Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google and RUNDLL problem


  • Please log in to reply

#1
bgm_co

bgm_co

    Member

  • Member
  • PipPip
  • 46 posts
Right I have managed to get rid of the RUNDLL error ecrm.goo

But I'm still getting redirected from google on search results...

Here are the reports

Attached Files


  • 0

Advertisements


#2
bgm_co

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
ComboFix txt..


ComboFix 10-01-31.05 - BERNIE 01/02/2010 16:06:37.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1918.1387 [GMT 0:00]
Running from: c:\documents and settings\BERNIE\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log
c:\windows\system32\drivers\1bd2bb5b.sys
c:\windows\system32\drivers\a49bfc7e.sys
c:\windows\system32\drivers\kbiwkmlhhlxjkd.sys
c:\windows\system32\drivers\UACdjbimpiflm.sys
c:\windows\system32\kbiwkmairkptxu.dll
c:\windows\system32\kbiwkmmhyowvjf.dat
c:\windows\system32\kbiwkmobwwktli.dat
c:\windows\system32\kbiwkmtnnqakms.dll
c:\windows\system32\kbiwkmuppyblrp.dat
c:\windows\system32\spool\prtprocs\w32x86\00005872.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\UACkoibpxuiqy.dat
c:\windows\system32\UAClqlsxrhchx.dll
c:\windows\system32\UACxtobcvbuwq.dll
c:\windows\Temp\01572F57.exe
c:\windows\Temp\0184A23C.exe
c:\windows\Temp\018D20A3.exe
c:\windows\Temp\0221E2B2.exe
c:\windows\Temp\02DE5820.exe
c:\windows\Temp\03BC6DEF.exe
c:\windows\Temp\03F65867.exe
c:\windows\Temp\04CE55CE.exe
c:\windows\Temp\05A0C8EC.exe
c:\windows\Temp\05B35ABD.exe
c:\windows\Temp\05EA2B15.exe
c:\windows\Temp\06980C3F.exe
c:\windows\Temp\07510413.exe
c:\windows\Temp\086B00D3.exe
c:\windows\Temp\0B09E411.exe
c:\windows\Temp\0C83894B.exe
c:\windows\Temp\0DF7528F.exe
c:\windows\Temp\0E534036.exe
c:\windows\Temp\0FC1724F.exe
c:\windows\Temp\1111F55C.exe
c:\windows\Temp\11749317.exe
c:\windows\Temp\12CF571F.exe
c:\windows\Temp\133A8FA3.exe
c:\windows\Temp\166F77BD.exe
c:\windows\Temp\1671D4B1.exe
c:\windows\Temp\16B1FDE2.exe
c:\windows\Temp\16F185FC.exe
c:\windows\Temp\17226EB2.exe
c:\windows\Temp\178F672C.exe
c:\windows\Temp\19913CB8.exe
c:\windows\Temp\1AB68BC3.exe
c:\windows\Temp\1AD394CC.exe
c:\windows\Temp\1B613FFA.exe
c:\windows\Temp\1C293302.exe
c:\windows\Temp\1C3946AB.exe
c:\windows\Temp\1C3E08E9.exe
c:\windows\Temp\1D16C374.exe
c:\windows\Temp\1E2F5360.exe
c:\windows\Temp\1EAFF0E3.exe
c:\windows\Temp\1EEAC5A4.exe
c:\windows\Temp\1FAAFA65.exe
c:\windows\Temp\20F036DC.exe
c:\windows\Temp\214C1965.exe
c:\windows\Temp\238EDD26.exe
c:\windows\Temp\254AC3E9.exe
c:\windows\Temp\26B61295.exe
c:\windows\Temp\276A8DB9.exe
c:\windows\Temp\281B586A.exe
c:\windows\Temp\29E864FB.exe
c:\windows\Temp\2CB4DCFC.exe
c:\windows\Temp\2CBB29C9.exe
c:\windows\Temp\2EADC998.exe
c:\windows\Temp\2ECB956B.exe
c:\windows\Temp\2EDD74C2.exe
c:\windows\Temp\301749D3.exe
c:\windows\Temp\30F17F4E.exe
c:\windows\Temp\311AC9B2.exe
c:\windows\Temp\315F2134.exe
c:\windows\Temp\33C7EFBF.exe
c:\windows\Temp\34206371.exe
c:\windows\Temp\36225E56.exe
c:\windows\Temp\378AF482.exe
c:\windows\Temp\3A1F30B8.exe
c:\windows\Temp\3A9BB44D.exe
c:\windows\Temp\3B54F9B3.exe
c:\windows\Temp\3C98DE6A.exe
c:\windows\Temp\3D35ED60.exe
c:\windows\Temp\3D4D9700.exe
c:\windows\Temp\3D5F207C.exe
c:\windows\Temp\3E4368E6.exe
c:\windows\Temp\4039B67C.exe
c:\windows\Temp\422FEECA.exe
c:\windows\Temp\4233AAD4.exe
c:\windows\Temp\42AEA62A.exe
c:\windows\Temp\431B7845.exe
c:\windows\Temp\4399BAF8.exe
c:\windows\Temp\43DCD72C.exe
c:\windows\Temp\4428541A.exe
c:\windows\Temp\4472D8FD.exe
c:\windows\Temp\4477D48A.exe
c:\windows\Temp\44EF02A8.exe
c:\windows\Temp\46D60C5A.exe
c:\windows\Temp\4713F330.exe
c:\windows\Temp\48EC40DA.exe
c:\windows\Temp\48FB828C.exe
c:\windows\Temp\498C065C.exe
c:\windows\Temp\49D6C4D3.exe
c:\windows\Temp\4A2CB3A4.exe
c:\windows\Temp\4A45F66E.exe
c:\windows\Temp\4B18635D.exe
c:\windows\Temp\4B9B3AF7.exe
c:\windows\Temp\4BF782A5.exe
c:\windows\Temp\4C837304.exe
c:\windows\Temp\4CE8832A.exe
c:\windows\Temp\4E4BA61E.exe
c:\windows\Temp\4F65D299.exe
c:\windows\Temp\4F77897B.exe
c:\windows\Temp\4FABBF4F.exe
c:\windows\Temp\4FE68598.exe
c:\windows\Temp\5053E5DB.exe
c:\windows\Temp\51061A95.exe
c:\windows\Temp\52C45CD3.exe
c:\windows\Temp\52E2BAD1.exe
c:\windows\Temp\52F34020.exe
c:\windows\Temp\54D6688E.exe
c:\windows\Temp\55B720EC.exe
c:\windows\Temp\56A1AFE7.exe
c:\windows\Temp\56C4082B.exe
c:\windows\Temp\56D22352.exe
c:\windows\Temp\5844B9E8.exe
c:\windows\Temp\584AC69F.exe
c:\windows\Temp\58B4E178.exe
c:\windows\Temp\58F07C25.exe
c:\windows\Temp\5CD44D6B.exe
c:\windows\Temp\5DA3E781.exe
c:\windows\Temp\5DB1D21B.exe
c:\windows\Temp\5E16B380.exe
c:\windows\Temp\5E3E7950.exe
c:\windows\Temp\5EFA1D0B.exe
c:\windows\Temp\5F0D94D0.exe
c:\windows\Temp\61D32FF1.exe
c:\windows\Temp\61FF0C32.exe
c:\windows\Temp\622CD6A3.exe
c:\windows\Temp\63421009.exe
c:\windows\Temp\63573499.exe
c:\windows\Temp\6413DA6B.exe
c:\windows\Temp\647D2D3A.exe
c:\windows\Temp\64E54E50.exe
c:\windows\Temp\679405BD.exe
c:\windows\Temp\68A88E19.exe
c:\windows\Temp\68EA4F25.exe
c:\windows\Temp\6927BA86.exe
c:\windows\Temp\6AC2C10F.exe
c:\windows\Temp\6B06642F.exe
c:\windows\Temp\6B924973.exe
c:\windows\Temp\6D4CFDE5.exe
c:\windows\Temp\6DACA8EB.exe
c:\windows\Temp\70305914.exe
c:\windows\Temp\703CA891.exe
c:\windows\Temp\70D98922.exe
c:\windows\Temp\7230BB57.exe
c:\windows\Temp\7268F0F5.exe
c:\windows\Temp\726C6A24.exe
c:\windows\Temp\7298A6E1.exe
c:\windows\Temp\7461F5A3.exe
c:\windows\Temp\746A0D5F.exe
c:\windows\Temp\74A0462C.exe
c:\windows\Temp\74BA203F.exe
c:\windows\Temp\74CDB011.exe
c:\windows\Temp\74FDD27E.exe
c:\windows\Temp\754872C3.exe
c:\windows\Temp\75D53F14.exe
c:\windows\Temp\76BE57EE.exe
c:\windows\Temp\773BC1BE.exe
c:\windows\Temp\78925518.exe
c:\windows\Temp\7912A152.exe
c:\windows\Temp\79625D59.exe
c:\windows\Temp\7A47B789.exe
c:\windows\Temp\7ACF985C.exe
c:\windows\Temp\7C1CB790.exe
c:\windows\Temp\7C869495.exe
c:\windows\Temp\7CD9622E.exe
c:\windows\Temp\7D452E79.exe
c:\windows\Temp\7D609C2B.exe
c:\windows\Temp\7DD07A5A.exe
c:\windows\Temp\7E23B833.exe
c:\windows\Temp\7E2B8FD3.exe
c:\windows\Temp\7F46BF7C.exe
c:\windows\Temp\7F711A31.exe
c:\windows\Temp\7F748320.exe
c:\windows\Temp\7FA47B83.exe
c:\windows\Temp\804D703D.exe
c:\windows\Temp\81F17923.exe
c:\windows\Temp\828AD873.exe
c:\windows\Temp\82BF34D0.exe
c:\windows\Temp\82C71D6F.exe
c:\windows\Temp\847C7B38.exe
c:\windows\Temp\84A1F684.exe
c:\windows\Temp\858C1E5A.exe
c:\windows\Temp\868C4032.exe
c:\windows\Temp\86D0DF7F.exe
c:\windows\Temp\88C29347.exe
c:\windows\Temp\8981062F.exe
c:\windows\Temp\8A950B1C.exe
c:\windows\Temp\8AC76245.exe
c:\windows\Temp\8C06152B.exe
c:\windows\Temp\8C370F33.exe
c:\windows\Temp\8CB63702.exe
c:\windows\Temp\8F87CF43.exe
c:\windows\Temp\8FC258CD.exe
c:\windows\Temp\9063BF39.exe
c:\windows\Temp\90C69052.exe
c:\windows\Temp\92A40FE8.exe
c:\windows\Temp\9413448E.exe
c:\windows\Temp\944BC08B.exe
c:\windows\Temp\95E633FA.exe
c:\windows\Temp\9614910D.exe
c:\windows\Temp\961B1089.exe
c:\windows\Temp\964E09BB.exe
c:\windows\Temp\9A09ED90.exe
c:\windows\Temp\9ACB1864.exe
c:\windows\Temp\9C78ACED.exe
c:\windows\Temp\9E58F660.exe
c:\windows\Temp\9F5B88FA.exe
c:\windows\Temp\9FEEBA0A.exe

c:\windows\system32\DRIVERS\atapi.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmqjvrtqob
-------\Legacy_kbiwkmqjvrtqob
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Service_1bd2bb5b
-------\Service_a49bfc7e


((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-02-01 14:29 . 2010-02-01 14:29 214512 ----a-w- c:\windows\system32\drivers\dwshd.sys
2010-02-01 14:26 . 2010-02-01 14:26 -------- d-----w- c:\documents and settings\BERNIE\DoctorWeb
2010-01-14 15:11 . 2010-01-14 15:11 46684 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-13 13:41 . 2010-01-13 13:42 -------- d-----w- c:\program files\iTunes
2010-01-13 13:41 . 2010-01-13 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-13 13:39 . 2010-01-13 13:39 -------- d-----w- c:\program files\Bonjour
2010-01-13 13:36 . 2009-08-28 19:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-13 13:36 . 2009-08-28 19:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 16:25 . 2007-07-17 14:00 -------- d-----w- c:\documents and settings\BERNIE\Application Data\uTorrent
2010-02-01 14:41 . 2009-11-16 11:48 0 ----a-w- c:\documents and settings\BERNIE\Local Settings\Application Data\prvlcl.dat
2010-02-01 13:34 . 2009-11-03 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-01 13:32 . 2009-08-24 11:19 0 ----a-w- c:\windows\system32\drivers\25a3b05b.sys
2010-01-29 19:10 . 2009-11-19 18:23 -------- d-----w- c:\documents and settings\BERNIE\Application Data\Nitro PDF
2010-01-29 15:46 . 2009-12-07 11:25 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-18 09:37 . 2010-01-27 09:13 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-18 09:37 . 2010-01-27 09:13 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-14 11:49 . 2006-06-05 11:14 -------- d--h--w- c:\documents and settings\BERNIE\Application Data\Apple Computer
2010-01-14 11:24 . 2007-08-22 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-14 11:07 . 2008-02-29 11:44 -------- d-----w- c:\documents and settings\BERNIE\Application Data\PC Suite
2010-01-14 11:07 . 2008-02-29 12:03 -------- d-----w- c:\documents and settings\BERNIE\Application Data\NSeries
2010-01-13 13:41 . 2006-06-05 11:13 -------- d-----w- c:\program files\iPod
2010-01-13 13:41 . 2007-08-22 09:32 -------- d-----w- c:\program files\Common Files\Apple
2010-01-13 13:39 . 2007-08-22 09:32 -------- d-----w- c:\program files\QuickTime
2010-01-13 13:31 . 2010-01-13 13:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-07 10:48 . 2009-12-07 10:48 -------- d-----w- c:\documents and settings\BERNIE\Application Data\VidaOne
2009-12-07 10:47 . 2009-12-07 10:47 370070 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_934312A2105DE40686D86A.exe
2009-12-07 10:47 . 2009-12-07 10:47 370070 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_84E6935F3B1AD16B2BF56A.exe
2009-12-07 10:47 . 2009-12-07 10:47 370070 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_11D44228873CFE17224077.exe
2009-12-07 10:47 . 2009-12-07 10:47 22382 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_6FEFF9B68218417F98F549.exe
2009-12-07 10:47 . 2009-12-07 10:47 22382 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_21F3885A18D238E15AAE81.exe
2009-12-07 10:47 . 2009-12-07 10:47 1406 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_D707CE1C009F1381803C2C.exe
2009-12-07 10:47 . 2009-12-07 10:47 -------- d-----w- c:\program files\VidaOne
2009-12-03 21:42 . 2009-12-03 21:42 443904 ----a-w- c:\documents and settings\BERNIE\Application Data\vpss.exe
2009-12-03 21:42 . 2009-12-03 21:42 443904 ----a-w- c:\documents and settings\BERNIE\Application Data\vpss.exe
2009-11-10 09:35 . 2009-11-03 11:39 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-10 08:27 . 2007-11-01 09:13 177024 ----a-w- c:\documents and settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\FlashGot.exe
2009-11-06 10:05 . 2006-06-05 10:22 55736 ----a-w- c:\documents and settings\BERNIE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-19 289584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="c:\documents and settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-30 2526784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-02 185784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-05-04 577536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-6-28 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-03 11:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nslauncher]
2007-09-07 14:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-03-30 12:34 25263144 ----a-w- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-02-22 21:42 3537968 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2007-03-14 16:03 24104 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\BERNIE\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\hp designjet system maintenance\\hp_dj_sme.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11632:TCP"= 11632:TCP:BitComet 11632 TCP
"11632:UDP"= 11632:UDP:BitComet 11632 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [11/05/2006 16:05 102528]
R0 si3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\si3112r.sys [11/05/2006 10:58 97920]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [11/05/2006 10:58 10240]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/01/2009 10:46 333192]
R1 avgtdix;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/11/2009 11:39 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [03/11/2009 11:39 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/11/2009 10:02 54752]
R2 nitrodriverreadspool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15/09/2009 10:20 188736]
S1 25a3b05b;25a3b05b;c:\windows\system32\drivers\25a3b05b.sys [24/08/2009 11:19 0]
S2 ijst;ijst;c:\windows\system32\drivers\oqmsd.sys --> c:\windows\system32\drivers\oqmsd.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
.
Contents of the 'Scheduled Tasks' folder

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://publicaccess.testvalley.gov.uk/publicaccess/tdc/DcApplication/application_searchform.aspx
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {8A1BEAEF-2246-418E-8E91-3A476365F5D0} = 93.188.165.108,93.188.166.30
DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} - hxxps://www.promapserver.co.uk/controls/latest/promap.cab
FF - ProfilePath - c:\documents and settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.zurich.co.uk/buildingguarantee/index.html
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-11701094 - c:\documents and settings\All Users\Application Data\11701094\11701094.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-Monopod - c:\docume~1\BERNIE\LOCALS~1\Temp\b.exe
MSConfigStartUp-promoreg - c:\windows\Temp\_ex-08.exe
MSConfigStartUp-SWF Live Preview - c:\program files\Eltima Software\SWF Live Preview\swf_lp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 16:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll si3112r.sys >>UNKNOWN [0x89AF78C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf764bfc3
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74c67b4
\Driver\iaStor -> iaStor.sys @ 0xf7b1dade
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xbaf32bc3
PacketIndicateHandler -> NDIS.sys @ 0xbaf3eb21
SendHandler -> NDIS.sys @ 0xbaf32d33
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(432)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3580)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-02-01 16:30:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-01 16:30

Pre-Run: 5,981,757,440 bytes free
Post-Run: 8,110,989,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F01F1208E4D09C4122AF2657D738BD63
  • 0

#3
bgm_co

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
OTL txt...


OTL logfile created on: 01/02/2010 16:33:35 - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\BERNIE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 7.58 Gb Free Space | 1.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESIGNWORK
Current User Name: BERNIE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/01 14:47:03 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BERNIE\Desktop\OTL.exe
PRC - [2010/01/07 14:44:57 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/01 08:41:42 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/12 09:14:15 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/12 09:14:15 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/19 15:50:49 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/11/03 11:40:02 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/03 11:40:00 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/03 11:39:56 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/15 10:20:30 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/09/15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/02/22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/02 12:08:25 | 000,185,784 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/10/18 20:05:26 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/06/20 22:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/06/20 22:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/05/04 10:34:59 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2006/03/22 03:48:55 | 000,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/08/04 12:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe


========== Modules (SafeList) ==========

MOD - [2010/02/01 14:47:03 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BERNIE\Desktop\OTL.exe
MOD - [2006/08/25 15:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (ipod service)
SRV - [2009/11/03 11:39:56 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/15 10:20:30 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (nitrodriverreadspool)
SRV - [2009/09/15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (seaport)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (bonjour service)
SRV - [2007/03/14 16:03:40 | 000,975,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2007/02/08 16:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/06/28 12:51:59 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/03/22 03:48:55 | 000,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/02/01 13:32:11 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\25a3b05b.sys -- (25a3b05b)
DRV - [2009/11/10 09:35:34 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (avgtdix)
DRV - [2009/11/03 11:40:18 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/03 11:40:18 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/25 16:42:38 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (pxhelp20)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (usbaapl)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/04/21 10:16:44 | 003,964,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/03/22 03:56:22 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/10/21 01:47:05 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2005/10/18 10:09:16 | 000,102,528 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\m5288.sys -- (m5288)
DRV - [2005/07/16 02:04:12 | 000,097,920 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112r.sys -- (si3112r)
DRV - [2005/07/16 02:04:12 | 000,010,240 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc)
DRV - [2005/07/16 02:04:12 | 000,010,240 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2005/05/18 00:45:12 | 000,076,288 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2005/05/18 00:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/02/17 17:28:52 | 000,868,096 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/10/08 01:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://publicaccess....searchform.aspx
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.zurich.co...tee/index.html"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: [email protected]:3.011.025.005
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 09:14:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2009/12/16 22:50:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 09:56:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/13 13:39:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/01/13 13:39:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/01/13 13:39:25 | 000,000,000 | ---D | M]

[2008/12/09 10:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Extensions
[2010/02/01 14:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions
[2010/01/26 09:38:33 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/12/16 16:28:17 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2007/04/21 20:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010/02/01 14:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/09 10:46:19 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/12/09 10:46:19 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/12/09 10:46:19 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/12/09 10:46:19 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/02/01 16:21:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - No CLSID value found.
O2 - BHO: (Search Helper) - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FFTI] C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe ( )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} https://www.promapse...test/promap.cab (Promap Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\BERNIE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BERNIE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/01 10:49:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/01 16:30:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/01 15:57:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/01 15:54:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/01 15:54:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/01 15:54:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/01 15:54:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/01 15:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/01 15:53:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/01 14:47:00 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BERNIE\Desktop\OTL.exe
[2010/02/01 14:29:18 | 000,214,512 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwshd.sys
[2010/02/01 14:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BERNIE\DoctorWeb
[2010/01/28 14:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BERNIE\Desktop\New Folder (2)
[2010/01/13 13:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/13 13:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/13 13:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/01/13 13:36:27 | 002,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/01/13 13:36:27 | 000,040,448 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/12/03 21:42:03 | 000,443,904 | ---- | C] (Kaeria SARL) -- C:\Documents and Settings\BERNIE\Application Data\vpss.exe
[2009/11/17 22:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2009/11/03 11:37:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/03 11:37:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/03 11:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/03 11:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/31 07:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/03/29 18:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/07/28 10:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/07/28 10:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/12/14 23:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2007/12/14 21:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2007/08/22 09:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\BERNIE\My Documents\*.tmp files -> C:\Documents and Settings\BERNIE\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/01 16:22:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/01 16:22:00 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/02/01 16:21:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/01 16:21:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 16:21:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/01 16:21:04 | 2011,746,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/01 16:19:25 | 010,223,616 | -H-- | M] () -- C:\Documents and Settings\BERNIE\NTUSER.DAT
[2010/02/01 16:19:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\BERNIE\ntuser.ini
[2010/02/01 15:57:31 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/01 14:47:03 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BERNIE\Desktop\OTL.exe
[2010/02/01 14:46:17 | 003,842,638 | R--- | M] () -- C:\Documents and Settings\BERNIE\Desktop\ComboFix.exe
[2010/02/01 14:41:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\prvlcl.dat
[2010/02/01 14:29:18 | 000,214,512 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwshd.sys
[2010/02/01 13:56:15 | 000,353,386 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\HostsXpert.zip
[2010/02/01 13:32:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\25a3b05b.sys
[2010/02/01 11:39:12 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/01 11:13:47 | 054,945,509 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/01 09:33:44 | 000,012,674 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/29 22:05:00 | 473,129,730 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\We.Are.Marshall[2006]DvDrip[Eng]-aXXo.avi.part
[2010/01/29 15:46:29 | 000,008,224 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/01/29 12:26:52 | 000,040,916 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\0.jpg
[2010/01/29 10:42:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\We.Are.Marshall[2006]DvDrip[Eng]-aXXo.avi
[2010/01/28 10:27:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/27 16:09:22 | 000,194,048 | ---- | M] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/27 00:55:56 | 736,096,256 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\ljmtag.avi
[2010/01/25 10:00:16 | 000,003,364 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\22155_264394789674_596089674_3062276_7645430_s.jpg
[2010/01/22 19:13:15 | 000,041,996 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\light-bulb-label.jpg
[2010/01/20 09:18:20 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 23:09:13 | 000,199,735 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\BCNHProspectus.pdf
[2010/01/14 15:11:15 | 000,046,684 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/13 13:39:13 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/12 10:29:10 | 000,615,308 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\periodization.pdf
[2010/01/06 09:59:16 | 000,948,243 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\06012010420.jpg
[2010/01/06 09:58:12 | 001,034,387 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\06012010421.jpg
[2010/01/06 09:41:56 | 009,024,068 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\06012010072.mp4
[2010/01/05 22:46:10 | 010,712,021 | ---- | M] () -- C:\WINDOWS\System32\PAPERLESSPRINTER
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\BERNIE\My Documents\*.tmp files -> C:\Documents and Settings\BERNIE\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/01 15:57:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/01 15:57:25 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/01 15:54:45 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/01 15:54:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/01 15:54:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/01 15:54:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/01 15:54:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/01 14:46:03 | 003,842,638 | R--- | C] () -- C:\Documents and Settings\BERNIE\Desktop\ComboFix.exe
[2010/02/01 13:56:15 | 000,353,386 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\HostsXpert.zip
[2010/01/29 12:26:18 | 000,040,916 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\0.jpg
[2010/01/29 10:42:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\We.Are.Marshall[2006]DvDrip[Eng]-aXXo.avi
[2010/01/29 10:42:32 | 473,129,730 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\We.Are.Marshall[2006]DvDrip[Eng]-aXXo.avi.part
[2010/01/27 11:20:24 | 736,096,256 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\ljmtag.avi
[2010/01/25 10:00:16 | 000,003,364 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\22155_264394789674_596089674_3062276_7645430_s.jpg
[2010/01/22 19:13:15 | 000,041,996 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\light-bulb-label.jpg
[2010/01/19 23:09:13 | 000,199,735 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\BCNHProspectus.pdf
[2010/01/14 15:11:15 | 000,046,684 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/13 13:42:30 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/13 13:39:13 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/12 10:29:10 | 000,615,308 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\periodization.pdf
[2010/01/06 10:51:39 | 000,948,243 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\06012010420.jpg
[2010/01/06 10:41:02 | 001,034,387 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\06012010421.jpg
[2010/01/06 10:31:21 | 009,024,068 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\06012010072.mp4
[2009/11/16 11:48:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\prvlcl.dat
[2009/08/24 11:19:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\25a3b05b.sys
[2009/07/27 14:23:53 | 000,000,099 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/07/09 09:10:21 | 000,003,447 | ---- | C] () -- C:\WINDOWS\DESGNJT2.INI
[2008/04/18 13:16:18 | 000,007,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/15 09:44:47 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/23 08:22:55 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/03/03 16:03:11 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/02/28 22:14:27 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/28 21:53:51 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/28 21:53:51 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/07 12:34:29 | 000,002,508 | -H-- | C] () -- C:\Documents and Settings\BERNIE\Application Data\$_hpcst$.hpc
[2006/06/21 19:15:25 | 000,000,474 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/05 18:35:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/05 14:13:30 | 000,194,048 | ---- | C] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/05 10:58:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/06/05 10:44:35 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2006/06/05 10:22:08 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\fusioncache.dat
[2006/06/01 12:53:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/11 10:57:21 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/11 10:56:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2000/09/18 15:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >
  • 0

#4
bgm_co

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
the instructions I followed were of this thread.. http://www.geekstogo...ct-t267096.html

But still no luck!!!
  • 0

#5
bgm_co

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Thought I managed to shift it.. but it still seem to be redirecting me to other sites GGGrr
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP