Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rogue.WindowsPolicePro & Malware.Installer-Pkg/Gen


  • Please log in to reply

#1
learning_to_fly

learning_to_fly

    New Member

  • Member
  • Pip
  • 1 posts
As far as my untrained eye can see, most of the problems associated w/this are gone. I noticed about 24-48 hrs ago that I was getting messages such as "The website (webpage?) wants to install (don't recall if they named a specific one) Active X.... while surfing on "Trusted" & "Untrusted" sites, which immediately alerted me that there WAS a problem, Houston (TEE-HEE). I ran my AV (AVG 8 free) detected nothing. I un-installed AVG & downloaded & ran Avira AV free...NADA. After some research on the web, I dl'd SuperAnti Spyware and ran a Quickscan,(should I have run a more thorough scan?) and it detected the following "Baddies":

Rogue.WindowsPolicePro

HKU\.DEFAULT\Software\Windows Police Pro
HKU\S-1-5-18\Software\Windows Police Pro

Malware.Installer-Pkg/Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE

I ran an HJT scan & in the ensuing log these entries look suspicious to even this computer Posted Image:

c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe

In control panel Add/Remove the FIRST program listed was Adobe AIR...

[email protected]??? Sez I!



I thought this didn't belong, and tried to delete it w/ Add/Remove, Revo Uninstaller, CCleaner & another program, can't recall which...each time it would just HANG, and nothing would happen. I tried to manually delete it (Adobe AIR Updater.exe) manually, no dice. Finally, I remembered MBAM's File Assassin Tool...used it & it was gone after reboot & in the ensuing HJT scan log.

Something is still lurking though, because I received the "Website(page?) wants to install ActiveX...while reading my Yahoo! e-mail....That's NOT GOOD.

Please advise what I should do, and thanks in advance for your help, while I realize you guys are INUNDATED w/ requests like these, I will patiently await your expert $ most appreciated advice, and will make no further changes, save for important Windows Updates.

Here are the logs you request in your instructions for posting a topic here:

NOTE: I ran SASW before MBAM, which detected & quarantined the bad stuff, so MBAM scan after produced no malicious items. I am therefore posting the SASW log in place of MBAM, I hope that's ok.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/06/2009 at 00:50 AM

Application Version : 4.29.1002

Core Rules Database Version : 4147
Trace Rules Database Version: 2077

Scan type : Quick Scan
Total Scan Time : 00:59:59

Memory items scanned : 381
Memory threats detected : 0
Registry items scanned : 443
Registry threats detected : 2
File items scanned : 10883
File threats detected : 27

Adware.Tracking Cookie
(I removed the Tracking Cookies it found from this log)

Rogue.WindowsPolicePro
HKU\.DEFAULT\Software\Windows Police Pro
HKU\S-1-5-18\Software\Windows Police Pro

Malware.Installer-Pkg/Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE

Root Repeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/06 09:50
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA7E65000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A68000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF6ECC000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf8b5d06e

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf8b5d064

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf8b5d073

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf8b5d07d

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf8b5d082

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf8b5d050

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf8b5d055

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf8b5d08c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf8b5d087

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf8b5d078

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf8b5d05f

==EOF==

OTL Logs:

OTL logfile created on: 10/6/2009 10:02:23 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 280.00 Mb Available Physical Memory | 55.63% Memory free
1.20 Gb Paging File | 0.99 Gb Available in Paging File | 82.24% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.83 Gb Total Space | 22.04 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINCOMP
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 12:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/05 00:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2004/03/05 00:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2009/10/06 09:43:28 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [Auto | Stopped])
SRV - File not found -- -- (avg8wd [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2004/03/05 00:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/06/29 12:12:34 | 00,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Stopped])
SRV - [2006/11/01 20:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/03 22:46:08 | 00,000,000 | ---D | M]


O1 HOSTS File: (329176 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11300 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/03 02:32:18 | 00,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/03 03:41:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/10/05 16:41:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/10/05 04:34:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/10/03 05:01:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/10/04 15:39:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/10/05 06:54:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/10/03 03:28:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\AVG8
[2009/10/03 07:20:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Blitware
[2009/10/03 05:01:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Innovative Solutions
[2009/10/05 15:18:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/10/05 17:18:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/03 14:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\ACW
[2009/10/05 09:59:22 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/10/05 15:17:07 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/05 16:41:05 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/10/05 03:33:39 | 00,000,000 | ---D | C] -- C:\Program Files\CA Yahoo! Anti-Spy
[2009/10/06 03:42:22 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/10/04 04:16:11 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/10/06 09:24:25 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/04 15:49:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Calculator Plus
[2009/10/03 08:00:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/04 18:18:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/10/03 17:55:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/03 08:50:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/10/06 00:51:22 | 00,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2009/10/03 17:54:14 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/04 14:58:07 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
[2009/10/05 15:12:16 | 00,000,000 | ---D | C] -- C:\Program Files\Sonic
[2009/10/03 09:04:41 | 00,000,000 | ---D | C] -- C:\Program Files\Sonic(2)
[2009/10/05 02:53:13 | 00,000,000 | ---D | C] -- C:\Program Files\Sonic(3)
[2009/10/05 09:17:34 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/10/05 17:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/04 10:05:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/10/06 09:43:20 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2009/10/06 09:34:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\Logs for 10-06 Infection
[2009/10/06 04:48:53 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Nick\Desktop\RootRepeal.exe
[2009/10/05 16:41:42 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/10/05 16:41:42 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/10/05 16:41:42 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/10/05 16:41:37 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/10/05 15:17:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/04 18:00:27 | 00,000,000 | ---D | C] -- C:\CompChecker
[2009/10/04 15:59:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/10/04 10:05:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/04 10:02:16 | 00,033,664 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2009/10/04 10:02:11 | 00,069,632 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2009/10/04 10:01:56 | 02,129,920 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2009/10/03 20:37:52 | 00,000,000 | ---D | C] -- C:\704b402f06b2fdcf60
[2009/10/03 19:28:10 | 00,000,000 | ---D | C] -- C:\12247a022bbc64db5a49de
[2009/10/03 17:55:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/03 17:49:01 | 00,000,000 | ---D | C] -- C:\b41ce4753af1ad03da50fe9e17
[2009/10/03 17:35:58 | 00,000,000 | ---D | C] -- C:\bfa107d40d6435033c370a5eb7549a9c
[2009/10/03 17:25:50 | 00,000,000 | ---D | C] -- C:\659579abfa336cf57203a3d640c7
[2009/10/03 03:43:57 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/03 03:43:44 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/03 02:27:50 | 00,000,000 | ---D | C] -- C:\AutoRuns
[2009/10/02 23:36:12 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2009/10/02 23:36:11 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2009/10/02 23:36:10 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2009/10/02 23:36:08 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2009/10/02 23:36:07 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2009/10/02 23:36:05 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2009/10/02 23:36:04 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2009/10/02 23:36:01 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2009/10/02 23:35:49 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2009/10/02 23:35:47 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2009/10/02 23:35:15 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2009/10/02 23:34:56 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2009/10/02 23:34:40 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2009/10/02 23:34:39 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2009/10/02 23:34:38 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2009/10/02 23:34:38 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2009/10/02 23:34:36 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2009/10/02 23:34:24 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2009/10/02 23:34:23 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2009/10/02 23:34:22 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2009/10/02 23:34:21 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2009/10/02 23:34:15 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2009/10/02 23:34:07 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2009/10/02 23:34:06 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/10/02 23:33:13 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2009/10/02 23:33:12 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2009/10/02 23:33:12 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2009/10/02 23:33:11 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2009/10/02 23:33:10 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2009/10/02 23:33:09 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2009/10/02 23:33:08 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2009/10/02 23:33:07 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2009/10/02 23:33:03 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2009/10/02 23:33:02 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2009/10/02 23:33:01 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2009/10/02 23:32:59 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2009/10/02 23:32:58 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2009/10/02 23:32:57 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2009/10/02 23:32:57 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2009/10/02 23:32:56 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2009/10/02 23:32:54 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2009/10/02 23:32:54 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2009/10/02 23:32:46 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2009/10/02 23:32:40 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2009/10/02 23:32:40 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2009/10/02 23:32:38 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2009/10/02 23:32:38 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2009/10/02 23:32:37 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2009/10/02 23:32:36 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2009/10/02 23:32:35 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2009/10/02 23:31:32 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2009/10/02 23:31:30 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2009/10/02 23:31:23 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2009/10/02 23:30:51 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2009/10/02 23:30:50 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2009/10/02 23:30:49 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2009/10/02 23:30:49 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2009/10/02 23:30:48 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2009/10/02 23:30:47 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2009/10/02 23:30:43 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2009/10/02 23:30:41 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2009/10/02 23:30:36 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2009/10/02 23:30:36 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2009/10/02 23:30:31 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2009/10/02 23:30:31 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2009/10/02 23:30:29 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys

========== Files - Modified Within 14 Days ==========

[2009/10/06 10:00:28 | 00,000,576 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/10/06 09:46:47 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\settings.dat
[2009/10/06 09:46:11 | 00,003,196 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\CCleaner delete TFC ERUNT SYS RESTORE ETC..reg
[2009/10/06 09:43:28 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2009/10/06 08:04:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/06 08:01:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/06 08:01:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/06 07:58:28 | 07,492,370 | -H-- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\IconCache.db
[2009/10/06 07:16:38 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/06 04:49:01 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Nick\Desktop\RootRepeal.exe
[2009/10/06 03:24:28 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2263ABD1-4922-4BB9-86DC-0DC6E7157E75}.job
[2009/10/05 16:42:32 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/10/05 16:04:32 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\CCleaner.lnk
[2009/10/05 10:00:51 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/05 07:17:11 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/10/05 06:38:58 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/10/05 00:31:06 | 00,477,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/05 00:31:06 | 00,088,204 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/05 00:01:30 | 00,021,576 | ---- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/04 10:05:51 | 00,597,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/04 09:04:23 | 00,000,803 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/04 09:04:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/04 04:16:13 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Defraggler.lnk
[2009/10/04 03:11:55 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/03 23:01:57 | 00,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/03 16:06:59 | 00,000,252 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Google.url
[2009/10/03 03:43:57 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/03 03:43:44 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

========== Files - No Company Name ==========
[2009/10/06 09:46:47 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\settings.dat
[2009/10/06 09:46:07 | 00,003,196 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\CCleaner delete TFC ERUNT SYS RESTORE ETC..reg
[2009/10/05 17:21:33 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/05 16:42:32 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/10/05 04:59:05 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/10/04 10:02:12 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/04 10:01:55 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/04 04:16:13 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Defraggler.lnk
[2009/10/03 22:24:23 | 01,089,601 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/10/03 16:06:59 | 00,000,252 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Google.url
[2009/10/03 07:20:16 | 00,000,454 | ---- | C] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/10/03 05:45:52 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2009/10/02 23:34:53 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/10/02 23:33:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/10/02 23:33:47 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/10/02 23:33:47 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/10/02 23:33:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/10/02 23:33:44 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/10/02 23:33:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/10/02 23:33:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/10/02 23:33:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/10/02 23:33:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/10/02 23:33:40 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/10/02 23:33:40 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/10/02 23:33:39 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/10/02 23:33:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/10/02 23:33:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/10/02 23:33:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/10/02 23:33:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/10/02 23:33:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/10/02 23:33:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/10/02 23:33:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/10/02 23:33:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/10/02 23:33:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/10/02 23:33:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/10/02 23:33:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/10/02 23:33:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/10/02 23:33:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/10/02 23:33:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/10/02 23:33:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/10/02 23:33:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/10/02 23:33:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/10/02 23:33:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/10/02 23:33:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/10/02 23:33:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/10/02 23:33:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/10/02 23:33:30 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/10/02 23:33:30 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/10/02 23:33:30 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/10/02 23:33:29 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/10/02 23:33:29 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/10/02 23:33:28 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/10/02 23:33:28 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/10/02 23:33:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/10/02 23:33:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/10/02 23:33:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/10/02 23:33:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/10/02 23:33:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/10/02 23:33:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/10/02 23:33:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/10/02 23:33:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/10/02 23:33:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/10/02 23:33:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/10/02 23:33:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/10/02 23:33:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/10/02 23:33:21 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/10/02 23:33:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/10/02 23:33:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/10/02 23:33:20 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/10/02 23:33:20 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/10/02 23:33:20 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/10/02 23:32:53 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/10/02 23:32:49 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/10/02 23:32:14 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2009/10/02 23:32:14 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2009/10/02 23:32:12 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2009/10/02 23:32:09 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2009/10/02 23:32:08 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2009/10/02 23:32:07 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2009/10/02 23:32:06 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2009/10/02 23:32:06 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2009/10/02 23:32:04 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2009/10/02 23:31:47 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2006/01/18 22:13:52 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/18 21:31:17 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\PFP120JPR.{PB
[2006/01/18 21:31:17 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\PFP120JCM.{PB
[2006/01/04 13:27:26 | 00,021,576 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/01/04 13:27:20 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\fusioncache.dat
[2005/12/26 17:49:28 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Nick\Application Data\desktop.ini
[2005/12/26 17:49:27 | 07,492,370 | -H-- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\IconCache.db
[2005/11/23 20:11:28 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2004/08/10 14:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/06 04:09:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/05 15:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/07/12 15:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
[2009/10/03 05:01:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2005/11/23 20:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/09/02 13:27:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006/07/10 21:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2009/10/06 01:18:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2007/02/22 01:16:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2004/08/10 15:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/10/05 12:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/01/20 16:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/09/14 22:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/27 00:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/05 22:48:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data
[2006/05/07 18:33:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\acccore
[2009/10/03 07:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Blitware
[2009/09/09 07:56:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/04/02 16:16:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Corel
[2006/01/05 18:07:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Corel Photo Album
[2006/01/12 19:35:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\CyberLink
[2006/01/06 09:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\EarthLink Toolbar
[2009/07/16 20:19:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\FlashgetSetup
[2009/08/31 00:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\IObit
[2006/01/12 17:32:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Leadertech
[2009/08/29 17:12:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Logs
[2006/06/30 18:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\MSNInstaller
[2007/02/22 00:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Sereniti
[2007/02/27 18:25:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\WildTangent
[2009/09/07 23:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\wsInspector
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/05 06:38:58 | 00,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2009/10/06 08:01:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/06 03:24:28 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2263ABD1-4922-4BB9-86DC-0DC6E7157E75}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Nick\My Documents\desktop.ini:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
< End of report >

OTL Extras logfile created on: 10/6/2009 10:02:23 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 280.00 Mb Available Physical Memory | 55.63% Memory free
1.20 Gb Paging File | 0.99 Gb Available in Paging File | 82.24% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.83 Gb Total Space | 22.04 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINCOMP
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{BE8913B7-B2C4-48BE-8A26-84390FF4F231}" = DMX Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Defraggler" = Defraggler
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dell Photo Printer 720" = Dell Photo Printer 720
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PROSet" = Intel® PRO Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.83
"Secunia PSI" = Secunia PSI
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Support.com" = ComcastSUPPORT
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/5/2009 3:31:00 PM | Computer Name = MAINCOMP | Source = ESENT | ID = 623
Description = Catalog Database (1292) The version store for this instance (0) has
reached its maximum size of 16Mb. It is likely that a long-running transaction
is preventing cleanup of the version store and causing it to build up in size. Updates
will be rejected until the long-running transaction has been completely committed
or rolled back. Possible long-running transaction: SessionId: 0x054803C0 Session-context:
0x00000000 Session-context ThreadId: 0x0000074C

Error - 10/5/2009 3:31:00 PM | Computer Name = MAINCOMP | Source = ESENT | ID = 623
Description = Catalog Database (1292) The version store for this instance (0) has
reached its maximum size of 16Mb. It is likely that a long-running transaction
is preventing cleanup of the version store and causing it to build up in size. Updates
will be rejected until the long-running transaction has been completely committed
or rolled back. Possible long-running transaction: SessionId: 0x054803C0 Session-context:
0x00000000 Session-context ThreadId: 0x0000074C

Error - 10/5/2009 3:31:00 PM | Computer Name = MAINCOMP | Source = ESENT | ID = 623
Description = Catalog Database (1292) The version store for this instance (0) has
reached its maximum size of 16Mb. It is likely that a long-running transaction
is preventing cleanup of the version store and causing it to build up in size. Updates
will be rejected until the long-running transaction has been completely committed
or rolled back. Possible long-running transaction: SessionId: 0x05480460 Session-context:
0x00000000 Session-context ThreadId: 0x000007C8

Error - 10/5/2009 3:31:00 PM | Computer Name = MAINCOMP | Source = ESENT | ID = 623
Description = Catalog Database (1292) The version store for this instance (0) has
reached its maximum size of 16Mb. It is likely that a long-running transaction
is preventing cleanup of the version store and causing it to build up in size. Updates
will be rejected until the long-running transaction has been completely committed
or rolled back. Possible long-running transaction: SessionId: 0x05480460 Session-context:
0x00000000 Session-context ThreadId: 0x00000160

Error - 10/5/2009 3:31:00 PM | Computer Name = MAINCOMP | Source = ESENT | ID = 623
Description = Catalog Database (1292) The version store for this instance (0) has
reached its maximum size of 16Mb. It is likely that a long-running transaction
is preventing cleanup of the version store and causing it to build up in size. Updates
will be rejected until the long-running transaction has been completely committed
or rolled back. Possible long-running transaction: SessionId: 0x054803C0 Session-context:
0x00000000 Session-context ThreadId: 0x000007C8

Error - 10/5/2009 3:31:00 PM | Computer Name = MAINCOMP | Source = ESENT | ID = 623
Description = Catalog Database (1292) The version store for this instance (0) has
reached its maximum size of 16Mb. It is likely that a long-running transaction
is preventing cleanup of the version store and causing it to build up in size. Updates
will be rejected until the long-running transaction has been completely committed
or rolled back. Possible long-running transaction: SessionId: 0x054803C0 Session-context:
0x00000000 Session-context ThreadId: 0x00000160

Error - 10/5/2009 3:31:00 PM | Computer Name = MAINCOMP | Source = ESENT | ID = 623
Description = Catalog Database (1292) The version store for this instance (0) has
reached its maximum size of 16Mb. It is likely that a long-running transaction
is preventing cleanup of the version store and causing it to build up in size. Updates
will be rejected until the long-running transaction has been completely committed
or rolled back. Possible long-running transaction: SessionId: 0x054803C0 Session-context:
0x00000000 Session-context ThreadId: 0x0000074C

Error - 10/5/2009 3:31:00 PM | Computer Name = MAINCOMP | Source = ESENT | ID = 623
Description = Catalog Database (1292) The version store for this instance (0) has
reached its maximum size of 16Mb. It is likely that a long-running transaction
is preventing cleanup of the version store and causing it to build up in size. Updates
will be rejected until the long-running transaction has been completely committed
or rolled back. Possible long-running transaction: SessionId: 0x054803C0 Session-context:
0x00000000 Session-context ThreadId: 0x000007C8

Error - 10/6/2009 3:55:18 AM | Computer Name = MAINCOMP | Source = MsiInstaller | ID = 11706
Description = Product: Sonic DLA -- Error 1706. An installation package for the
product Sonic DLA cannot be found. Try the installation again using a valid copy
of the installation package 'DLA.MSI'.

Error - 10/6/2009 3:55:53 AM | Computer Name = MAINCOMP | Source = MsiInstaller | ID = 11706
Description = Product: Sonic DLA -- Error 1706. An installation package for the
product Sonic DLA cannot be found. Try the installation again using a valid copy
of the installation package 'DLA.MSI'.

[ System Events ]
Error - 10/6/2009 4:26:53 AM | Computer Name = MAINCOMP | Source = Service Control Manager | ID = 7000
Description = The AVG Free8 WatchDog service failed to start due to the following
error: %%3

Error - 10/6/2009 4:28:07 AM | Computer Name = MAINCOMP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 10/6/2009 8:01:51 AM | Computer Name = MAINCOMP | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 10/6/2009 8:01:51 AM | Computer Name = MAINCOMP | Source = Service Control Manager | ID = 7000
Description = The AVG Free8 WatchDog service failed to start due to the following
error: %%3

Error - 10/6/2009 8:03:00 AM | Computer Name = MAINCOMP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 10/6/2009 9:03:44 AM | Computer Name = MAINCOMP | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/6/2009 9:03:45 AM | Computer Name = MAINCOMP | Source = Service Control Manager | ID = 7034
Description = The LexBce Server service terminated unexpectedly. It has done this
1 time(s).

Error - 10/6/2009 9:03:45 AM | Computer Name = MAINCOMP | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 10/6/2009 9:03:45 AM | Computer Name = MAINCOMP | Source = Service Control Manager | ID = 7034
Description = The ASP.NET State Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/6/2009 9:14:22 AM | Computer Name = MAINCOMP | Source = Print | ID = 6161
Description = The document TFC Log 10-06-09.txt - Notepad owned by Nick failed to
print on printer Dell Photo Printer 720. Data type: LEMF. Size of the spool file
in bytes: 535232. Number of bytes printed: 535232. Total number of pages in the
document: 2. Number of pages printed: 0. Client machine: \\MAINCOMP. Win32 error
code returned by the print processor: 126 (0x7e).


< End of report >

EDIT TO ADD: In the instructions for Root Repeal, it states:

7. In the next dialog, select all drives showing
Click OK to start the scan"


No such dialog opened. Did I misread the instructions?

Also when first installing Root Repeal, I received this error message:

Error-invalid PE image found!


I pressed OK RR ran & installed normally. (I Hope!)

2nd ETA: Strange....I just tried to view a video on YouTube and got this warning:

Hello, you either have JavaScript turned off or an old version of Adobe's Flash Player. Get the latest Flash player.


I scanned my system w/ Secunia PSI, it says the same thing!:

Program Overview (Right Now)

Cannot display graph as Adobe Flash Player does not appear to be installed in (IE) on your computer or... (older version inst.)...Install Flash for Internet Explorer


...but yet it's RIGHT THERE in Control Panel Add/Remove... Adobe Flash Player Plug-in

What should I do?

E.E.E.To Add: Fixed the Flash Player...Turns out that when I updated my drivers a couple weeks ago (Java, Reader, Flash, etc) I must've un-installed all previous versions and installed not the newest version of Flash 10, but the Plug-in "fix" for it. Posted Image: Could this be the problem that led to the malware being installed? That Adobe AIR thing that I mentioned, what is it exactly? An update scheduler? A download manager??? How did I get it to begin with, when I don't recall doing it myself???

I also un-installed Adobe Reader 9 Posted Image & installed Foxit Reader, a much smaller & less intrusive and IMO better PDF reader--this will change the logs I previously posted, (Sorry, I couldn't help myself)

To the Mods: Please close this topic as I have made MANY changes to this machine, ie, updated to XP SP-3 (FINALLY!!), installed 3rd Party Firewall, ran some "stuff" without any instruction from an expert (ComboFix)....

Edited by learning_to_fly, 07 October 2009 - 10:09 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP