Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Slenfbot!generic


  • Please log in to reply

#1
harrobray

harrobray

    Member

  • Member
  • PipPip
  • 41 posts
hi, my antivirus protection program, eTrust, keeps displaying warnings that a Win32/Slenfbot!generic has infected your computer. My windows explorer keeps crashing, and i think that it is because of the virus. It keeps occuring in my temporary files folder. Ive tried to the TFC program to remove the temporary files, and i t is successful removing them, but it keeps coming back. Can someone please help me out?
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello harrobray

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
harrobray

harrobray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi, the OTL program worked, and here is the OTL.txt log. But when i ran the other program, it would go to the blue-screen-of-death and reboot.
  • 0

#4
harrobray

harrobray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL logfile created on: 8/09/2009 7:43:17 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\User\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

955.27 Mb Total Physical Memory | 89.92 Mb Available Physical Memory | 9.41% Memory free
2.12 Gb Paging File | 0.90 Gb Available in Paging File | 42.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 26.12 Gb Free Space | 37.58% Space Free | Partition Type: NTFS
Drive D: | 69.50 Gb Total Space | 30.64 Gb Free Space | 44.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRAYH
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe (Novell, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe (CA, Inc.)
PRC - C:\Program Files\CA\eTrustITM\InoRpc.exe (CA)
PRC - C:\Program Files\CA\eTrustITM\InoRT.exe (CA)
PRC - C:\Program Files\CA\eTrustITM\InoTask.exe (CA)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Activ Software\Activdriver\ActivControl2.exe (Promethean)
PRC - C:\Windows\System32\nwtray.exe ()
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Windows\System32\iprntctl.exe (Novell, Inc.)
PRC - C:\Windows\System32\iprntlgn.exe (Novell, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\AceHide Free\AceHideFree.exe ()
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint2K\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\CA\eTrustITM\Realmon.exe (CA)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (BUNAgentSvc [Auto | Running]) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService [Auto | Running]) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-080708-050100 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iGateway [Auto | Running]) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe (CA, Inc.)
SRV - (InoRPC [Auto | Running]) -- C:\Program Files\CA\eTrustITM\InoRpc.exe (CA)
SRV - (InoRT [Auto | Running]) -- C:\Program Files\CA\eTrustITM\InoRT.exe (CA)
SRV - (InoTask [Auto | Running]) -- C:\Program Files\CA\eTrustITM\InoTask.exe (CA)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MobilityService [Auto | Running]) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NTIBackupSvc [Auto | Running]) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc [Auto | Running]) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (PSI_SVC_2 [Auto | Running]) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SQLWriter [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
SRV - (XTSvcMgr [Auto | Running]) -- C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe (Novell, Inc.)

========== Driver Services (SafeList) ==========

DRV - (ACTIVhidmini [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ACTIVhidmini.sys (Promethean)
DRV - (ActivHidSerMini [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\activhidsermini.sys (Promethean)
DRV - (adfs [Auto | Running]) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (b57nd60x [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Stopped]) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DKbFltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO [System | Running]) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (INO_FLPY [Boot | Running]) -- C:\Windows\system32\Drivers\ino_flpy.sys (Computer Associates)
DRV - (INO_FLTR [Auto | Running]) -- C:\Windows\System32\Drivers\ino_fltr.sys (Computer Associates)
DRV - (int15 [Auto | Running]) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (IntcHdmiAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (JMCR [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\jmcr.sys (JMicron Technology Corp.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NCFSD [Auto | Running]) -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys ()
DRV - (NCIOCTL [Auto | Running]) -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys ()
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (NICM [System | Running]) -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys (Novell, Inc.)
DRV - (nipplpt2 [System | Running]) -- C:\Windows\system32\drivers\nipplpt.sys ()
DRV - (NTIDrvr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (prmvmouse [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\activmouse.sys (Promethean)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (regi [Auto | Running]) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (UBHelper [Boot | Running]) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (WNTHW [Auto | Running]) -- C:\Windows\System32\DRIVERS\WNTHW.SYS ()
DRV - (WSDPrintDevice [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\WSDScan.sys (Microsoft Corporation)
DRV - (WSVD [On_Demand | Stopped]) -- C:\Windows\System32\drivers\WSVD.sys (CyberLink)
DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...travelmate_4730
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.1.50:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.backup.ftp: "172.16.1.50"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "172.16.1.50"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "172.16.1.50"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "172.16.1.50"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "172.16.1.50"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.16.1.50"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.16.1.50"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "www1.st*,www2.st*,www3.st*,www4.st*,172.16*,10.1*,mail.stpauls*,moodle.stpauls,*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.1.50"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "172.16.1.50"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 17:54:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/02 14:29:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/02 14:29:30 | 00,000,000 | ---D | M]

[2009/07/08 15:35:05 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/06/12 09:48:27 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/08 15:35:05 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/09/06 21:22:16 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\f69tydx6.default\extensions
[2009/06/24 19:49:53 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\f69tydx6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/12 09:48:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/02 14:29:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/30 21:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 21:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/30 21:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/30 17:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 17:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 17:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 17:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 17:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 17:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 17:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (823 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 172.16.1.14 linux
O1 - Hosts: 172.16.1.14 linux.stpaulswgl.vic.edu.au
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe (Promethean)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\Windows\System32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\Windows\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\NWTRAY.EXE ()
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe (CA)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPSON TX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDP.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0477193767-0499208596-717368838-8178\winmap.exe) - C:\RECYCLER\S-1-5-21-0477193767-0499208596-717368838-8178\winmap.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\bin\NalShell.dll File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{394b1a10-7bdf-11de-a975-001eecd48d91}\Shell\AutoRun\command - "" = E:\RECYCLERS\runmgr.exe -- File not found
O33 - MountPoints2\{394b1a10-7bdf-11de-a975-001eecd48d91}\Shell\open\command - "" = E:\RECYCLERS\runmgr.exe -- File not found
O33 - MountPoints2\{8b31ac7a-1a7d-11de-bf42-001eecd48d91}\Shell\Auto\command - "" = setup.exe
O33 - MountPoints2\{8b31ac7a-1a7d-11de-bf42-001eecd48d91}\Shell\AutoRun\command - "" = C:\Windows\System32\Shell32.DLL -- [2009/04/11 16:28:24 | 11,584,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8b31ac80-1a7d-11de-bf42-001eecd48d91}\Shell\AutoRun\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O33 - MountPoints2\{8b31ac80-1a7d-11de-bf42-001eecd48d91}\Shell\open\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O33 - MountPoints2\{8b31ac85-1a7d-11de-bf42-001eecd48d91}\Shell - "" = AutoRun
O33 - MountPoints2\{8b31ac85-1a7d-11de-bf42-001eecd48d91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{994e782a-6848-11de-8e9d-001eecd48d91}\Shell - "" = AutoRun
O33 - MountPoints2\{994e782a-6848-11de-8e9d-001eecd48d91}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{994e782c-6848-11de-8e9d-001eecd48d91}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{f7cff662-022b-11de-83a6-001eecd493ba}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/08 19:41:44 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2009/09/03 17:45:07 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/03 17:45:06 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/26 21:22:36 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/24 19:17:35 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\andy stuff
[2009/08/23 21:44:33 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\other antivirus stuff
[2009/08/23 21:21:42 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2009/08/23 21:21:39 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/23 21:21:37 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/23 21:21:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/23 21:21:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 21:20:49 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/23 21:20:35 | 00,000,917 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/23 21:20:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/23 21:06:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/20 14:25:50 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FileMaker
[2009/08/15 22:36:42 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/15 22:36:42 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/15 22:36:42 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/15 22:36:40 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/15 22:36:39 | 01,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/15 22:36:39 | 00,439,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/15 22:36:39 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/15 22:36:39 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/13 21:39:11 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/13 21:39:05 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/13 21:38:49 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/13 21:38:38 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/13 21:38:30 | 10,628,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/13 21:38:29 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/13 21:38:29 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/13 21:38:29 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/13 21:38:28 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/13 21:38:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/13 21:38:27 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/13 21:38:27 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/12 15:17:11 | 00,024,064 | ---- | C] () -- C:\Users\User\Documents\quotes.doc
[2009/07/04 15:11:23 | 00,000,091 | ---- | C] () -- C:\Windows\quadriga.ini
[2009/06/05 09:59:16 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/03 19:40:09 | 00,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009/04/08 14:27:51 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/08 14:20:42 | 00,000,025 | ---- | C] () -- C:\Windows\CDETX100.ini
[2009/03/10 14:46:05 | 00,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/03/07 21:02:49 | 00,034,592 | ---- | C] () -- C:\Windows\System32\drivers\nipplpt.sys
[2009/02/24 11:50:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/09 10:54:36 | 00,279,824 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2009/01/09 10:53:38 | 00,554,256 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2009/01/09 10:53:22 | 00,206,096 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2009/01/09 10:53:20 | 00,013,072 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2009/01/09 10:52:54 | 00,189,712 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll
[2008/12/31 16:04:42 | 00,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/15 08:32:33 | 00,238,864 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2008/12/15 08:32:32 | 00,902,416 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2008/12/15 08:32:32 | 00,165,136 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2008/12/15 08:31:38 | 00,111,888 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2008/12/15 08:31:37 | 00,025,360 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2008/11/12 13:39:05 | 00,000,086 | ---- | C] () -- C:\Windows\WPCMAPI.INI
[2008/11/11 18:04:13 | 00,009,176 | ---- | C] () -- C:\Windows\System32\drivers\WNTHW.SYS
[2008/11/11 09:50:46 | 00,286,720 | ---- | C] () -- C:\Windows\System32\eSTsnmp.dll
[2008/11/06 10:44:55 | 00,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2008/11/06 10:39:08 | 00,000,162 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/11/06 05:49:55 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/11/06 05:49:55 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/09/20 07:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/20 07:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/20 07:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/20 07:54:18 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/08/19 02:13:05 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2008/08/19 02:11:54 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/19 02:11:53 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/08/19 02:10:58 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/08/19 02:10:58 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/08/19 02:05:26 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/08/19 01:53:15 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/07/14 09:39:28 | 00,196,608 | ---- | C] () -- C:\Windows\ActivDRV.dll
[2008/07/14 09:39:28 | 00,167,936 | ---- | C] () -- C:\Windows\libactivboardex.dll
[2007/06/06 06:51:10 | 00,757,818 | ---- | C] () -- C:\Windows\System32\gwadd1.dll
[2007/06/06 06:49:26 | 00,303,166 | ---- | C] () -- C:\Windows\System32\gwodm132.dll
[2007/06/06 06:20:04 | 00,098,354 | ---- | C] () -- C:\Windows\System32\GWLDO132.DLL
[2006/11/02 20:23:31 | 00,000,309 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 17:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/12 10:08:38 | 06,172,672 | ---- | C] () -- C:\Windows\System32\HwRecogK.dll
[2006/08/14 08:56:52 | 07,946,240 | ---- | C] () -- C:\Windows\System32\HWRecogT.dll
[2006/08/13 16:48:58 | 15,147,008 | ---- | C] () -- C:\Windows\System32\HWRecog.dll
[2004/07/09 09:31:18 | 00,155,700 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
[2003/08/07 15:01:50 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2003/03/24 05:03:00 | 00,279,552 | ---- | C] () -- C:\Windows\System32\FGWVB32.DLL
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/27 09:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/15 06:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 16:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 09:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 15:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/03/26 00:12:00 | 00,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[1997/06/14 11:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009/09/08 19:38:28 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/09/08 19:36:52 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/08 19:36:52 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/08 19:36:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/08 19:36:20 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2009/09/08 19:36:18 | 10,024,55040 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/07 21:27:36 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/09/07 21:26:57 | 04,254,326 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2009/09/02 14:29:33 | 00,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/09/02 11:06:18 | 00,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/02 11:06:18 | 00,638,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/02 11:06:18 | 00,121,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/29 10:27:49 | 04,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/29 10:14:38 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/24 17:33:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2009/08/23 21:20:35 | 00,000,917 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/12 15:17:11 | 00,024,064 | ---- | M] () -- C:\Users\User\Documents\quotes.doc

========== LOP Check ==========

[2009/08/23 21:21:42 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming
[2009/08/30 22:05:34 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2009/08/20 14:25:50 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileMaker
[2008/11/06 11:12:27 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Inspiration Software
[2009/07/21 18:28:48 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LimeWire
[2009/06/01 18:47:14 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PeerNetworking
[2008/11/07 11:20:56 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sibelius Software
[2009/09/08 19:36:23 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/07 21:27:42 | 00,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#6
harrobray

harrobray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ComboFix 09-09-08.06 - User 09/09/2009 20:04.1.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.61.1033.18.955.188 [GMT 10:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556
c:\recycler\S-1-5-21-0477193767-0499208596-717368838-8178
c:\recycler\S-1-5-21-0477193767-0499208596-717368838-8178\Desktop.ini
c:\recycler\S-1-5-21-0477193767-0499208596-717368838-8178\winmap.exe
c:\windows\Suyin.reg

.
((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-09 10:15 . 2009-09-09 10:18 -------- d-----w- c:\users\User\AppData\Local\temp
2009-09-09 10:15 . 2009-09-09 10:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-09 10:15 . 2009-09-09 10:15 -------- d-----w- c:\users\Admin\AppData\Local\temp
2009-09-03 07:45 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 07:45 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 11:22 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-23 11:21 . 2009-08-23 11:21 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2009-08-23 11:21 . 2009-08-03 03:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 11:21 . 2009-08-23 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 11:21 . 2009-08-23 11:21 -------- d-----w- c:\programdata\Malwarebytes
2009-08-23 11:21 . 2009-08-03 03:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 11:20 . 2009-08-23 11:20 -------- d-----w- c:\program files\ERUNT
2009-08-23 11:06 . 2009-08-23 11:06 -------- d-----w- c:\program files\Trend Micro
2009-08-20 04:25 . 2009-08-20 04:25 -------- d-----w- c:\users\User\AppData\Roaming\FileMaker
2009-08-15 12:36 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-15 12:36 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-15 12:36 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-15 12:36 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-15 12:36 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-15 12:36 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-15 12:36 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-15 12:36 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 11:39 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 11:39 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 11:38 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 11:38 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 11:38 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 11:38 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 11:38 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 11:38 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 10:16 . 2009-03-31 01:53 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-02 01:06 . 2009-03-26 09:56 -------- d-----w- c:\users\User\AppData\Roaming\Apple Computer
2009-08-30 12:05 . 2009-07-21 08:53 -------- d-----w- c:\users\User\AppData\Roaming\BitTorrent
2009-08-13 12:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-05 09:08 . 2009-08-05 09:08 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-08-05 09:06 . 2008-11-05 23:35 -------- d-----w- c:\program files\MSECache
2009-08-03 08:33 . 2009-03-07 10:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-07-29 10:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 10:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 10:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 10:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 09:44 . 2008-11-07 02:33 -------- d-----w- c:\programdata\FLEXnet
2009-07-21 08:28 . 2009-04-08 06:42 -------- d-----w- c:\users\User\AppData\Roaming\LimeWire
2009-07-18 10:58 . 2009-07-18 10:58 -------- d-----w- c:\users\User\AppData\Roaming\DivX
2009-07-08 00:46 . 2009-02-23 21:43 680 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2009-07-04 04:53 . 2008-11-05 05:17 116248 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-15 14:53 . 2009-07-18 10:22 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-18 10:22 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-18 10:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-18 10:22 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-18 10:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 23:48 . 2009-06-11 23:48 0 ----a-w- c:\windows\nsreg.dat
2008-11-07 01:18 . 2008-11-07 01:18 604 ---ha-w- c:\program files\STLL Notifier
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-05 68856]
"zHideWin"="c:\program files\AceHide Free\AceHideFree.exe" [2002-05-16 94720]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-05 24064]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-31 405504]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2008-07-17 1454080]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-10-27 66832]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-10-27 66832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-03 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]
"NWTRAY"="NWTRAY.EXE" - c:\windows\System32\nwtray.exe [2009-01-09 30480]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-24 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8d,46,05,c9,74,e5,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA60B19F-CB02-4AC7-B16B-954B8B79A97D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CD99F8F3-AFE1-401A-B0FD-97DDF7AD8990}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{79AB5636-2C4A-4FA2-83F4-23EDC8E815B6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{BA980305-BD19-461C-89E2-7EB4CC075D81}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{58CFAB9A-A56D-4E99-8E99-5A594E44245D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{6F39F366-6291-449E-B080-1BBB3671C8EE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3185635D-06C9-47E0-BC51-1BEEF737A5C7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{F0341B82-192B-42A5-8E16-050EB84872D4}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{BC4DA208-375F-453A-96F8-35F4646F8ECA}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FD33D513-0E4B-480B-A3AE-1EC7D48689A2}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{8DAC1041-1D81-419C-8605-7EFEE08512B9}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{01B6EBE4-996E-4D38-8A23-51A387918288}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{9DCC9001-9361-485D-9D0F-6842BC28026A}"= UDP:5353:Adobe CSI CS4
"{E6E0C778-EC6A-4F33-86C7-963353B4C438}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C78372F6-64AF-40FB-867F-6757A2E7084A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0EE24E93-38C2-43A5-83D0-92B403F6C0D9}"= UDP:3703:Adobe Version Cue CS4 Server
"{9FFAAA48-B7C3-4D92-89F0-939F60B82820}"= UDP:3704:Adobe Version Cue CS4 Server
"{62D0C256-AE79-4510-BF30-82BBA9E545B7}"= UDP:51000:Adobe Version Cue CS4 Server
"{2B926EB6-32C6-4944-9F21-40976BA07485}"= UDP:51001:Adobe Version Cue CS4 Server
"{41F3502E-3246-45D9-AD68-BCE71ED52745}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{8ACAD990-F043-4A42-92DD-DBBFA6B65758}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{457379AA-4AF3-4603-8790-E3E667D1F4E7}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{4793974F-00C8-45B3-B66C-CA41C3C4E4B3}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{1B794346-54C1-49FC-9F23-EC79B358C576}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{73A1EC4E-6FD4-420B-8309-A9C430E96ABD}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"TCP Query User{DF378375-B36A-4F73-98B8-0A4275B15797}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{B8773BEF-4895-4BAE-86FF-75086A0C7413}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"{A1A3F5FF-D67D-422F-8E01-3EDA4BA823AC}"= TCP:3024:Novell Client Trust
"TCP Query User{7C7EFFFC-5E25-41D6-B29A-70715F167D59}c:\\users\\admin\\desktop\\nwprintclient\\nwprintclient\\nwprintclient.exe"= UDP:c:\users\admin\desktop\nwprintclient\nwprintclient\nwprintclient.exe:nwprintclient.exe
"UDP Query User{6A4E8F2A-1992-4637-A64B-E698B7D886E4}c:\\users\\admin\\desktop\\nwprintclient\\nwprintclient\\nwprintclient.exe"= TCP:c:\users\admin\desktop\nwprintclient\nwprintclient\nwprintclient.exe:nwprintclient.exe
"{D0681CDE-8F6D-4C07-A084-C1D187A5928E}"= UDP:c:\windows\System32\wuapp.exe:wuapp.exe
"{04B5A1C4-6E74-4264-BE22-E31F883F8FE5}"= TCP:c:\windows\System32\wuapp.exe:wuapp.exe
"{FA39D614-7F55-42E3-A9F3-670C62CFA3DD}"= UDP:c:\windows\System32\wuauclt.exe:wuauclt.exe
"{1297931F-DFE3-4C44-BA07-BB7979AE313B}"= TCP:c:\windows\System32\wuauclt.exe:wuauclt.exe
"TCP Query User{EB24DD06-55DF-4D31-814B-13B39A3E6E46}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{274D1EB4-C060-4215-B1C1-40B0E3597835}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"TCP Query User{F62D3FFA-E4AB-419E-A710-59B151CEC264}c:\\program files\\ca\\etrustitm\\realmon.exe"= UDP:c:\program files\ca\etrustitm\realmon.exe:Realmon
"UDP Query User{B9378EE1-FC57-48B1-8FE7-A8D635F74C0F}c:\\program files\\ca\\etrustitm\\realmon.exe"= TCP:c:\program files\ca\etrustitm\realmon.exe:Realmon
"{C6EB0A95-97A2-48AD-A899-C82604193952}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6AEB22F5-052E-4736-B85D-7E66A7C97711}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1DE1EF3D-C4C3-428B-818E-3AFACB353C47}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E3CAF917-BE3C-4E47-8553-D1FBB84D1BCE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E7AD8C85-B2E8-462E-937B-8C5E64992A13}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{B684641B-7816-4228-AEA4-E7D1DE48C230}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{88E07DBB-B321-45B7-8423-BEF6AD778047}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{450EDF6C-FEE3-44CE-BFBA-572CC91E615B}"= UDP:d:\program files\LimeWire\LimeWire.exe:LimeWire
"{8F45CED8-C49C-4702-BB0B-B78CC8FE47A3}"= TCP:d:\program files\LimeWire\LimeWire.exe:LimeWire
"{186CB08D-0637-481D-825D-D129FEB76765}"= UDP:d:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{2E4E403F-820D-4743-B22E-0357AA6153D1}"= TCP:d:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{81F759DF-6F94-4038-87CC-5A209C9BB3FF}\\\\axinite\\sys\\public\\clntrust.exe"= UDp:\\axinite\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{FAF5BC0B-7BB3-40E2-B01F-2080880507A4}\\\\axinite\\sys\\public\\clntrust.exe"= TCp:\\axinite\sys\public\clntrust.exe:clntrust.exe
"TCP Query User{F526F410-750D-4196-B666-2AF30F8DFBFB}d:\\program files\\bittorrent\\bittorrent.exe"= UDP:d:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{82439900-A5C8-431A-A1B9-4C0460D416E2}d:\\program files\\bittorrent\\bittorrent.exe"= TCP:d:\program files\bittorrent\bittorrent.exe:BitTorrent

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\System32\drivers\nipplpt.sys [7/03/2009 9:02 PM 34592]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [4/03/2008 6:11 AM 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [19/08/2008 2:05 AM 24576]
R2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [9/01/2009 10:53 AM 81944]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [9/01/2009 10:53 AM 52760]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [7/04/2008 3:42 PM 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/04/2008 8:03 PM 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 7:09 PM 11032]
R2 WNTHW;WNTHW;c:\windows\System32\drivers\WNTHW.SYS [11/11/2008 6:04 PM 9176]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\xtsvcmgr.exe [15/12/2008 8:32 AM 16656]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\System32\drivers\activhidsermini.sys [16/06/2008 1:38 PM 57088]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/03/2008 9:44 PM 210432]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [19/08/2008 2:11 AM 112128]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [19/08/2008 2:11 AM 93968]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 6:40 AM 3668480]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\System32\drivers\activmouse.sys [16/06/2008 1:38 PM 4480]
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\System32\drivers\ACTIVhidmini.sys [16/06/2008 1:38 PM 57600]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 4:46 AM 284016]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/11/2008 3:17 PM 24064]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [21/01/2008 12:23 PM 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\System32\drivers\WSDScan.sys [21/01/2008 12:23 PM 19968]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [12/11/2008 2:21 PM 81704]

--- Other Services/Drivers In Memory ---

*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://au.yahoo.com
uInternet Settings,ProxyServer = 172.16.1.50:8080
uInternet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f69tydx6.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-eRecoveryService - (no file)
ShellExecuteHooks-{763370C4-268E-4308-A60C-D8DA0342BE32} - c:\program files\Novell\ZENworks\bin\NalShell.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 20:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\ncv1_0.dll

- - - - - - - > 'Explorer.exe'(4004)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\ncnetprovider.dll
c:\windows\system32\NCLangID.dll
c:\windows\system32\MAPBASE.dll
c:\windows\system32\NETWIN32.DLL
c:\windows\system32\NWSHLXNT.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRPC.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\OGAVerify.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-09-09 20:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-09 10:21

Pre-Run: 28,062,588,928 bytes free
Post-Run: 27,879,813,120 bytes free

310 --- E O F --- 2009-09-08 11:04
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
First: Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Second: Online Scanner
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#8
harrobray

harrobray

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi, here's the Malwarebytes log, it says there were no malicious objects found, do i still have to do the kaspersky online scan?

Malwarebytes' Anti-Malware 1.40
Database version: 2770
Windows 6.0.6002 Service Pack 2

10/09/2009 5:37:58 PM
mbam-log-2009-09-10 (17-37-58).txt

Scan type: Quick Scan
Objects scanned: 96418
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes please do the online scanner as well.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP