010-07-13 05:11 -------- d-----w- c:\program files\TimeGate Studios
2010-07-12 02:32 . 2010-07-31 08:31 -------- d-----w- c:\program files\Atari
2010-07-12 01:22 . 2007-10-22 10:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-07-12 01:22 . 2007-10-12 22:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-07-12 01:22 . 2007-10-02 16:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-07-12 01:22 . 2007-10-12 22:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-07-12 01:22 . 2007-07-20 07:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-07-12 01:16 . 2010-07-12 20:21 -------- d-----w- c:\program files\Paradox Interactive
2010-07-11 05:09 . 2010-07-11 05:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LockHunter
2010-07-11 05:08 . 2010-07-11 05:08 -------- d-----w- c:\program files\LockHunter
2010-07-11 03:04 . 2010-07-11 03:04 -------- d-----w- c:\documents and settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-11 00:51 . 2010-07-11 00:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help
2010-07-11 00:36 . 2010-07-11 00:36 -------- d-----w- C:\MWASPI
2010-07-11 00:36 . 2000-03-30 00:11 8096 ------w- c:\windows\system32\drivers\MASPINT.SYS
2010-07-11 00:36 . 1999-10-23 00:58 4030 ------w- c:\windows\system\WINASPI.DLL
2010-07-11 00:36 . 1997-06-12 02:01 30208 ------w- c:\windows\system32\WNASPI32.DLL
2010-07-11 00:36 . 1997-02-28 10:00 2486 ------w- c:\windows\system\AS16POST.BIN
2010-07-11 00:35 . 2010-07-11 00:35 -------- d-----w- c:\program files\PIXELA
2010-07-11 00:34 . 2010-07-19 05:46 -------- d-----w- c:\program files\Picture Navigator
2010-07-11 00:28 . 2010-07-11 01:12 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
2010-07-10 23:27 . 2010-07-10 23:27 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-10 23:27 . 2010-07-10 23:27 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-10 23:27 . 2010-07-10 23:27 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-10 23:26 . 2010-06-07 23:57 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-10 23:26 . 2010-06-07 23:57 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-10 23:26 . 2010-06-07 23:57 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-10 23:26 . 2010-06-07 23:57 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-10 23:26 . 2010-06-07 23:57 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-10 23:26 . 2010-06-07 23:57 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-07-10 23:26 . 2010-06-07 23:57 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-10 23:26 . 2010-06-07 23:57 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-10 23:17 . 2010-07-10 23:15 208896 ----a-w- c:\windows\system32\NVUIDE.exe
2010-07-10 23:13 . 2010-07-10 23:13 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-07-10 23:06 . 2010-07-10 23:35 -------- d-----w- c:\program files\Driver Checker
2010-07-10 23:06 . 2008-12-04 00:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-07-10 22:24 . 2010-06-07 23:57 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-10 22:22 . 2007-05-28 04:57 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-07-10 22:22 . 2007-09-28 18:32 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-07-10 22:19 . 2010-07-10 22:19 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2010-07-09 16:44 . 2010-08-02 18:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-07-09 16:41 . 2010-08-02 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-05 07:46 . 2010-07-25 05:10 -------- d-----w- c:\program files\dominions3
2010-07-05 07:43 . 2010-07-05 07:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-05 07:43 . 2010-07-05 07:44 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2010-07-05 07:43 . 2010-07-05 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-02 18:07 . 2010-06-29 22:12 -------- d-----w- c:\program files\lx_cats
2010-08-02 05:52 . 2010-06-12 01:30 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-08-02 03:31 . 2010-06-11 22:42 34528 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-01 14:52 . 2010-08-01 14:51 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-01 14:51 . 2010-08-01 14:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-31 20:47 . 2010-06-11 21:33 -------- d-----w- c:\program files\Java
2010-07-31 08:35 . 2010-06-30 04:27 -------- d-----w- c:\program files\Outlook Messenger
2010-07-31 08:32 . 2010-06-11 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-31 08:18 . 2010-06-12 05:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-30 09:07 . 2010-06-11 21:33 -------- d-----w- c:\program files\Common Files\Java
2010-07-20 18:12 . 2010-07-02 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\e-onsoftware
2010-07-19 06:02 . 2010-06-12 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-07-19 05:42 . 2010-06-20 06:25 -------- d-----w- c:\program files\Microsoft
2010-07-16 05:11 . 2010-07-16 04:22 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-07-13 02:50 . 2010-06-12 02:01 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2010-07-11 02:46 . 2010-06-12 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-10 23:51 . 2010-06-20 06:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-10 23:27 . 2010-06-11 21:34 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-10 23:27 . 2010-06-12 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-10 23:13 . 2010-06-11 21:34 442368 ----a-w- c:\windows\system32\nvusmb.exe
2010-07-02 20:19 . 2010-07-02 20:19 -------- d-----w- c:\program files\Strategy First
2010-07-02 19:23 . 2010-07-02 19:23 -------- d-----w- c:\program files\e-on software
2010-07-02 19:20 . 2010-07-02 19:20 -------- d-----w- c:\documents and settings\Owner\Application Data\e-on software
2010-07-02 05:20 . 2010-07-02 05:20 -------- d-----w- c:\program files\Vega Strike
2010-06-30 14:01 . 2010-06-30 14:01 749568 ----a-w- c:\windows\system32\spk.dll
2010-06-30 04:21 . 2010-06-30 04:21 -------- d-----w- c:\program files\ConWare
2010-06-29 22:11 . 2010-06-29 22:11 -------- d-----w- c:\program files\Lexmark 2400 Series
2010-06-29 22:11 . 2010-06-29 22:11 -------- d-----w- c:\program files\Lexmark Toolbar
2010-06-29 21:07 . 2010-06-29 21:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-29 20:27 . 2010-06-12 05:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-29 20:25 . 2010-06-29 20:25 -------- d-----w- c:\documents and settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-06-29 05:18 . 2010-06-29 05:17 -------- d-----w- c:\program files\Dvd-cloner
2010-06-29 05:10 . 2010-06-29 04:39 -------- d-----w- c:\program files\DVD-Cloner Platinum
2010-06-25 09:10 . 2010-06-20 06:08 -------- d-----w- c:\program files\EGOSOFT
2010-06-20 06:29 . 2010-06-20 06:29 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-20 06:29 . 2010-06-20 06:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-20 06:25 . 2010-06-20 06:25 -------- d-----w- c:\program files\Unlocker
2010-06-19 22:42 . 2010-06-19 22:42 -------- d-----w- c:\program files\Alwil Software
2010-06-19 09:25 . 2010-06-19 09:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-17 05:42 . 2010-06-17 04:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2010-06-17 05:42 . 2010-06-17 04:26 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2010-06-17 05:42 . 2010-06-17 04:26 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2010-06-17 05:41 . 2010-06-16 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\1click dvd copy
2010-06-17 04:26 . 2010-06-17 04:26 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-17 04:25 . 2010-06-17 04:25 -------- d-----w- c:\program files\LG Software Innovations
2010-06-16 20:37 . 2010-06-16 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-06-16 08:22 . 2010-06-16 08:22 260 ----a-w- c:\documents and settings\Owner\Application Data\runic games\torchlight\mods\remove_binary.bat
2010-06-16 08:16 . 2010-06-16 08:16 -------- d-----w- c:\program files\MSBuild
2010-06-16 08:15 . 2010-06-16 08:15 -------- d-----w- c:\program files\Reference Assemblies
2010-06-16 07:47 . 2010-06-13 23:35 -------- d-----w- c:\program files\Runic Games
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\program files\Common Files\Webroot Shared
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Webroot
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\program files\Webroot
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-06-14 14:31 . 2004-08-26 18:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 23:40 . 2010-06-13 23:40 -------- d-----w- c:\documents and settings\Owner\Application Data\runic games
2010-06-13 23:29 . 2010-06-13 23:07 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2010-06-13 23:08 . 2010-06-13 23:08 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-13 23:08 . 2010-06-13 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-06-13 21:03 . 2010-06-13 21:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-06-13 01:03 . 2010-06-12 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-13 00:26 . 2010-06-13 00:26 -------- d-----w- c:\program files\Driver-Soft
2010-06-12 19:20 . 2010-06-12 19:20 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-06-12 19:20 . 2010-06-12 19:20 -------- d-----w- c:\program files\dvd43
2010-06-12 18:45 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-06-12 17:41 . 2010-06-12 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-06-12 17:13 . 2010-06-12 17:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-12 06:45 . 2010-06-12 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-12 06:01 . 2010-06-12 06:01 -------- d-----w- c:\program files\Adobe Media Player
2010-06-12 06:01 . 2010-06-12 06:01 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-06-12 05:28 . 2010-06-12 05:27 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2010-06-12 04:36 . 2010-06-12 04:36 -------- d-----w- c:\program files\CCleaner
2010-06-12 04:22 . 2010-06-12 04:22 -------- d-----w- c:\program files\[bleep] NFO Viewer
2010-06-12 03:02 . 2010-06-12 03:02 -------- d-----w- c:\program files\AVG
2010-06-12 02:48 . 2010-06-12 01:44 -------- d-----w- c:\program files\Perfect Uninstaller
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\windows\Fonts\AdvUninstal
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\program files\Innovative Solutions
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----w- c:\program files\IObit
2010-06-12 01:46 . 2010-06-11 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-06-12 01:46 . 2010-06-11 21:37 -------- d-----w- c:\program files\Common Files\AOL
2010-06-12 01:45 . 2010-06-11 21:37 -------- d-----w- c:\program files\Common Files\aolshare
2010-06-12 01:30 . 2010-06-12 01:30 -------- d-----w- c:\program files\uTorrent
2010-06-12 00:45 . 2004-08-26 18:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-11 22:22 . 2010-06-11 22:22 -------- d-----w- c:\program files\MSXML 4.0
2010-06-11 21:44 . 2010-06-11 21:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2010-06-11 21:44 . 2010-06-11 21:44 -------- d-----w- c:\documents and settings\Owner\Application Data\SampleView
2010-06-11 21:43 . 2010-06-11 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-11 21:43 . 2010-06-11 21:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\McAfee
2010-06-11 21:43 . 2010-06-11 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2010-06-11 21:42 . 2010-06-11 21:42 -------- d-----w- c:\program files\Digital Media Reader
2010-06-11 21:42 . 2010-06-11 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-11 21:41 . 2010-06-11 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-06-11 21:41 . 2010-06-11 21:41 -------- d-----w- c:\program files\CyberLink
2010-06-11 21:40 . 2010-06-11 21:40 -------- d-----w- c:\program files\Microsoft Works
2010-06-11 21:39 . 2010-06-11 21:38 -------- d-----w- c:\program files\Ahead
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\program files\Viewpoint
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-08 13902440]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\\Program Files\\e-on software\\Vue 8 xStream\\Application\\Vue 8 xStream.eon"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/19/2010 3:42 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/19/2010 3:42 PM 20560]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [6/15/2010 11:07 AM 598856]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [7/30/2010 1:21 AM 35816]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/13/2010 4:08 PM 697328]
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ig2bpsk0.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 10:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\docume~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_8e0.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-08-03 10:07:12
ComboFix-quarantined-files.txt 2010-08-03 17:07
ComboFix2.txt 2010-07-30 06:54

Pre-Run: 67,183,386,624 bytes free
Post-Run: 67,168,239,616 bytes free

- - End Of File - - C2CC287637FFBFDAE6FC4D2F5EADBD1D


*** EDIT ***

I have been thinking about how and where I may have contracted this problem and I think I remember.

I have a home network, I was actually using the laptop (using desktop for this thread)I tried to click a video and it said it needed an update or some such thing for flash and after that downloaded things got really screwy. I thought I had removed it from the laptop because I no longer had any problems with it. I don't use the laptop as much, my girlfriend does, but I do think I remember getting some redirects after my "fix" when I was looking for something else. Also she said the laptop was acting funny way before all this current stuff, so I am not exactly sure if they are all related or just compounding each other. Anyway, just some more background info to maybe help you in your diagnosis. Thanks.

Edited by Poet1960, 03 August 2010 - 12:00 PM.

  • 0

#4
Rorschach112
Posted 03 August 2010 - 12:30 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
post this log C:\qoobox\combofix.txt
  • 0

#5
Poet1960
Posted 03 August 2010 - 12:34 PM

Poet1960

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The only one I have is this one, the file name is "combofix2":

ComboFix 10-07-29.02 - Owner 07/29/2010 23:47:04.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1569 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100729-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\inst.exe
C:\Install.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-30 05:22 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 05:22 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 05:22 . 2010-07-30 05:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 05:14 . 2010-07-30 05:14 -------- d-----w- C:\TDSSKiller_Quarantine
2010-07-30 04:05 . 2010-07-30 04:05 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 04:05 . 2010-07-30 04:05 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 04:05 . 2010-07-30 04:05 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-30 04:05 . 2010-07-30 04:05 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-07-30 04:05 . 2010-07-30 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 04:05 . 2010-07-30 04:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-29 19:42 . 2010-07-29 19:42 -------- d-----w- c:\program files\eGaming Runtimes
2010-07-29 19:38 . 2010-07-29 19:44 -------- d-----w- c:\program files\Explorations
2010-07-29 19:30 . 2010-07-29 19:30 -------- d-----w- c:\program files\001
2010-07-29 18:45 . 2010-07-29 18:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Unity
2010-07-29 07:28 . 2010-07-29 18:44 -------- d-----w- c:\documents and settings\Owner\Application Data\PACE Anti-Piracy
2010-07-29 07:28 . 2010-07-29 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-07-29 07:28 . 2010-07-29 07:28 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-07-29 07:28 . 2010-07-29 07:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PACE Anti-Piracy
2010-07-29 07:25 . 2010-07-29 18:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity
2010-07-29 07:23 . 2010-07-29 18:49 -------- d-----w- c:\program files\Unity
2010-07-29 05:54 . 2010-07-29 05:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Thinstall
2010-07-28 05:47 . 2010-07-28 05:48 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-26 03:14 . 2010-07-29 00:32 -------- d-----w- c:\program files\Age of Wonders Shadow Magic
2010-07-26 03:11 . 2010-07-26 17:48 -------- d-----w- c:\program files\Age of Wonders II
2010-07-17 21:38 . 2010-07-17 21:38 -------- d-----w- c:\program files\THQ
2010-07-17 21:35 . 2010-07-17 21:35 -------- d-sh--w- c:\windows\ftpcache
2010-07-16 05:10 . 2009-07-07 21:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-16 05:10 . 2009-07-07 21:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-16 05:10 . 2010-07-16 05:10 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-07-16 05:03 . 2010-07-16 05:03 -------- d-----w- c:\program files\Pure Networks
2010-07-16 05:02 . 2009-07-16 23:28 34226736 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-07-16 05:02 . 2010-07-16 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-07-16 04:23 . 2010-07-16 04:23 -------- d-----w- c:\program files\WebEx
2010-07-16 04:22 . 2010-07-16 05:10 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-14 06:07 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 16:17 . 2010-07-13 16:17 300 ----a-w- c:\windows\EReg515.dat
2010-07-13 16:16 . 2010-07-13 16:16 -------- d-----w- c:\program files\Disney Interactive
2010-07-13 05:11 . 2010-07-13 05:11 -------- d-----w- c:\program files\TimeGate Studios
2010-07-12 02:32 . 2010-07-13 06:34 -------- d-----w- c:\program files\Atari
2010-07-12 01:22 . 2007-10-22 10:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-07-12 01:22 . 2007-10-12 22:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-07-12 01:22 . 2007-10-02 16:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-07-12 01:22 . 2007-10-12 22:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-07-12 01:22 . 2007-07-20 07:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-07-12 01:16 . 2010-07-12 20:21 -------- d-----w- c:\program files\Paradox Interactive
2010-07-11 05:09 . 2010-07-11 05:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LockHunter
2010-07-11 05:08 . 2010-07-11 05:08 -------- d-----w- c:\program files\LockHunter
2010-07-11 03:05 . 2010-06-29 20:27 53632 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-11 03:04 . 2010-07-11 03:04 -------- d-----w- c:\documents and settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-11 01:49 . 2010-07-11 01:51 -------- d-----w- C:\Photoshop Elements 8
2010-07-11 00:51 . 2010-07-11 00:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help
2010-07-11 00:36 . 2010-07-11 00:36 -------- d-----w- C:\MWASPI
2010-07-11 00:36 . 2000-03-30 00:11 8096 ------w- c:\windows\system32\drivers\MASPINT.SYS
2010-07-11 00:36 . 1999-10-23 00:58 4030 ------w- c:\windows\system\WINASPI.DLL
2010-07-11 00:36 . 1997-06-12 02:01 30208 ------w- c:\windows\system32\WNASPI32.DLL
2010-07-11 00:36 . 1997-02-28 10:00 2486 ------w- c:\windows\system\AS16POST.BIN
2010-07-11 00:35 . 2010-07-11 00:35 -------- d-----w- c:\program files\PIXELA
2010-07-11 00:34 . 2010-07-19 05:46 -------- d-----w- c:\program files\Picture Navigator
2010-07-11 00:28 . 2010-07-11 01:12 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
2010-07-10 23:27 . 2010-07-10 23:27 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-10 23:27 . 2010-07-10 23:27 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-10 23:27 . 2010-07-10 23:27 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-10 23:26 . 2010-06-07 23:57 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-10 23:26 . 2010-06-07 23:57 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-10 23:26 . 2010-06-07 23:57 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-10 23:26 . 2010-06-07 23:57 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-10 23:26 . 2010-06-07 23:57 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-10 23:26 . 2010-06-07 23:57 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-07-10 23:26 . 2010-06-07 23:57 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-10 23:26 . 2010-06-07 23:57 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-10 23:17 . 2010-07-10 23:15 208896 ----a-w- c:\windows\system32\NVUIDE.exe
2010-07-10 23:13 . 2010-07-10 23:13 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-07-10 23:06 . 2010-07-10 23:35 -------- d-----w- c:\program files\Driver Checker
2010-07-10 23:06 . 2008-12-04 00:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-07-10 22:24 . 2010-06-07 23:57 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-10 22:22 . 2007-05-28 04:57 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-07-10 22:22 . 2007-09-28 18:32 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-07-10 22:19 . 2010-07-10 22:19 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2010-07-09 16:44 . 2010-07-09 16:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-07-09 16:41 . 2010-07-09 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-05 07:46 . 2010-07-25 05:10 -------- d-----w- c:\program files\dominions3
2010-07-05 07:43 . 2010-07-05 07:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-05 07:43 . 2010-07-05 07:44 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2010-07-05 07:43 . 2010-07-05 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-02 20:19 . 2010-07-02 20:19 -------- d-----w- c:\program files\Strategy First
2010-07-02 19:23 . 2010-07-02 19:23 -------- d-----w- c:\program files\e-on software
2010-07-02 19:20 . 2010-07-20 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\e-onsoftware
2010-07-02 19:20 . 2010-07-02 19:20 -------- d-----w- c:\documents and settings\Owner\Application Data\e-on software
2010-07-02 05:20 . 2010-07-02 05:20 -------- d-----w- c:\program files\Vega Strike
2010-06-30 14:01 . 2010-06-30 14:01 749568 ----a-w- c:\windows\system32\spk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 04:41 . 2010-06-29 22:12 -------- d-----w- c:\program files\lx_cats
2010-07-30 04:39 . 2010-06-12 01:30 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-07-19 06:02 . 2010-06-12 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-07-19 05:48 . 2010-06-11 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-19 05:43 . 2010-06-20 06:24 -------- d-----w- c:\program files\Bing Bar Installer
2010-07-19 05:42 . 2010-06-20 06:25 -------- d-----w- c:\program files\Microsoft
2010-07-16 06:25 . 2010-06-11 22:42 34528 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 05:11 . 2010-07-16 04:22 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-07-13 02:50 . 2010-06-12 02:01 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2010-07-11 02:46 . 2010-06-12 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-11 01:58 . 2010-06-12 05:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 23:51 . 2010-06-20 06:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-10 23:27 . 2010-06-11 21:34 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-10 23:27 . 2010-06-12 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-10 23:13 . 2010-06-11 21:34 442368 ----a-w- c:\windows\system32\nvusmb.exe
2010-06-30 04:27 . 2010-06-30 04:27 -------- d-----w- c:\program files\Outlook Messenger
2010-06-30 04:21 . 2010-06-30 04:21 -------- d-----w- c:\program files\ConWare
2010-06-29 22:11 . 2010-06-29 22:11 -------- d-----w- c:\program files\Lexmark 2400 Series
2010-06-29 22:11 . 2010-06-29 22:11 -------- d-----w- c:\program files\Lexmark Toolbar
2010-06-29 21:07 . 2010-06-29 21:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-29 20:27 . 2010-06-12 05:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-29 20:25 . 2010-06-29 20:25 -------- d-----w- c:\documents and settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-06-29 05:18 . 2010-06-29 05:17 -------- d-----w- c:\program files\Dvd-cloner
2010-06-29 05:10 . 2010-06-29 04:39 -------- d-----w- c:\program files\DVD-Cloner Platinum
2010-06-25 09:10 . 2010-06-20 06:08 -------- d-----w- c:\program files\EGOSOFT
2010-06-20 06:29 . 2010-06-20 06:29 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-20 06:29 . 2010-06-20 06:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-20 06:25 . 2010-06-20 06:25 -------- d-----w- c:\program files\Unlocker
2010-06-19 22:42 . 2010-06-19 22:42 -------- d-----w- c:\program files\Alwil Software
2010-06-19 09:25 . 2010-06-19 09:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-17 05:42 . 2010-06-17 04:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2010-06-17 05:42 . 2010-06-17 04:26 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2010-06-17 05:42 . 2010-06-17 04:26 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2010-06-17 05:41 . 2010-06-16 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\1click dvd copy
2010-06-17 04:26 . 2010-06-17 04:26 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-17 04:25 . 2010-06-17 04:25 -------- d-----w- c:\program files\LG Software Innovations
2010-06-16 20:37 . 2010-06-16 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-06-16 08:22 . 2010-06-16 08:22 260 ----a-w- c:\documents and settings\Owner\Application Data\runic games\torchlight\mods\remove_binary.bat
2010-06-16 08:16 . 2010-06-16 08:16 -------- d-----w- c:\program files\MSBuild
2010-06-16 08:15 . 2010-06-16 08:15 -------- d-----w- c:\program files\Reference Assemblies
2010-06-16 07:47 . 2010-06-13 23:35 -------- d-----w- c:\program files\Runic Games
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\program files\Common Files\Webroot Shared
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Webroot
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\program files\Webroot
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-06-14 14:31 . 2004-08-26 18:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 23:40 . 2010-06-13 23:40 -------- d-----w- c:\documents and settings\Owner\Application Data\runic games
2010-06-13 23:29 . 2010-06-13 23:07 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2010-06-13 23:08 . 2010-06-13 23:08 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-13 23:08 . 2010-06-13 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-06-13 21:03 . 2010-06-13 21:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-06-13 01:03 . 2010-06-12 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-13 00:26 . 2010-06-13 00:26 -------- d-----w- c:\program files\Driver-Soft
2010-06-12 19:20 . 2010-06-12 19:20 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-06-12 19:20 . 2010-06-12 19:20 -------- d-----w- c:\program files\dvd43
2010-06-12 18:45 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-06-12 17:41 . 2010-06-12 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-06-12 17:13 . 2010-06-12 17:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-12 06:45 . 2010-06-12 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-12 06:01 . 2010-06-12 06:01 -------- d-----w- c:\program files\Adobe Media Player
2010-06-12 06:01 . 2010-06-12 06:01 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-06-12 06:01 . 2010-06-12 06:01 -------- d-----w- c:\program files\My Company Name
2010-06-12 05:28 . 2010-06-12 05:27 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2010-06-12 04:36 . 2010-06-12 04:36 -------- d-----w- c:\program files\CCleaner
2010-06-12 04:22 . 2010-06-12 04:22 -------- d-----w- c:\program files\[bleep] NFO Viewer
2010-06-12 03:02 . 2010-06-12 03:02 -------- d-----w- c:\program files\AVG
2010-06-12 02:48 . 2010-06-12 01:44 -------- d-----w- c:\program files\Perfect Uninstaller
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\windows\Fonts\AdvUninstal
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\program files\Innovative Solutions
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----w- c:\program files\IObit
2010-06-12 01:46 . 2010-06-11 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-06-12 01:46 . 2010-06-11 21:37 -------- d-----w- c:\program files\Common Files\AOL
2010-06-12 01:45 . 2010-06-11 21:37 -------- d-----w- c:\program files\Common Files\aolshare
2010-06-12 01:30 . 2010-06-12 01:30 -------- d-----w- c:\program files\uTorrent
2010-06-12 00:45 . 2004-08-26 18:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-11 22:22 . 2010-06-11 22:22 -------- d-----w- c:\program files\MSXML 4.0
2010-06-11 21:44 . 2010-06-11 21:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2010-06-11 21:44 . 2010-06-11 21:44 -------- d-----w- c:\documents and settings\Owner\Application Data\SampleView
2010-06-11 21:43 . 2010-06-11 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-11 21:43 . 2010-06-11 21:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\McAfee
2010-06-11 21:43 . 2010-06-11 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2010-06-11 21:42 . 2010-06-11 21:42 -------- d-----w- c:\program files\Digital Media Reader
2010-06-11 21:42 . 2010-06-11 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-11 21:41 . 2010-06-11 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-06-11 21:41 . 2010-06-11 21:41 -------- d-----w- c:\program files\CyberLink
2010-06-11 21:40 . 2010-06-11 21:40 -------- d-----w- c:\program files\Microsoft Works
2010-06-11 21:39 . 2010-06-11 21:38 -------- d-----w- c:\program files\Ahead
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\program files\Learn2.com
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\program files\Viewpoint
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\program files\QuickTime
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\program files\Common Files\Nullsoft
2010-06-11 21:38 . 2010-06-11 21:38 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\program files\Common Files\Real
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\program files\Real
2010-06-11 21:37 . 2010-06-11 21:37 335 ----a-w- c:\windows\nsreg.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutlookMessenger"="c:\program files\Outlook Messenger\OutlookMessenger.exe" [2010-05-15 7225344]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-07-03 2347216]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="c:\program files\Webroot\Washer\WashIdx.exe" [2007-11-26 55624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-08 13902440]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2010-07-16 472112]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\\Program Files\\Outlook Messenger\\OutlookMessenger.exe"=
"c:\\Program Files\\e-on software\\Vue 8 xStream\\Application\\Vue 8 xStream.eon"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/19/2010 3:42 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [10/9/2009 5:45 AM 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/19/2010 3:42 PM 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/29/2010 10:22 PM 304464]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [6/15/2010 11:07 AM 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/29/2010 10:22 PM 20952]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/13/2010 4:08 PM 697328]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cqervdlf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 23:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-07-29 23:54:37
ComboFix-quarantined-files.txt 2010-07-30 06:54

Pre-Run: 46,303,334,400 bytes free
Post-Run: 46,277,398,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3C8646E021415512F8066E5995CA9580
  • 0

#6
Rorschach112
Posted 03 August 2010 - 01:10 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
ipconfig /flushdns /c
c:\windows\system32\spk.dll

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
Poet1960
Posted 03 August 2010 - 01:27 PM

Poet1960

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
It came up with an error saying failed to start missing msvcr80.dll, here's the log:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
LoadLibrary failed for c:\windows\system32\spk.dll
c:\windows\system32\spk.dll moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 64562 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57068610 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.15.0 log created on 08032010_121351

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_634.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#8
Rorschach112
Posted 03 August 2010 - 03:40 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
open OTL click the none button, paste this in the custom scan box

net start DNS Client /c

click run scan post the log it gives
  • 0

#9
Poet1960
Posted 03 August 2010 - 10:43 PM

Poet1960

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here ya go:

OTL logfile created on: 8/3/2010 9:42:56 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.33 Gb Total Space | 62.54 Gb Free Space | 43.04% Space Free | Partition Type: NTFS
Drive D: | 3.71 Gb Total Space | 1.58 Gb Free Space | 42.64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========


< net start DNS Client /c >
< End of report >
  • 0

#10
Youngmoney
Posted 03 August 2010 - 11:31 PM

Youngmoney

    Member

  • Member
  • PipPip
  • 23 posts
i am getting constant redirects in both Mozilla firefox and Internet Explorer 8, also everytime i try to access facebook as soon as i press login it says it cannot retrieve a valid security certificate. I ran MBAM and Ad-Aware, both were inconclusive. Below is my HijackThis Logfile.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:24:23 AM, on 8/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AIM7\aim.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ktrofalb] C:\Documents and Settings\NetworkService\Local Settings\Application Data\orlgawhmq\sgtlnkvtssd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ktrofalb] C:\Documents and Settings\NetworkService\Local Settings\Application Data\orlgawhmq\sgtlnkvtssd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5138 bytes
  • 0

Advertisements

#11
Rorschach112
Posted 04 August 2010 - 04:26 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#12
Poet1960
Posted 04 August 2010 - 12:13 PM

Poet1960

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I didn't re-download combofix and it did an update when I ran it. Just a heads up in case this is not normal behavior.


ComboFix 10-08-04.01 - Owner 08/04/2010 11:02:01.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1571 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100804-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-03 19:13 . 2010-08-03 19:13 -------- d-----w- C:\_OTM
2010-08-02 19:08 . 2010-08-02 19:08 -------- d-----w- c:\program files\ERUNT
2010-08-02 18:40 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-02 18:40 . 2010-08-02 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 18:40 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-02 05:53 . 2010-08-02 05:54 -------- d-----w- c:\program files\NeoTracePro
2010-08-01 14:50 . 2010-08-01 14:50 -------- d-----w- c:\windows\Logs
2010-08-01 14:28 . 2010-08-02 02:25 -------- d-----w- c:\program files\Common Files\BioWare
2010-08-01 14:00 . 2010-08-01 14:00 -------- d-----w- c:\program files\7-Zip
2010-07-31 08:15 . 2010-07-31 08:15 -------- d-----w- c:\windows\system32\syncdb
2010-07-31 05:10 . 2010-07-31 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-31 05:10 . 2010-07-31 05:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-31 04:56 . 2010-07-31 04:56 133440 ----a-w- c:\windows\system32\LnkProtect.dll
2010-07-30 20:01 . 2010-07-30 20:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-30 20:01 . 2010-07-30 20:01 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-30 20:01 . 2010-07-31 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-30 19:34 . 2010-07-30 19:34 -------- d-----w- c:\program files\Trend Micro
2010-07-30 10:05 . 2010-07-30 10:05 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-07-30 10:00 . 2010-07-31 07:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-30 10:00 . 2010-07-30 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-30 09:07 . 2010-07-30 09:07 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7592c673-n\msvcp71.dll
2010-07-30 09:07 . 2010-07-30 09:07 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7592c673-n\jmc.dll
2010-07-30 09:07 . 2010-07-30 09:07 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7592c673-n\msvcr71.dll
2010-07-30 09:07 . 2010-07-30 09:07 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-23a527f8-n\decora-sse.dll
2010-07-30 09:07 . 2010-07-30 09:07 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-23a527f8-n\decora-d3d.dll
2010-07-30 09:07 . 2010-07-30 09:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-30 08:48 . 2010-07-30 08:48 -------- d-----r- C:\comment.htt
2010-07-30 08:21 . 2010-07-30 08:21 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-07-30 08:21 . 2010-07-30 08:21 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-07-30 08:21 . 2010-07-30 08:21 2 --shatr- c:\windows\winstart.bat
2010-07-30 08:20 . 2010-07-07 17:14 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-07-30 08:20 . 2010-08-02 17:57 -------- d-----w- c:\program files\UnHackMe
2010-07-30 07:17 . 2010-07-30 07:17 -------- d-----w- c:\program files\ESET
2010-07-30 05:14 . 2010-07-30 05:14 -------- d-----w- C:\TDSSKiller_Quarantine
2010-07-30 04:05 . 2010-07-30 04:05 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 04:05 . 2010-07-30 04:05 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 04:05 . 2010-07-30 04:05 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-30 04:05 . 2010-07-30 04:05 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-07-30 04:05 . 2010-07-30 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 04:05 . 2010-07-30 04:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-29 19:38 . 2010-07-29 19:44 -------- d-----w- c:\program files\Explorations
2010-07-29 19:30 . 2010-07-29 19:30 -------- d-----w- c:\program files\001
2010-07-29 18:45 . 2010-07-29 18:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Unity
2010-07-29 07:28 . 2010-07-29 18:44 -------- d-----w- c:\documents and settings\Owner\Application Data\PACE Anti-Piracy
2010-07-29 07:28 . 2010-07-29 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-07-29 07:28 . 2010-07-29 07:28 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-07-29 07:28 . 2010-07-29 07:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PACE Anti-Piracy
2010-07-29 07:25 . 2010-07-30 11:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity
2010-07-29 07:23 . 2010-07-29 18:49 -------- d-----w- c:\program files\Unity
2010-07-29 05:54 . 2010-07-29 05:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Thinstall
2010-07-28 05:47 . 2010-08-02 03:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-17 21:38 . 2010-07-31 08:36 -------- d-----w- c:\program files\THQ
2010-07-17 21:35 . 2010-07-17 21:35 -------- d-sh--w- c:\windows\ftpcache
2010-07-16 05:10 . 2009-07-07 21:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-16 05:10 . 2009-07-07 21:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-16 05:10 . 2010-07-16 05:10 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-07-16 05:03 . 2010-07-16 05:03 -------- d-----w- c:\program files\Pure Networks
2010-07-16 05:02 . 2009-07-16 23:28 34226736 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-07-16 05:02 . 2010-07-16 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-07-16 04:23 . 2010-07-16 04:23 -------- d-----w- c:\program files\WebEx
2010-07-16 04:22 . 2010-07-16 05:10 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-14 06:07 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 16:17 . 2010-07-13 16:17 300 ----a-w- c:\windows\EReg515.dat
2010-07-13 05:11 . 2010-07-13 05:11 -------- d-----w- c:\program files\TimeGate Studios
2010-07-12 02:32 . 2010-07-31 08:31 -------- d-----w- c:\program files\Atari
2010-07-12 01:22 . 2007-10-22 10:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-07-12 01:22 . 2007-10-12 22:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-07-12 01:22 . 2007-10-02 16:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-07-12 01:22 . 2007-10-12 22:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-07-12 01:22 . 2007-07-20 07:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-07-12 01:16 . 2010-07-12 20:21 -------- d-----w- c:\program files\Paradox Interactive
2010-07-11 05:09 . 2010-07-11 05:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LockHunter
2010-07-11 05:08 . 2010-07-11 05:08 -------- d-----w- c:\program files\LockHunter
2010-07-11 03:04 . 2010-07-11 03:04 -------- d-----w- c:\documents and settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-11 00:51 . 2010-07-11 00:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help
2010-07-11 00:36 . 2010-07-11 00:36 -------- d-----w- C:\MWASPI
2010-07-11 00:36 . 2000-03-30 00:11 8096 ------w- c:\windows\system32\drivers\MASPINT.SYS
2010-07-11 00:36 . 1999-10-23 00:58 4030 ------w- c:\windows\system\WINASPI.DLL
2010-07-11 00:36 . 1997-06-12 02:01 30208 ------w- c:\windows\system32\WNASPI32.DLL
2010-07-11 00:36 . 1997-02-28 10:00 2486 ------w- c:\windows\system\AS16POST.BIN
2010-07-11 00:35 . 2010-07-11 00:35 -------- d-----w- c:\program files\PIXELA
2010-07-11 00:34 . 2010-07-19 05:46 -------- d-----w- c:\program files\Picture Navigator
2010-07-11 00:28 . 2010-07-11 01:12 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
2010-07-10 23:27 . 2010-07-10 23:27 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-10 23:27 . 2010-07-10 23:27 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-10 23:27 . 2010-07-10 23:27 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-10 23:26 . 2010-06-07 23:57 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-10 23:26 . 2010-06-07 23:57 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-10 23:26 . 2010-06-07 23:57 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-10 23:26 . 2010-06-07 23:57 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-10 23:26 . 2010-06-07 23:57 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-10 23:26 . 2010-06-07 23:57 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-07-10 23:26 . 2010-06-07 23:57 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-10 23:26 . 2010-06-07 23:57 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-10 23:17 . 2010-07-10 23:15 208896 ----a-w- c:\windows\system32\NVUIDE.exe
2010-07-10 23:13 . 2010-07-10 23:13 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-07-10 23:06 . 2010-07-10 23:35 -------- d-----w- c:\program files\Driver Checker
2010-07-10 23:06 . 2008-12-04 00:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-07-10 22:24 . 2010-06-07 23:57 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-10 22:22 . 2007-05-28 04:57 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-07-10 22:22 . 2007-09-28 18:32 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-07-10 22:19 . 2010-07-10 22:19 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2010-07-09 16:44 . 2010-08-02 18:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-07-09 16:41 . 2010-08-02 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 17:59 . 2010-06-29 22:12 -------- d-----w- c:\program files\lx_cats
2010-08-02 05:52 . 2010-06-12 01:30 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-08-02 03:31 . 2010-06-11 22:42 34528 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-01 14:52 . 2010-08-01 14:51 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-01 14:51 . 2010-08-01 14:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-31 20:47 . 2010-06-11 21:33 -------- d-----w- c:\program files\Java
2010-07-31 08:35 . 2010-06-30 04:27 -------- d-----w- c:\program files\Outlook Messenger
2010-07-31 08:32 . 2010-06-11 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-31 08:18 . 2010-06-12 05:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-30 09:07 . 2010-06-11 21:33 -------- d-----w- c:\program files\Common Files\Java
2010-07-25 05:10 . 2010-07-05 07:46 -------- d-----w- c:\program files\dominions3
2010-07-20 18:12 . 2010-07-02 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\e-onsoftware
2010-07-19 06:02 . 2010-06-12 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-07-19 05:42 . 2010-06-20 06:25 -------- d-----w- c:\program files\Microsoft
2010-07-16 05:11 . 2010-07-16 04:22 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-07-13 02:50 . 2010-06-12 02:01 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2010-07-11 02:46 . 2010-06-12 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-10 23:51 . 2010-06-20 06:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-10 23:27 . 2010-06-11 21:34 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-10 23:27 . 2010-06-12 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-10 23:13 . 2010-06-11 21:34 442368 ----a-w- c:\windows\system32\nvusmb.exe
2010-07-05 07:44 . 2010-07-05 07:43 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2010-07-05 07:43 . 2010-07-05 07:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-05 07:43 . 2010-07-05 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-02 20:19 . 2010-07-02 20:19 -------- d-----w- c:\program files\Strategy First
2010-07-02 19:23 . 2010-07-02 19:23 -------- d-----w- c:\program files\e-on software
2010-07-02 19:20 . 2010-07-02 19:20 -------- d-----w- c:\documents and settings\Owner\Application Data\e-on software
2010-07-02 05:20 . 2010-07-02 05:20 -------- d-----w- c:\program files\Vega Strike
2010-06-30 04:21 . 2010-06-30 04:21 -------- d-----w- c:\program files\ConWare
2010-06-29 22:11 . 2010-06-29 22:11 -------- d-----w- c:\program files\Lexmark 2400 Series
2010-06-29 22:11 . 2010-06-29 22:11 -------- d-----w- c:\program files\Lexmark Toolbar
2010-06-29 21:07 . 2010-06-29 21:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-29 20:27 . 2010-06-12 05:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-29 20:25 . 2010-06-29 20:25 -------- d-----w- c:\documents and settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-06-29 05:18 . 2010-06-29 05:17 -------- d-----w- c:\program files\Dvd-cloner
2010-06-29 05:10 . 2010-06-29 04:39 -------- d-----w- c:\program files\DVD-Cloner Platinum
2010-06-25 09:10 . 2010-06-20 06:08 -------- d-----w- c:\program files\EGOSOFT
2010-06-20 06:29 . 2010-06-20 06:29 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-20 06:29 . 2010-06-20 06:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-20 06:25 . 2010-06-20 06:25 -------- d-----w- c:\program files\Unlocker
2010-06-19 22:42 . 2010-06-19 22:42 -------- d-----w- c:\program files\Alwil Software
2010-06-19 09:25 . 2010-06-19 09:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-17 05:42 . 2010-06-17 04:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2010-06-17 05:42 . 2010-06-17 04:26 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2010-06-17 05:42 . 2010-06-17 04:26 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2010-06-17 05:41 . 2010-06-16 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\1click dvd copy
2010-06-17 04:26 . 2010-06-17 04:26 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-17 04:25 . 2010-06-17 04:25 -------- d-----w- c:\program files\LG Software Innovations
2010-06-16 20:37 . 2010-06-16 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-06-16 08:22 . 2010-06-16 08:22 260 ----a-w- c:\documents and settings\Owner\Application Data\runic games\torchlight\mods\remove_binary.bat
2010-06-16 08:16 . 2010-06-16 08:16 -------- d-----w- c:\program files\MSBuild
2010-06-16 08:15 . 2010-06-16 08:15 -------- d-----w- c:\program files\Reference Assemblies
2010-06-16 07:47 . 2010-06-13 23:35 -------- d-----w- c:\program files\Runic Games
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\program files\Common Files\Webroot Shared
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Webroot
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\program files\Webroot
2010-06-15 18:07 . 2010-06-15 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-06-14 14:31 . 2004-08-26 18:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 23:40 . 2010-06-13 23:40 -------- d-----w- c:\documents and settings\Owner\Application Data\runic games
2010-06-13 23:29 . 2010-06-13 23:07 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2010-06-13 23:08 . 2010-06-13 23:08 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-13 23:08 . 2010-06-13 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-06-13 21:03 . 2010-06-13 21:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-06-13 01:03 . 2010-06-12 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-13 00:26 . 2010-06-13 00:26 -------- d-----w- c:\program files\Driver-Soft
2010-06-12 19:20 . 2010-06-12 19:20 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-06-12 19:20 . 2010-06-12 19:20 -------- d-----w- c:\program files\dvd43
2010-06-12 18:45 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-06-12 17:41 . 2010-06-12 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-06-12 17:13 . 2010-06-12 17:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-12 06:45 . 2010-06-12 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-12 06:01 . 2010-06-12 06:01 -------- d-----w- c:\program files\Adobe Media Player
2010-06-12 06:01 . 2010-06-12 06:01 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-06-12 05:28 . 2010-06-12 05:27 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2010-06-12 04:36 . 2010-06-12 04:36 -------- d-----w- c:\program files\CCleaner
2010-06-12 04:22 . 2010-06-12 04:22 -------- d-----w- c:\program files\[bleep] NFO Viewer
2010-06-12 03:02 . 2010-06-12 03:02 -------- d-----w- c:\program files\AVG
2010-06-12 02:48 . 2010-06-12 01:44 -------- d-----w- c:\program files\Perfect Uninstaller
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\windows\Fonts\AdvUninstal
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\program files\Innovative Solutions
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----w- c:\program files\IObit
2010-06-12 01:46 . 2010-06-11 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-06-12 01:46 . 2010-06-11 21:37 -------- d-----w- c:\program files\Common Files\AOL
2010-06-12 01:45 . 2010-06-11 21:37 -------- d-----w- c:\program files\Common Files\aolshare
2010-06-12 01:30 . 2010-06-12 01:30 -------- d-----w- c:\program files\uTorrent
2010-06-12 00:45 . 2004-08-26 18:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-11 22:22 . 2010-06-11 22:22 -------- d-----w- c:\program files\MSXML 4.0
2010-06-11 21:44 . 2010-06-11 21:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2010-06-11 21:44 . 2010-06-11 21:44 -------- d-----w- c:\documents and settings\Owner\Application Data\SampleView
2010-06-11 21:43 . 2010-06-11 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-11 21:43 . 2010-06-11 21:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\McAfee
2010-06-11 21:43 . 2010-06-11 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2010-06-11 21:42 . 2010-06-11 21:42 -------- d-----w- c:\program files\Digital Media Reader
2010-06-11 21:42 . 2010-06-11 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-11 21:41 . 2010-06-11 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-06-11 21:41 . 2010-06-11 21:41 -------- d-----w- c:\program files\CyberLink
2010-06-11 21:40 . 2010-06-11 21:40 -------- d-----w- c:\program files\Microsoft Works
2010-06-11 21:39 . 2010-06-11 21:38 -------- d-----w- c:\program files\Ahead
2010-06-11 21:38 . 2010-06-11 21:38 -------- d-----w- c:\program files\Common Files\Ahead
.

((((((((((((((((((((((((((((( SnapShot@2010-08-03_17.04.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-04 17:54 . 2010-08-04 17:54 16384 c:\windows\Temp\Perflib_Perfdata_624.dat
+ 2010-08-04 17:54 . 2010-08-04 17:54 16384 c:\windows\Temp\Perflib_Perfdata_554.dat
+ 2010-08-04 17:59 . 2010-08-04 17:59 221184 c:\windows\ERDNT\AutoBackup\8-4-2010\Users\00000002\UsrClass.dat
+ 2010-08-04 17:59 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\8-4-2010\ERDNT.EXE
+ 2010-08-03 19:22 . 2010-08-03 19:22 221184 c:\windows\ERDNT\AutoBackup\8-3-2010\Users\00000002\UsrClass.dat
+ 2010-08-03 19:22 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\8-3-2010\ERDNT.EXE
+ 2010-08-04 17:59 . 2010-08-04 17:59 7745536 c:\windows\ERDNT\AutoBackup\8-4-2010\Users\00000001\NTUSER.DAT
+ 2010-08-03 19:22 . 2010-08-03 19:22 7745536 c:\windows\ERDNT\AutoBackup\8-3-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-08 13902440]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\\Program Files\\e-on software\\Vue 8 xStream\\Application\\Vue 8 xStream.eon"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/19/2010 3:42 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/19/2010 3:42 PM 20560]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [6/15/2010 11:07 AM 598856]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [7/30/2010 1:21 AM 35816]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/13/2010 4:08 PM 697328]
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ig2bpsk0.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 11:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2000)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-08-04 11:11:30
ComboFix-quarantined-files.txt 2010-08-04 18:11
ComboFix2.txt 2010-08-03 17:07
ComboFix3.txt 2010-07-30 06:54

Pre-Run: 67,071,975,424 bytes free
Post-Run: 67,056,926,720 bytes free

- - End Of File - - CA78E2A70870B8FD754A1AC5B1C7347D
  • 0

#13
Rorschach112
Posted 04 August 2010 - 03:16 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
you use a router ?
  • 0

#14
Poet1960
Posted 04 August 2010 - 09:01 PM

Poet1960

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Yup, a comcast provided netgear. Please don't tell me you suspect the router is infected. (cringes) :)
  • 0

#15
Rorschach112
Posted 05 August 2010 - 03:30 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
sadly yes :)

It sounds like a case of Zlob/DNSchanger that change the router's DNS settings. Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP