Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

google redirect & anti-virus, spyware wont run

Started by norm21 , Oct 03 2009 02:43 AM

Please log in to reply

#1
norm21

Posted 03 October 2009 - 02:43 AM

New Member

Member
3 posts

I'm having problems with google redirecting my pages, also when i tried to run spybot or malwarebytes the program turns itself off, then when I try to re-run them I get a message ' windoes cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.'

Ive followed the steps in your guide

rootrepeal text:-
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/03 08:52
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xED4FB000 Size: 827392 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9DA6000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sfc.SYS
Image Path: C:\WINDOWS\System32\Drivers\sfc.SYS
Address: 0xB9CA9000 Size: 12544 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF78E4000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xEF43D000 Size: 61440 File Visible: No Signed: -
Status: -

Hidden Services
-------------------
Service Name: gasfkydlmcytgk
Image Path: C:\WINDOWS\system32\drivers\gasfkyhxhhylua.sys

==EOF==

OTL text:-
OTL logfile created on: 03/10/2009 08:56:57 - Run 1
OTL by OldTimer - Version 3.0.18.0 Folder = C:\Documents and Settings\Norman\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.29 Mb Total Physical Memory | 412.02 Mb Available Physical Memory | 40.26% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.03 Gb Total Space | 107.65 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 6.06 Gb Free Space | 75.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 74.52 Gb Total Space | 35.19 Gb Free Space | 47.22% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 35.19 Gb Free Space | 47.22% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NORMANXP
Current User Name: Norman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/08/17 07:58:26 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/04/06 17:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2001/12/07 12:45:58 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
PRC - [2007/01/05 03:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/17 07:58:40 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2006/07/12 13:19:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007/02/02 15:43:16 | 00,538,136 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/02 15:43:16 | 00,330,264 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe
PRC - [2006/07/10 19:53:08 | 00,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/06/15 08:43:20 | 00,049,152 | ---- | M] (HP) -- C:\Program Files\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2009/08/17 07:58:30 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/08/04 00:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/03/18 02:06:00 | 01,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/08 15:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
PRC - [2008/12/08 15:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/08/24 21:17:45 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/03 08:55:40 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norman\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/13 12:17:27 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])
SRV - [2009/08/17 07:58:26 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/01/11 18:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Disabled | Stopped])
SRV - [2005/04/06 17:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running])
SRV - [2001/12/07 12:45:58 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/04/28 15:14:53 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/01/05 03:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/04/14 18:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Stopped])
SRV - [2005/10/14 11:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/07/12 13:19:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/06/14 00:39:58 | 00,364,544 | ---- | M] (SoftThinks) -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA [Disabled | Stopped])
SRV - [2007/02/02 15:43:16 | 00,538,136 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher [Auto | Running])
SRV - [2007/12/19 09:11:41 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2006/04/14 18:05:58 | 00,240,416 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo.co.uk"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 17:52:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/06 10:11:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/23 17:38:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/24 07:56:11 | 00,000,000 | ---D | M]

[2009/09/23 17:38:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\mozilla\Extensions
[2009/09/23 17:38:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/02 15:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\mozilla\Firefox\Profiles\esffjylg.default\extensions
[2009/09/23 17:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\mozilla\Firefox\Profiles\esffjylg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/23 17:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\mozilla\Firefox\Profiles\esffjylg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/02 15:32:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/02/21 18:57:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/23 17:38:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/14 17:28:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/24 08:06:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/08/24 21:17:45 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 21:17:45 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 21:17:45 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/02/21 18:57:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/05/19 17:15:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/05/19 17:15:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/05/19 17:15:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/05/19 17:15:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/05/19 17:15:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/05/19 17:15:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/05/19 17:15:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/02/21 18:57:54 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/02/21 18:57:46 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/08/24 20:10:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 20:10:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 20:10:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 20:10:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 20:10:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (319915 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10971 more lines...
O2 - BHO: (mscorewr) - {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000} - C:\WINDOWS\System32\mscorewr.dll (Macrovision Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN helper) - {1D50F92D-B74D-434F-B14A-7A08E851ADFF} - C:\WINDOWS\System32\khg0.dll (Google Ltd)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (PremiereAdvertisingPlatform) - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll File not found
O2 - BHO: () - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (fruttinet) - {cc414268-9551-912e-6b8a-e0b2faf089a7} - C:\WINDOWS\System32\00407928-667d-e635-0368-9ee6caa0727a.dll File not found
O2 - BHO: (TBSB09835 Class) - {D97FC677-694D-4A75-AC89-A5B85C2BCFED} - C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Starware Screensavers Toolbar) - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Bullseye Tool Bar) - {6226BA26-C017-4007-928C-DE9715C6FA67} - C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Bullseye Tool Bar) - {6226BA26-C017-4007-928C-DE9715C6FA67} - C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} http://download.yaho...bt/yregucfg.cab (RegUserCfgUI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.50 194.62.44.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hendry2k.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/01 01:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute) - File not found
O34 - HKLM BootExecute: (settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/01 15:45:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/01 15:45:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Norman\Application Data\Malwarebytes
[2009/10/03 08:21:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/19 11:02:11 | 00,000,000 | ---D | C] -- C:\Program Files\Greatis
[2009/10/01 16:09:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/01 15:12:27 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/03 08:22:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/03 08:15:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/03 08:15:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/03 08:03:50 | 00,000,000 | ---D | C] -- C:\906301ac388c237a80
[2009/10/03 07:57:34 | 00,000,000 | ---D | C] -- C:\2c5b59320054670d038a46cac3
[2009/10/01 17:37:32 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Norman\Desktop\RootRepeal.exe
[2009/10/01 17:01:03 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Norman\Desktop\procexp.exe
[2009/10/01 15:44:04 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Norman\Desktop\mbam-setup.exe
[2009/10/01 14:21:55 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Norman\Desktop\spybotsd162.exe
[2009/09/24 14:07:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Norman\My Documents\Downloads
[2009/09/23 16:02:47 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2009/09/23 15:50:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2009/09/23 15:50:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/09/19 17:57:59 | 66,060,2880 | ---- | C] (SoftThinks) -- C:\Backup 09-19-09 095345.001.exe
[2009/09/19 11:07:59 | 00,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2009/09/19 11:03:27 | 00,035,040 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2009/09/19 11:03:27 | 00,034,760 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2009/09/19 11:02:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Norman\My Documents\RegRun2

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/03 08:21:44 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\NTREGOPT.lnk
[2009/10/03 08:21:44 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\ERUNT.lnk
[2009/10/03 08:15:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/03 08:14:03 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/03 08:13:39 | 00,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/10/03 08:13:39 | 00,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/10/03 08:13:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/03 08:13:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 08:13:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/10/03 08:13:16 | 10,730,74176 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/03 08:12:20 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/10/03 08:06:42 | 42,186,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/03 08:06:42 | 00,004,566 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/03 07:56:04 | 00,067,863 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2009/10/02 09:33:49 | 00,050,431 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\3-8NPT PORT.pdf
[2009/10/02 09:33:10 | 00,050,999 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\3-8BSP PORT.pdf
[2009/10/02 09:32:32 | 00,046,687 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\1-4NPT PORT1.pdf
[2009/10/02 03:30:00 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\ErrorSweeper Scheduled Scan.job
[2009/10/01 17:40:49 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\settings.dat
[2009/10/01 17:32:24 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal_1.sys
[2009/10/01 17:29:58 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\norman.sys
[2009/10/01 17:21:57 | 00,013,705 | ---- | M] () -- C:\WINDOWS\System32\mscomct2.dat
[2009/10/01 17:21:56 | 00,015,313 | ---- | M] () -- C:\WINDOWS\System32\ntrdectr.dat
[2009/10/01 17:01:09 | 03,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Norman\Desktop\procexp.exe
[2009/10/01 16:04:23 | 00,271,872 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\TFC.exe
[2009/10/01 15:44:16 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Norman\Desktop\mbam-setup.exe
[2009/10/01 14:22:04 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Norman\Desktop\spybotsd162.exe
[2009/10/01 12:05:59 | 00,003,739 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/01 11:37:16 | 00,032,026 | ---- | M] () -- C:\WINDOWS\System32\msrfcint.dat
[2009/10/01 09:28:15 | 00,401,408 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\MILLER.xls
[2009/10/01 08:46:34 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/29 15:13:39 | 00,764,416 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\NIROX.xls
[2009/09/28 12:04:51 | 00,196,271 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\paint.pdf
[2009/09/28 11:59:02 | 00,051,192 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\IMG.pdf
[2009/09/24 17:43:59 | 00,020,027 | ---- | M] () -- C:\WINDOWS\System32\pogb
[2009/09/24 17:43:54 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\lpomf.dll
[2009/09/24 17:43:52 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\xd.dat
[2009/09/24 17:43:52 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\q1.dat
[2009/09/24 17:43:52 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\jc.dat
[2009/09/24 17:43:52 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\idm.dat
[2009/09/24 17:43:52 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\c2d.dat
[2009/09/24 13:46:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[2009/09/24 12:13:47 | 00,027,938 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\D400516.pdf
[2009/09/23 12:24:05 | 00,031,948 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\D400530.pdf
[2009/09/23 08:19:41 | 00,000,895 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/09/23 08:19:32 | 00,000,059 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/09/23 08:19:13 | 00,000,685 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/23 08:19:12 | 00,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/09/22 11:16:48 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/22 09:26:28 | 00,021,970 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\Md60037R.pdf
[2009/09/22 09:19:16 | 00,405,504 | ---- | M] () -- C:\Documents and Settings\Norman\My Documents\Ratcliff2.xls
[2009/09/19 18:08:23 | 66,060,2880 | ---- | M] (SoftThinks) -- C:\Backup 09-19-09 095345.001.exe
[2009/09/19 18:08:23 | 14,768,0453 | ---- | M] () -- C:\Backup 09-19-09 095345.005.stc
[2009/09/19 18:07:34 | 66,060,2880 | ---- | M] () -- C:\Backup 09-19-09 095345.004.stc
[2009/09/19 18:05:27 | 66,060,2880 | ---- | M] () -- C:\Backup 09-19-09 095345.003.stc
[2009/09/19 18:02:32 | 66,060,2880 | ---- | M] () -- C:\Backup 09-19-09 095345.002.stc
[2009/09/19 17:57:59 | 00,001,112 | ---- | M] () -- C:\Backup 09-19-09 095345.bst
[2009/09/19 11:32:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/19 11:32:55 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/09/19 11:07:59 | 00,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2009/09/19 11:03:27 | 00,035,040 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2009/09/19 11:03:27 | 00,034,760 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2009/09/19 11:02:31 | 00,002,631 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2009/09/19 11:02:31 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/09/19 11:02:31 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat

========== Files - No Company Name ==========
[2009/10/03 08:21:44 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\NTREGOPT.lnk
[2009/10/03 08:21:44 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\ERUNT.lnk
[2009/10/03 08:15:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/02 08:44:01 | 00,046,687 | ---- | C] () -- C:\Documents and Settings\Norman\My Documents\1-4NPT PORT1.pdf
[2009/10/01 17:37:45 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\settings.dat
[2009/10/01 17:32:15 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal_1.sys
[2009/10/01 17:29:47 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\norman.sys
[2009/10/01 16:03:56 | 00,271,872 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\TFC.exe
[2009/10/01 15:51:49 | 10,730,74176 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/01 11:37:17 | 00,032,026 | ---- | C] () -- C:\WINDOWS\System32\msrfcint.dat
[2009/10/01 11:37:08 | 00,015,313 | ---- | C] () -- C:\WINDOWS\System32\ntrdectr.dat
[2009/10/01 11:36:59 | 00,013,705 | ---- | C] () -- C:\WINDOWS\System32\mscomct2.dat
[2009/09/28 12:04:50 | 00,196,271 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\paint.pdf
[2009/09/28 11:59:02 | 00,051,192 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\IMG.pdf
[2009/09/24 17:43:54 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\lpomf.dll
[2009/09/24 17:43:52 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\xd.dat
[2009/09/24 17:43:52 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\q1.dat
[2009/09/24 17:43:52 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\jc.dat
[2009/09/24 17:43:52 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\idm.dat
[2009/09/24 17:43:52 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\c2d.dat
[2009/09/24 14:00:59 | 00,020,027 | ---- | C] () -- C:\WINDOWS\System32\pogb
[2009/09/24 13:46:50 | 00,774,144 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2009/09/24 13:46:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/09/23 12:23:58 | 00,031,948 | ---- | C] () -- C:\Documents and Settings\Norman\My Documents\D400530.pdf
[2009/09/22 09:26:22 | 00,021,970 | ---- | C] () -- C:\Documents and Settings\Norman\My Documents\Md60037R.pdf
[2009/09/19 18:07:34 | 14,768,0453 | ---- | C] () -- C:\Backup 09-19-09 095345.005.stc
[2009/09/19 18:05:27 | 66,060,2880 | ---- | C] () -- C:\Backup 09-19-09 095345.004.stc
[2009/09/19 18:02:32 | 66,060,2880 | ---- | C] () -- C:\Backup 09-19-09 095345.003.stc
[2009/09/19 18:00:43 | 66,060,2880 | ---- | C] () -- C:\Backup 09-19-09 095345.002.stc
[2009/09/19 17:57:59 | 00,001,112 | ---- | C] () -- C:\Backup 09-19-09 095345.bst
[2009/09/19 11:02:31 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2008/04/01 08:18:24 | 03,702,618 | -H-- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\IconCache.db
[2008/02/06 11:42:44 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/06 09:26:20 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\fusioncache.dat
[2007/10/06 09:16:58 | 00,002,718 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/12 14:59:46 | 00,070,152 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/09/12 14:59:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Norman\Application Data\desktop.ini
[2006/04/25 11:19:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/01 15:45:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2007/08/22 05:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2009/01/14 17:08:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/02/07 17:30:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/02/05 09:02:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2008/11/03 11:33:44 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/12/09 09:31:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/06/02 10:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/02/07 18:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2008/03/29 12:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/02 10:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/03/26 11:41:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Starware316
[2009/09/15 15:58:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Norman\Application Data
[2009/01/30 17:54:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\ArcSoft
[2009/01/14 17:08:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Autodesk
[2008/02/07 17:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVS4YOU
[2008/05/17 08:46:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVSMedia
[2009/09/15 15:58:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\CADClick
[2008/06/26 08:09:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Canneverbe_Limited
[2008/12/09 09:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Canon
[2009/09/18 20:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\DealAssistant
[2007/12/19 09:12:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\EDrawings
[2007/12/17 16:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\ErrorSweeper
[2009/09/17 17:32:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\FrostWire
[2008/05/15 11:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\InterVideo
[2008/10/30 15:48:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Lasata
[2008/07/15 18:00:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\LimeWire
[2008/05/26 14:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\NCH Swift Sound
[2009/06/02 10:48:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Nokia
[2009/06/02 10:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\PC Suite
[2007/08/22 05:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\SampleView
[2008/03/26 11:41:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Starware316
[2008/08/06 12:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Windows Desktop Search
[2008/10/30 16:32:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Windows Search
[2006/02/28 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/02 03:30:00 | 00,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job
[2009/10/03 08:13:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/03 08:13:39 | 00,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/10/03 08:13:39 | 00,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/09/19 18:08:23 | 66,060,2880 | ---- | M] (SoftThinks) -- C:\Backup 09-19-09 095345.001.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/14 01:11:53 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll
< End of report >

OTL Extra :-
OTL Extras logfile created on: 03/10/2009 08:56:57 - Run 1
OTL by OldTimer - Version 3.0.18.0 Folder = C:\Documents and Settings\Norman\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.29 Mb Total Physical Memory | 412.02 Mb Available Physical Memory | 40.26% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.03 Gb Total Space | 107.65 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 6.06 Gb Free Space | 75.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 74.52 Gb Total Space | 35.19 Gb Free Space | 47.22% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 35.19 Gb Free Space | 47.22% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NORMANXP
Current User Name: Norman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found
"E:\setup\hppapd.exe" = E:\setup\hppapd.exe:*:Enabled:hppapd.exe -- File not found
"E:\setup\HPNTWKEXE.EXE" = E:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe -- File not found
"C:\WINDOWS\system32\dmremote.exe" = C:\WINDOWS\system32\dmremote.exe:*:Enabled:dmremote.exe -- (Microsoft Corp.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{071B0E72-3E3E-416B-B19A-48B97DDBF2EA}" = Install
"{09920506-86A3-4EB2-A022-8DD6D56FEC59}" = Autodesk Inventor 5.3
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}" = Volo View Express
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3EA85AFA-1664-497B-A571-8B26A5B72172}" = Mirar
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{41F8F89F-4638-4201-8072-D610F61506C9}" = SolidWorks eDrawings 2009
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{4F2A42E9-C0A7-4C56-92A8-6EC6CB7D815C}" = eDrawings 2008
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{633EC831-6345-4D3E-8BA0-9A8D030CC393}" = HP Performance Tuning Framework
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F4DD591-9000-0409-0000-7107D70F3DB4}" = Autodesk Inventor 9
"{808E5AB1-E98F-4362-AB10-B5B69CB2301C}" = HP Workstation User Guides
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{EDAE94B3-712E-4D9B-9772-BDB49DAF6BA1}" = Content Library
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Astro Gemini Screensaver Manager_is1" = Astro Gemini Screensaver Manager 1.2
"Astronomy 2005 Screensaver" = Astronomy 2005 Screensaver
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"AVG8Uninstall" = AVG Free 8.5
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"Canon iP3600 series User Registration" = Canon iP3600 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"GlobFX Space Travel" = GlobFX Space Travel
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"HPExtendedCapabilities" = HP Extended Capabilities 6.0
"IDAutomation.com Code 39 Free Font" = IDAutomation.com Code 39 Free Font
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{071B0E72-3E3E-416B-B19A-48B97DDBF2EA}" = XRL
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.8.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PDF Complete" = PDF Complete
"Pegasus Operations Client" = Pegasus Operations II Client
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"Solar System 3D Screensaver_is1" = Solar System 3D Screensaver 1.4
"SSSInstaller" = Screensavers Installer Version 3
"TBSB09835.TBSB09835Toolbar" = Bullseye Tool Bar
"VisualTool" = VisualTool
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winmail Reader_is1" = Winmail Reader 1.1.12
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DealAssistant" = DealAssistant
"Puzzle Pirates" = Puzzle Pirates

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/10/2009 12:48:35 | Computer Name = NORMANXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0013cce3.

Error - 01/10/2009 12:48:43 | Computer Name = NORMANXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0013cce3.

Error - 01/10/2009 13:10:52 | Computer Name = NORMANXP | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503.
The SQL Server service failed to start. For more information, see the SQL Server
Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting
SQL Server Manually." The error is (1053) The service did not respond to the start
or control request in a timely fashion. .

Error - 01/10/2009 13:11:03 | Computer Name = NORMANXP | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office 2007 Primary Interop Assemblies -- Please
install Microsoft Office 2007 before installing this product.

Error - 01/10/2009 13:11:03 | Computer Name = NORMANXP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office 2007 Primary Interop Assemblies - Update
'Security Update for Microsoft Office PowerPoint 2007 (KB951338)' could not be
installed. Error code 1603. Windows Installer can create logs to help troubleshoot
issues with installing software packages. Use the following link for instructions
on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 01/10/2009 22:01:53 | Computer Name = NORMANXP | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503.
The SQL Server service failed to start. For more information, see the SQL Server
Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting
SQL Server Manually." The error is (1053) The service did not respond to the start
or control request in a timely fashion. .

Error - 01/10/2009 22:02:03 | Computer Name = NORMANXP | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office 2007 Primary Interop Assemblies -- Please
install Microsoft Office 2007 before installing this product.

Error - 01/10/2009 22:02:03 | Computer Name = NORMANXP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office 2007 Primary Interop Assemblies - Update
'Security Update for Microsoft Office PowerPoint 2007 (KB951338)' could not be
installed. Error code 1603. Windows Installer can create logs to help troubleshoot
issues with installing software packages. Use the following link for instructions
on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 03/10/2009 03:09:40 | Computer Name = NORMANXP | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office 2007 Primary Interop Assemblies -- Please
install Microsoft Office 2007 before installing this product.

Error - 03/10/2009 03:09:40 | Computer Name = NORMANXP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office 2007 Primary Interop Assemblies - Update
'Security Update for Microsoft Office PowerPoint 2007 (KB951338)' could not be
installed. Error code 1603. Windows Installer can create logs to help troubleshoot
issues with installing software packages. Use the following link for instructions
on turning on logging support: http://go.microsoft....k/?LinkId=23127

[ System Events ]
Error - 03/10/2009 03:09:35 | Computer Name = NORMANXP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 03/10/2009 03:09:35 | Computer Name = NORMANXP | Source = Service Control Manager | ID = 7034
Description = The PDF Document Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 03/10/2009 03:09:35 | Computer Name = NORMANXP | Source = Service Control Manager | ID = 7034
Description = The AVG8 WatchDog service terminated unexpectedly. It has done this
1 time(s).

Error - 03/10/2009 03:09:36 | Computer Name = NORMANXP | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 03/10/2009 03:09:36 | Computer Name = NORMANXP | Source = Service Control Manager | ID = 7031
Description = The .NET Runtime Optimization Service v2.0.50727_X86 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 60000 milliseconds: Restart the service.

Error - 03/10/2009 03:10:05 | Computer Name = NORMANXP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3
(KB955706).

Error - 03/10/2009 03:10:05 | Computer Name = NORMANXP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB951338).

Error - 03/10/2009 03:14:41 | Computer Name = NORMANXP | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10022

Error - 03/10/2009 03:14:41 | Computer Name = NORMANXP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 03/10/2009 03:14:41 | Computer Name = NORMANXP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

< End of report >

#2
kahdah

Posted 04 October 2009 - 06:39 AM

GeekU Teacher

Retired Staff
15,822 posts

Hello norm21

Welcome to G2Go.

=====================
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#3
norm21

Posted 06 October 2009 - 01:28 AM

New Member

Topic Starter
Member
3 posts

Downloaded combofix as directed when i ran it, it informed me that avg was still running (which it wasn't) then went on to the command prompt screen with the flashing curser & did nothing. any suggestions?

#4
kahdah

Posted 06 October 2009 - 05:02 AM

GeekU Teacher

Retired Staff
15,822 posts

1. Please download The Avenger2 by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
gasfkydlmcytgk

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Files to delete:
C:\WINDOWS\System32\khg0.dll
C:\WINDOWS\System32\sdra64.exe
C:\WINDOWS\msdownld.tmp
C:\WINDOWS\System32\lowsec
C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS\win32k.sys
C:\WINDOWS\System32\lpomf.dll
C:\WINDOWS\System32\xd.dat
C:\WINDOWS\System32\q1.dat
C:\WINDOWS\System32\jc.dat
C:\WINDOWS\System32\idm.dat
C:\WINDOWS\System32\c2d.dat
C:\WINDOWS\system32\drivers\gasfkyhxhhylua.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.
========================

Then again try to run Combofix.
Post that log if you get one.

#5
norm21

Posted 09 October 2009 - 09:19 AM

New Member

Topic Starter
Member
3 posts

Thanks kahdah that seems to have solved my problems see below for logs

ComboFix 09-10-08.04 - Norman 09/10/2009 15:52.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.553 [GMT 1:00]
Running from: c:\documents and settings\Norman\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IEToolbar
c:\program files\VisualTool
c:\program files\VisualTool\pcre3.dll
c:\program files\VisualTool\uninstall.exe
c:\recycler\S-1-5-21-2058037477-2211138756-120267479-500
c:\windows\Installer\10fa1d.msp
c:\windows\Installer\118287.msp
c:\windows\Installer\145e513.msp
c:\windows\Installer\149fcd9.msp
c:\windows\Installer\168b464.msp
c:\windows\Installer\18ef95f.msp
c:\windows\Installer\1b8dd5f.msp
c:\windows\Installer\1d3002f.msp
c:\windows\Installer\1e465b8.msp
c:\windows\Installer\1e85644.msp
c:\windows\Installer\1e8934d.msp
c:\windows\Installer\1e8fbab.msp
c:\windows\Installer\1eb3511.msp
c:\windows\Installer\1ec09bb.msp
c:\windows\Installer\1ed0234.msp
c:\windows\Installer\1eda3ee.msp
c:\windows\Installer\1ee9bdb.msp
c:\windows\Installer\1eedc05.msp
c:\windows\Installer\1eedde9.msp
c:\windows\Installer\1eee910.msp
c:\windows\Installer\1ef3a5d.msp
c:\windows\Installer\1f03de7.msp
c:\windows\Installer\1f04ca8.msp
c:\windows\Installer\1f06149.msp
c:\windows\Installer\1f08972.msp
c:\windows\Installer\1f0df43.msp
c:\windows\Installer\1f0ea20.msp
c:\windows\Installer\1f11586.msp
c:\windows\Installer\1f11f0f.msp
c:\windows\Installer\1f1a969.msp
c:\windows\Installer\1f1eede.msp
c:\windows\Installer\1f253a7.msp
c:\windows\Installer\1f2b271.msp
c:\windows\Installer\1f3a3d6.msp
c:\windows\Installer\1f3d179.msp
c:\windows\Installer\1f80f6d.msp
c:\windows\Installer\2038d10.msp
c:\windows\Installer\20929f8.msp
c:\windows\Installer\21409a4.msp
c:\windows\Installer\214952b.msp
c:\windows\Installer\21710ba.msp
c:\windows\Installer\2191489.msp
c:\windows\Installer\219a6a7.msp
c:\windows\Installer\21b8be2.msp
c:\windows\Installer\21c8d93.msp
c:\windows\Installer\21d0596.msp
c:\windows\Installer\21d80ad.msp
c:\windows\Installer\21d88db.msp
c:\windows\Installer\21e3864.msp
c:\windows\Installer\21e5747.msp
c:\windows\Installer\21f0e47.msp
c:\windows\Installer\22126e6.msp
c:\windows\Installer\2226f30.msp
c:\windows\Installer\2229f39.msp
c:\windows\Installer\222d751.msp
c:\windows\Installer\2234b87.msp
c:\windows\Installer\2236d38.msp
c:\windows\Installer\2237ceb.msp
c:\windows\Installer\223840b.msp
c:\windows\Installer\2249c22.msp
c:\windows\Installer\2249e88.msp
c:\windows\Installer\224b2e7.msp
c:\windows\Installer\224bb43.msp
c:\windows\Installer\224c411.msp
c:\windows\Installer\224ca18.msp
c:\windows\Installer\224d4d6.msp
c:\windows\Installer\22519de.msp
c:\windows\Installer\2257608.msp
c:\windows\Installer\22579bd.msp
c:\windows\Installer\22585ad.msp
c:\windows\Installer\225b0fd.msp
c:\windows\Installer\225b519.msp
c:\windows\Installer\225bf17.msp
c:\windows\Installer\225eb38.msp
c:\windows\Installer\2262236.msp
c:\windows\Installer\2262841.msp
c:\windows\Installer\22649e2.msp
c:\windows\Installer\226652a.msp
c:\windows\Installer\22669af.msp
c:\windows\Installer\2267344.msp
c:\windows\Installer\226a62b.msp
c:\windows\Installer\226ca61.msp
c:\windows\Installer\226e42e.msp
c:\windows\Installer\2271eca.msp
c:\windows\Installer\22752b7.msp
c:\windows\Installer\2275b52.msp
c:\windows\Installer\22782ef.msp
c:\windows\Installer\227864a.msp
c:\windows\Installer\227900e.msp
c:\windows\Installer\2279274.msp
c:\windows\Installer\227a957.msp
c:\windows\Installer\227ab47.msp
c:\windows\Installer\227bb1a.msp
c:\windows\Installer\2281617.msp
c:\windows\Installer\2284604.msp
c:\windows\Installer\2285300.msp
c:\windows\Installer\228535e.msp
c:\windows\Installer\228abfe.msp
c:\windows\Installer\228c2a2.msp
c:\windows\Installer\2295d9a.msp
c:\windows\Installer\2298e9d.msp
c:\windows\Installer\229f798.msp
c:\windows\Installer\229fa86.msp
c:\windows\Installer\22a1c3b.msp
c:\windows\Installer\22bebe6.msp
c:\windows\Installer\22e3379.msp
c:\windows\Installer\22fc744.msp
c:\windows\Installer\288be.msp
c:\windows\Installer\2bd2777.msp
c:\windows\Installer\2e81f.msp
c:\windows\Installer\2efb5.msp
c:\windows\Installer\2f35a.msp
c:\windows\Installer\2f3e7.msp
c:\windows\Installer\30cb3.msp
c:\windows\Installer\311e3.msp
c:\windows\Installer\31e66.msp
c:\windows\Installer\322bc.msp
c:\windows\Installer\32c12.msp
c:\windows\Installer\32d1c.msp
c:\windows\Installer\32f3f.msp
c:\windows\Installer\337d6.msp
c:\windows\Installer\339451a.msp
c:\windows\Installer\33981f0.msp
c:\windows\Installer\33b57c.msp
c:\windows\Installer\341ad.msp
c:\windows\Installer\35209.msp
c:\windows\Installer\357c6.msp
c:\windows\Installer\37433.msp
c:\windows\Installer\37669.msp
c:\windows\Installer\37b4b.msp
c:\windows\Installer\38406.msp
c:\windows\Installer\3a8e3.msp
c:\windows\Installer\3b320.msp
c:\windows\Installer\3bbbb.msp
c:\windows\Installer\3c286.msp
c:\windows\Installer\3c37c.msp
c:\windows\Installer\3c3aa.msp
c:\windows\Installer\3cbf83.msp
c:\windows\Installer\3e2fa.msp
c:\windows\Installer\3ec03.msp
c:\windows\Installer\3f941.msp
c:\windows\Installer\3fa20.msp
c:\windows\Installer\3fe81.msp
c:\windows\Installer\407a9.msp
c:\windows\Installer\40d17.msp
c:\windows\Installer\415a7.msp
c:\windows\Installer\418e5fd.msp
c:\windows\Installer\4190f43.msp
c:\windows\Installer\445cb.msp
c:\windows\Installer\44ea5.msp
c:\windows\Installer\459ef.msp
c:\windows\Installer\46e13.msp
c:\windows\Installer\48516.msp
c:\windows\Installer\496e9.msp
c:\windows\Installer\4ad7e.msp
c:\windows\Installer\4b3b8.msp
c:\windows\Installer\4b609.msp
c:\windows\Installer\4d3b3.msp
c:\windows\Installer\4dab8.msp
c:\windows\Installer\5107e.msp
c:\windows\Installer\627ae2.msp
c:\windows\Installer\656c8.msp
c:\windows\Installer\6f23c4.msp
c:\windows\Installer\78d78.msp
c:\windows\Installer\7aa2f1.msp
c:\windows\Installer\7cec35.msp
c:\windows\Installer\7dff72.msp
c:\windows\Installer\809dc.msp
c:\windows\Installer\85fa011.msp
c:\windows\Installer\85fd4c8.msp
c:\windows\Installer\8c0c1.msp
c:\windows\Installer\8d56e7.msp
c:\windows\Installer\a0f4d1.msp
c:\windows\Installer\af042e.msp
c:\windows\Installer\ba399.msp
c:\windows\Installer\cb2d98.msp
c:\windows\Installer\ce9e1a.msp
c:\windows\Installer\d4cd18.msp
c:\windows\Installer\d72ddc.msp
c:\windows\Installer\d7b4e2.msp
c:\windows\Installer\d8acea.msp
c:\windows\Installer\d9d8a9.msp
c:\windows\Installer\d9f02c.msp
c:\windows\Installer\d9f349.msp
c:\windows\Installer\da54af.msp
c:\windows\Installer\da54f1.msp
c:\windows\Installer\db5a67.msp
c:\windows\Installer\dbd037.msp
c:\windows\Installer\dc1395.msp
c:\windows\Installer\dc439e.msp
c:\windows\Installer\dca7f5.msp
c:\windows\Installer\dd07a9.msp
c:\windows\Installer\de92a3.msp
c:\windows\Installer\fa6eab.msp
c:\windows\system32\drivers\gasfkyhxhhylua.sys
c:\windows\system32\gasfkycqekjctv.dat
c:\windows\system32\gasfkykalgrjxe.dat
c:\windows\system32\gasfkylemxbftp.dll
c:\windows\system32\gasfkylog.dat
c:\windows\system32\gasfkynackgssx.dll
c:\windows\system32\gasfkynxoriuya.dll
c:\windows\system32\gasfkyodxgysee.dat
c:\windows\system32\gasfkyrrvpqcno.dll
c:\windows\system32\gasfkytsiymapg.dll
c:\windows\system32\gasfkytugnpsal.dll
c:\windows\system32\gasfkywalxcalt.dat
c:\windows\system32\gasfkywsp.dll
c:\windows\system32\gasfkyxsxedprs.dll
c:\windows\system32\mscomct2.dat
c:\windows\system32\msrfcint.dat
c:\windows\system32\ntrdectr.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkydlmcytgk
-------\Legacy_SFC
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_gasfkydlmcytgk
-------\Service_sfc

((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.

2009-10-07 10:28 . 2009-10-07 10:28 -------- d-----w- c:\documents and settings\Norman\Application Data\SUPERAntiSpyware.com
2009-10-07 10:28 . 2009-10-07 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-07 10:28 . 2009-10-07 10:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-07 10:11 . 2009-10-07 10:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-07 09:27 . 2004-08-03 21:31 32768 ----a-w- c:\windows\system32\drivers\sisnic.sys
2009-10-07 09:27 . 2004-08-03 21:31 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2009-10-03 07:21 . 2009-10-03 07:21 -------- d-----w- c:\program files\ERUNT
2009-10-03 07:15 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 07:15 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 07:03 . 2009-10-03 07:03 -------- d-----w- C:\906301ac388c237a80
2009-10-03 06:57 . 2009-10-03 07:09 -------- d-----w- C:\2c5b59320054670d038a46cac3
2009-10-01 16:32 . 2009-10-01 16:32 34816 ----a-w- c:\windows\system32\drivers\rootrepeal_1.sys
2009-10-01 16:29 . 2009-10-01 16:29 34816 ----a-w- c:\windows\system32\drivers\norman.sys
2009-10-01 15:09 . 2009-10-07 10:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 14:45 . 2009-10-01 14:45 -------- d-----w- c:\documents and settings\Norman\Application Data\Malwarebytes
2009-10-01 14:45 . 2009-10-01 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-01 14:12 . 2009-10-01 14:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-01 12:32 . 2009-10-01 12:32 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-01 12:32 . 2009-10-01 12:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-09-24 12:46 . 2008-02-28 13:26 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2009-09-23 14:50 . 2009-09-24 12:49 -------- dc----w- c:\windows\ie8
2009-09-23 14:50 . 2009-09-23 14:52 -------- d--h--w- c:\windows\msdownld.tmp
2009-09-19 16:57 . 2009-09-19 17:08 660602880 ----a-w- C:\Backup 09-19-09 095345.001.exe
2009-09-19 10:36 . 2009-09-19 10:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-09-19 10:36 . 2009-09-19 10:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-09-19 10:36 . 2009-09-19 10:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-09-19 10:36 . 2009-09-19 10:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\HP
2009-09-19 10:07 . 2009-09-19 10:07 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-09-19 10:03 . 2009-09-19 10:03 35040 ----a-w- c:\windows\system32\Partizan.exe
2009-09-19 10:03 . 2009-09-19 10:03 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-09-19 10:02 . 2009-09-19 10:02 2 --shatr- c:\windows\winstart.bat
2009-09-19 10:02 . 2009-09-19 10:02 -------- d-----w- c:\program files\Greatis
2009-09-19 09:27 . 2009-09-19 09:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-18 23:29 . 2009-09-18 23:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-17 16:44 . 2009-09-17 16:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-15 16:01 . 2009-09-15 16:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-15 14:58 . 2009-09-15 14:58 -------- d-----w- c:\documents and settings\Norman\Application Data\CADClick
2009-09-14 15:05 . 2009-09-14 15:05 -------- d-----w- c:\windows\system32\custom matrices
2009-09-14 15:05 . 2009-09-14 15:05 -------- d-----w- c:\windows\system32\C2MP
2009-09-14 15:05 . 2009-09-14 15:05 -------- d-----w- c:\windows\system32\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 14:58 . 2008-05-17 07:34 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-09 09:37 . 2007-09-13 10:49 -------- d-----w- c:\documents and settings\Norman\Application Data\AdobeUM
2009-10-07 16:37 . 2008-05-19 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-02 02:01 . 2007-08-22 04:23 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-01 14:23 . 2008-03-26 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-24 12:47 . 2008-06-26 10:01 -------- d-----w- c:\program files\Common Files\Nero
2009-09-24 12:47 . 2008-06-26 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-09-17 16:45 . 2008-06-24 09:46 -------- d-----w- c:\program files\DivX
2009-09-17 16:32 . 2008-05-14 16:29 -------- d-----w- c:\documents and settings\Norman\Application Data\FrostWire
2009-09-11 06:56 . 2009-02-12 17:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 08:18 . 2009-09-04 08:17 -------- d-----w- c:\documents and settings\Norman\Application Data\HpUpdate
2009-09-04 08:18 . 2007-08-22 04:13 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-04 08:17 . 2007-08-22 04:12 -------- d-----w- c:\program files\HP
2009-08-27 19:04 . 2009-08-27 19:04 557003 ----a-w- c:\windows\system32\libmplayer.dll
2009-08-27 19:04 . 2009-08-27 19:04 811835 ----a-w- c:\windows\system32\ff_x264.dll
2009-08-27 19:03 . 2009-08-27 19:03 4456201 ----a-w- c:\windows\system32\libavcodec.dll
2009-08-25 18:07 . 2009-08-25 18:07 328334 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-08-25 17:38 . 2009-08-25 17:38 425040 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-08-25 16:56 . 2009-08-25 16:56 829781 ----a-w- c:\windows\system32\xvidcore.dll
2009-08-25 16:43 . 2009-08-25 16:43 -------- d-----w- c:\program files\DoremiSoft
2009-08-25 16:37 . 2009-08-25 16:37 146098 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-08-21 13:33 . 2007-09-13 10:24 -------- d-----w- c:\program files\ACAD2000
2009-08-17 14:58 . 2009-08-17 14:31 191488 ----a-w- c:\windows\system32\hlvdd.dll
2009-08-17 14:23 . 2009-08-17 14:23 -------- d-----w- c:\program files\Common Files\Aladdin Shared
2009-08-15 10:49 . 2007-08-22 03:52 -------- d-----w- c:\program files\Java
2009-08-15 09:42 . 2007-08-22 04:23 115480 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 20:21 . 2009-08-11 20:21 87552 ----a-w- c:\windows\system32\ac3config.exe
2009-08-05 09:01 . 2006-02-28 02:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 04:23 . 2008-12-06 09:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 08:07 . 2009-07-20 08:07 131 ----a-w- c:\documents and settings\purchase\Local Settings\Application Data\fusioncache.dat
2009-07-17 19:01 . 2006-02-28 02:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-13 22:43 . 2006-02-28 02:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\7d931fad-8dbd-42cd-aa4d-6e02a174815e.exe" [2009-09-18 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-02-02 330264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"ToolBoxFX"="c:\program files\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-12 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-7-16 626176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Norman^Start Menu^Programs^Startup^runit_32.lnk]
path=c:\documents and settings\Norman\Start Menu\Programs\Startup\runit_32.lnk
backup=c:\windows\pss\runit_32.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PCA"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"gusvc"=3 (0x3)
"Findbasic Service"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [07/10/2009 11:28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [07/10/2009 11:28 74480]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [22/08/2007 05:13 538136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [07/10/2009 11:28 7408]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [14/04/2006 18:07 28933976]
S3 norman;norman;c:\windows\system32\drivers\norman.sys [01/10/2009 17:29 34816]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [19/09/2009 11:03 34760]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [19/09/2009 11:07 24416]
S3 rootrepeal_1;rootrepeal_1;c:\windows\system32\drivers\rootrepeal_1.sys [01/10/2009 17:32 34816]
S4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 18:50 30312]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Norman\Application Data\Mozilla\Firefox\Profiles\esffjylg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3EA85AFA-1664-497B-A571-8B26A5B72172} - (no file)
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
Notify-avgrsstarter - avgrsstx.dll
AddRemove-Astronomy 2005 Screensaver - c:\program files\Edible Entertainment
AddRemove-IDAutomation.com - c:\program files\IDAutomation.com
AddRemove-VisualTool - c:\program files\VisualTool\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 16:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,2e,ac,f1,67,10,f0,42,b9,dd,b2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,2e,ac,f1,67,10,f0,42,b9,dd,b2,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\kerberos.dll

- - - - - - - > 'explorer.exe'(2672)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\drivers\CDANTSRV.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-10-09 16:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-09 15:04

Pre-Run: 115,169,341,440 bytes free
Post-Run: 115,203,948,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

475 --- E O F --- 2009-10-09 15:02

#6
kahdah

Posted 09 October 2009 - 11:49 AM

GeekU Teacher

Retired Staff
15,822 posts

No problem did AVenger seem to run?

First: Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

Click on the update tab then click on Check for updates.
If an update is found, it will download and install the latest version.
Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Second: Online Scanner
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.