Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Alureon + More [Closed]

Started by WintryElf , May 19 2010 07:00 PM

  • This topic is locked This topic is locked

#1
WintryElf
Posted 19 May 2010 - 07:00 PM

WintryElf

    Member

  • Member
  • PipPip
  • 46 posts
So, I'll get to the point, I probably picked this up with peer to peer software. I found 44 instances of it with an AVG virus scan, and I'm unable to delete it using AVG, no matter what it tries. It just keeps spawning with each scan. I already cleaned with TFC, and created a backup with ERUNT. The virus won't let me connect to the MBAM download - stops me from getting to the site - and crashes the GMER scan halfway in - if there are any workarounds let me know and I'll run the scans. I do have an OTL log though, which I will paste. All help is appreciated. I am using an HP Pavilion dv5 Notebook PC if that helps. If you need specs let me know. I just UNINSTALLED BitComet, which was my Peer2Peer software. I knew it'd mess me over in the end, to be honest.

EDIT EDIT EDIT

WITHOUT WARNING, POPUP OR OTHERWISE, WITH VOLUME MUTED, my computer started spouting some trash about 'Meet My Baby Dot Com'. This wasn't from online. This was from the PC itself and there was no indication of anything to close down. Freaked me the [bleep] out. I hit the volume button again and the voice was shut off. Oh dear. I then in desperation tried to run GMER for a log and it bluescreened + crashed me immediately. I rebooted and my trojan removal tool tried to run a startup scan, triggered another bluescreen + crash. I think I aggravated it. D:

My problems

-MSN will not sign in, virus punches it in the face and stops the process
-Can't even run online games, Battle of the Immortals/BoI in particular, I click 'start', the 'loading' graphic pops up and then game.exe gets slapped by the virus and it closes.
-Slow in general, startup is ridiculously slow but not unusable
-Internet pretends to work but the virus just blocks me flat-out from going to sites it dislikes
-Whenever I try to turn my Rogers Online Protection Antivirus on, Advanced SystemCare Pro pops up with an "Erasing your privacy traces" message, which I find really, really suspicious.
-AVG tries to delete it and reports it all as deleted and then it all returns in the next scan. D:
-I've also got various dialers and stuff that show up, most of those were deleted but there are a few persistent ones.
-Also, 75% of the time the virus manages to stop the scan in its tracks and freeze the window. That's why I haven't attempted to delete all of this more than 3-4 times, it's because the scans don't finish.

OTL LOG (OTL.Txt)

OTL logfile created on: 19/05/2010 8:38:32 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.36 Gb Total Space | 83.52 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/19 20:38:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2010/05/19 16:36:04 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/19 16:36:03 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/05/19 16:36:01 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/05/19 16:35:58 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/05/19 16:35:22 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/05/19 16:35:18 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/05/19 16:34:37 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/05/19 16:34:29 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/05/19 16:34:25 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/19 16:34:03 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/05/19 16:34:01 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/05/18 16:00:43 | 000,183,808 | ---- | M] () -- C:\Windows\Temp\Fsq.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/14 20:31:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/15 11:26:37 | 001,039,360 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
PRC - [2010/03/13 03:56:42 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/09/23 18:28:18 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/09/23 18:27:50 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/05/26 18:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/27 22:51:18 | 000,363,248 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
PRC - [2009/02/27 14:13:52 | 003,228,912 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/06/27 20:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe
PRC - [2008/06/27 20:43:24 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
PRC - [2008/06/27 20:42:08 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/04/28 07:23:36 | 000,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2008/04/28 07:23:28 | 000,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2008/03/26 18:26:56 | 000,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2007/12/11 15:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/11/03 13:32:00 | 000,049,152 | R--- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ICO.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/19 20:38:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
MOD - [2010/05/19 16:37:23 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 00:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MSIU-8b1fdd3a)
SRV - [2010/05/19 16:35:18 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/05/19 16:34:37 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/05/19 16:34:25 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/19 16:34:01 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/16 16:42:00 | 003,465,452 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/23 18:27:50 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/09/03 03:13:44 | 000,111,312 | ---- | M] (Radialpoint Inc.) [On_Demand | Stopped] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/27 22:51:18 | 000,363,248 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS)
SRV - [2008/06/27 20:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe -- (AESTFilters)
SRV - [2008/06/27 20:43:24 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe -- (STacSV)
SRV - [2008/04/28 07:23:36 | 000,738,568 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2008/04/28 07:23:28 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2008/03/26 18:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 15:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/05/19 16:37:20 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/05/19 16:37:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/19 16:37:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/19 16:34:30 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/05/19 16:34:30 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/05/19 16:34:06 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/05/19 16:34:05 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/05/19 16:34:05 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/05/19 16:33:16 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/09/30 10:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/09/23 19:00:40 | 005,161,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/22 19:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/03/26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/02/17 13:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/27 20:44:18 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/06/26 13:23:08 | 000,147,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (TSP)
DRV - [2008/06/26 13:23:08 | 000,147,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2008/06/26 13:23:08 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/04/27 14:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/25 06:38:22 | 000,071,184 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/04/24 14:02:36 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2008/04/14 18:56:18 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/03/28 02:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/27 15:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 15:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/01/23 17:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/07 16:42:04 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Amddfltr.sys -- (Amddfltr)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/20 13:07:56 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/10/29 16:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Surf Canyon"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.5
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/19 16:33:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 20:30:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 20:30:56 | 000,000,000 | ---D | M]

[2008/12/26 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/05/19 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions
[2010/05/04 02:07:47 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/05/09 23:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/04 02:07:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/04 02:07:49 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/05/01 00:07:42 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/05/01 00:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/05/04 02:07:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\[email protected]
[2009/09/27 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\[email protected]
[2010/04/29 21:44:36 | 000,002,282 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\searchplugins\surf-canyon.xml
[2010/05/13 03:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/21 06:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/03/13 03:56:32 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll (Rogers)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.globalga...ffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.45,93.188.161.192
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/28 00:01:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{af8d9116-a658-11de-bf97-00238b2631fb}\Shell - "" = AutoRun
O33 - MountPoints2\{af8d9116-a658-11de-bf97-00238b2631fb}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/19 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\gmer-1
[2010/05/19 20:10:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/19 20:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/19 18:02:29 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/19 16:37:21 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/19 16:37:18 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/19 16:37:07 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/19 16:37:03 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/19 16:37:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/05/19 16:34:30 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/05/19 16:34:29 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/19 16:33:16 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/05/19 16:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/19 16:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/05/19 16:00:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Simply Super Software
[2010/05/19 16:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/05/19 16:00:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Simply Super Software
[2010/05/19 16:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/05/17 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/15 18:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/05/15 18:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/10 21:30:25 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2010/05/08 16:02:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Movies
[2010/05/06 00:21:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mIRC
[2010/05/04 00:47:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Media Player Classic
[2010/05/02 16:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010/05/02 16:41:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TigerPlayer
[2010/05/02 16:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\MpcStar
[2010/05/01 20:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/01 20:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/01 20:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/01 20:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/01 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/29 23:20:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Ebooks
[2010/04/29 02:19:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Anime
[2010/04/19 04:22:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\VirtualDJ
[2010/04/19 04:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/04/19 04:17:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinRAR
[2010/04/19 04:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/18 01:06:49 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/04/18 01:06:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\BitComet
[2010/04/18 01:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2010/04/18 00:52:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2010/04/18 00:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2010/04/18 00:51:42 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2010/04/18 00:51:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Image-Line
[2010/04/18 00:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2010/04/18 00:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2010/04/18 00:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2010/04/15 19:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\StepMania
[2010/04/13 23:53:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\N's Poetry
[2010/04/13 23:52:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\N's Stories
[2010/04/07 17:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/02 01:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Jagex Games Studio
[2010/03/16 10:59:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GTek
[2010/03/15 19:29:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/03/12 00:48:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ijjigame
[2010/03/12 00:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\ijji
[2010/02/22 21:26:00 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\uc_neosteam_launching.dll
[2010/02/22 19:35:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Rawr
[2010/02/19 04:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Z8Games

========== Files - Modified Within 90 Days ==========

[2010/05/19 20:41:57 | 004,718,592 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/05/19 20:25:48 | 000,000,410 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/19 20:21:34 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/05/19 20:21:25 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/19 20:21:21 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/19 20:21:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/19 20:21:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/19 20:21:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/19 20:20:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/19 20:20:30 | 2950,520,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/19 20:09:26 | 000,000,674 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/05/19 19:50:31 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/19 19:50:31 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/19 18:55:35 | 000,589,325 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/05/19 18:55:33 | 060,185,144 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/19 16:39:14 | 003,366,413 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/05/19 16:37:23 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/19 16:37:23 | 000,001,607 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/05/19 16:37:20 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/19 16:37:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/19 16:37:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/19 16:37:03 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/19 16:34:30 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/19 16:34:30 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/05/19 16:33:16 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/05/19 16:00:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/05/18 22:59:00 | 003,795,163 | ---- | M] () -- C:\Users\Owner\Documents\Marie-Mai Proj.docx
[2010/05/18 22:53:20 | 000,002,587 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
[2010/05/18 21:32:33 | 384,742,432 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/05/18 21:32:33 | 005,153,876 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/05/18 15:36:14 | 000,007,052 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/05/17 22:49:36 | 000,112,739 | ---- | M] () -- C:\Users\Owner\Desktop\trance.wma
[2010/05/17 22:38:47 | 000,076,296 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/17 22:34:05 | 003,664,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/17 22:30:36 | 000,000,284 | ---- | M] () -- C:\sqmnoopt00.sqm
[2010/05/17 20:36:03 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/05/15 18:56:23 | 000,025,600 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 04:39:56 | 000,012,196 | ---- | M] () -- C:\Users\Owner\Documents\Dear Abby RnJ.docx
[2010/05/13 03:40:37 | 000,013,310 | ---- | M] () -- C:\Users\Owner\Documents\Romeo and Juliet Creative Response.docx
[2010/05/13 03:24:27 | 000,042,496 | ---- | M] () -- C:\Users\Owner\Documents\Proofread Lab for Printing.doc
[2010/05/13 03:17:05 | 000,010,781 | ---- | M] () -- C:\Users\Owner\Documents\Lab Physics Explanation.docx
[2010/05/13 03:07:54 | 000,013,342 | ---- | M] () -- C:\Users\Owner\Documents\A Soliloque Translated.docx
[2010/05/13 02:31:44 | 000,011,872 | ---- | M] () -- C:\Users\Owner\Documents\Juliet suicide note.docx
[2010/05/10 21:50:53 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Battle of the Immortals.lnk
[2010/05/08 15:35:19 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2010/05/06 01:20:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/06 01:06:24 | 000,016,022 | ---- | M] () -- C:\Users\Owner\Documents\Frarticle.docx
[2010/05/06 00:45:27 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/05/02 16:41:07 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2010/05/01 20:40:09 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/29 23:15:55 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/04/23 21:57:30 | 000,000,075 | ---- | M] () -- C:\Users\Owner\jagex_runescape_preferences2.dat
[2010/04/23 21:57:30 | 000,000,041 | ---- | M] () -- C:\Users\Owner\jagex_runescape_preferences.dat
[2010/04/22 19:59:14 | 000,837,032 | ---- | M] () -- C:\Users\Owner\Desktop\TranceBeat.mp3
[2010/04/20 16:52:56 | 000,010,719 | ---- | M] () -- C:\Users\Owner\Documents\Life of an Outlaw review for Yoh.docx
[2010/04/19 04:22:28 | 000,000,806 | ---- | M] () -- C:\Users\Owner\Desktop\Virtual DJ.lnk
[2010/04/19 04:16:14 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2010/04/18 20:58:51 | 000,091,296 | ---- | M] () -- C:\Users\Owner\Documents\The Effects of Petroleum on the Environment.pptx
[2010/04/18 20:51:57 | 000,000,278 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/04/18 02:56:02 | 000,000,892 | ---- | M] () -- C:\Users\Owner\Desktop\FL Studio 9.lnk
[2010/04/15 23:54:58 | 000,000,552 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d8caps.dat
[2010/04/15 03:36:34 | 000,000,879 | ---- | M] () -- C:\Users\Owner\Desktop\YouTube Downloader.lnk
[2010/04/14 00:23:33 | 000,010,547 | ---- | M] () -- C:\Users\Owner\Documents\Library Apps for Sira.docx
[2010/04/13 23:58:42 | 000,010,713 | ---- | M] () -- C:\Users\Owner\Documents\Thief.docx
[2010/04/13 18:47:29 | 000,011,999 | ---- | M] () -- C:\Users\Owner\Documents\Sword and Brush book report!!!!!.docx
[2010/04/13 18:36:38 | 000,012,866 | ---- | M] () -- C:\Users\Owner\Documents\Gichin karatedo.docx
[2010/04/13 17:29:40 | 000,013,051 | ---- | M] () -- C:\Users\Owner\Documents\The Weaponless Warriors book report.docx
[2010/04/07 23:34:34 | 000,016,739 | ---- | M] () -- C:\Users\Owner\Documents\Determination Essay Final for Karate.docx
[2010/04/06 17:35:09 | 000,010,044 | ---- | M] () -- C:\Users\Owner\Documents\Sword and Brush.docx
[2010/04/06 17:35:02 | 000,009,948 | ---- | M] () -- C:\Users\Owner\Documents\Karate Do.docx
[2010/04/06 17:11:48 | 000,010,048 | ---- | M] () -- C:\Users\Owner\Documents\The Weaponless Warrior.docx
[2010/04/06 17:10:56 | 000,009,997 | ---- | M] () -- C:\Users\Owner\Documents\Determination.docx
[2010/04/02 02:28:53 | 000,000,000 | ---- | M] () -- C:\Users\Owner\jagex__preferences3.dat
[2010/04/02 01:28:58 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\RuneScape.lnk
[2010/03/31 16:43:23 | 001,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/31 16:43:23 | 000,672,380 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/31 16:43:23 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/31 16:43:23 | 000,127,578 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/31 16:43:23 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/29 05:17:37 | 000,010,813 | ---- | M] () -- C:\Users\Owner\Documents\KareemSci1.docx
[2010/03/12 18:38:18 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2010/03/11 04:03:53 | 000,013,218 | ---- | M] () -- C:\Users\Owner\Documents\Table for Density Lab, Matt and I.docx
[2010/03/09 09:16:32 | 000,035,840 | ---- | M] () -- C:\Users\Owner\Documents\Analysis and communication.doc
[2010/03/08 21:37:11 | 000,008,704 | ---- | M] () -- C:\Users\Owner\Documents\mattstoof.wps
[2010/02/25 22:01:45 | 081,949,934 | ---- | M] () -- C:\Users\Owner\Documents\SAS Survival Guide.pdf
[2010/02/25 21:58:47 | 033,565,334 | ---- | M] () -- C:\Users\Owner\Documents\FM 21-76.pdf
[2010/02/22 21:26:00 | 000,147,456 | ---- | M] (TODO: <Company name>) -- C:\Windows\System32\uc_neosteam_launching.dll

========== Files Created - No Company Name ==========

[2010/05/19 20:09:26 | 000,000,674 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/05/19 16:37:23 | 000,001,607 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/05/19 16:37:03 | 000,589,325 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/05/19 16:37:02 | 060,185,144 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/19 16:37:02 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/19 16:00:35 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/05/19 16:00:31 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/05/19 16:00:31 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/05/19 16:00:31 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/05/19 16:00:31 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/05/18 22:58:47 | 003,795,163 | ---- | C] () -- C:\Users\Owner\Documents\Marie-Mai Proj.docx
[2010/05/18 16:00:51 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/18 16:00:51 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/17 22:49:35 | 000,112,739 | ---- | C] () -- C:\Users\Owner\Desktop\trance.wma
[2010/05/17 22:30:36 | 000,000,284 | ---- | C] () -- C:\sqmnoopt00.sqm
[2010/05/13 04:39:56 | 000,012,196 | ---- | C] () -- C:\Users\Owner\Documents\Dear Abby RnJ.docx
[2010/05/13 03:40:36 | 000,013,310 | ---- | C] () -- C:\Users\Owner\Documents\Romeo and Juliet Creative Response.docx
[2010/05/13 03:24:26 | 000,042,496 | ---- | C] () -- C:\Users\Owner\Documents\Proofread Lab for Printing.doc
[2010/05/13 03:17:05 | 000,010,781 | ---- | C] () -- C:\Users\Owner\Documents\Lab Physics Explanation.docx
[2010/05/13 02:51:03 | 000,013,342 | ---- | C] () -- C:\Users\Owner\Documents\A Soliloque Translated.docx
[2010/05/13 02:31:43 | 000,011,872 | ---- | C] () -- C:\Users\Owner\Documents\Juliet suicide note.docx
[2010/05/10 21:50:53 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Battle of the Immortals.lnk
[2010/05/06 01:06:24 | 000,016,022 | ---- | C] () -- C:\Users\Owner\Documents\Frarticle.docx
[2010/05/06 00:48:03 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/05/06 00:45:27 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/05/02 16:41:07 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2010/05/01 20:40:09 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/29 23:15:55 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/04/22 19:58:47 | 000,837,032 | ---- | C] () -- C:\Users\Owner\Desktop\TranceBeat.mp3
[2010/04/20 16:52:54 | 000,010,719 | ---- | C] () -- C:\Users\Owner\Documents\Life of an Outlaw review for Yoh.docx
[2010/04/19 04:22:28 | 000,000,806 | ---- | C] () -- C:\Users\Owner\Desktop\Virtual DJ.lnk
[2010/04/19 04:16:13 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2010/04/18 00:51:39 | 000,000,892 | ---- | C] () -- C:\Users\Owner\Desktop\FL Studio 9.lnk
[2010/04/15 23:54:58 | 000,000,552 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d8caps.dat
[2010/04/14 18:52:02 | 000,091,296 | ---- | C] () -- C:\Users\Owner\Documents\The Effects of Petroleum on the Environment.pptx
[2010/04/14 00:23:33 | 000,010,547 | ---- | C] () -- C:\Users\Owner\Documents\Library Apps for Sira.docx
[2010/04/13 18:47:28 | 000,011,999 | ---- | C] () -- C:\Users\Owner\Documents\Sword and Brush book report!!!!!.docx
[2010/04/13 18:36:37 | 000,012,866 | ---- | C] () -- C:\Users\Owner\Documents\Gichin karatedo.docx
[2010/04/13 16:51:08 | 000,013,051 | ---- | C] () -- C:\Users\Owner\Documents\The Weaponless Warriors book report.docx
[2010/04/07 23:34:30 | 000,016,739 | ---- | C] () -- C:\Users\Owner\Documents\Determination Essay Final for Karate.docx
[2010/04/06 17:35:08 | 000,010,044 | ---- | C] () -- C:\Users\Owner\Documents\Sword and Brush.docx
[2010/04/06 17:35:01 | 000,009,948 | ---- | C] () -- C:\Users\Owner\Documents\Karate Do.docx
[2010/04/06 17:11:47 | 000,010,048 | ---- | C] () -- C:\Users\Owner\Documents\The Weaponless Warrior.docx
[2010/04/06 17:10:54 | 000,009,997 | ---- | C] () -- C:\Users\Owner\Documents\Determination.docx
[2010/04/02 19:26:41 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2010/04/02 02:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Owner\jagex__preferences3.dat
[2010/04/02 01:28:58 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\RuneScape.lnk
[2010/03/29 05:17:35 | 000,010,813 | ---- | C] () -- C:\Users\Owner\Documents\KareemSci1.docx
[2010/03/14 23:31:47 | 2950,520,832 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/13 04:21:44 | 000,035,840 | ---- | C] () -- C:\Users\Owner\Documents\Analysis and communication.doc
[2010/03/11 03:49:25 | 000,013,218 | ---- | C] () -- C:\Users\Owner\Documents\Table for Density Lab, Matt and I.docx
[2010/03/08 21:37:11 | 000,008,704 | ---- | C] () -- C:\Users\Owner\Documents\mattstoof.wps
[2010/02/25 21:57:17 | 081,949,934 | ---- | C] () -- C:\Users\Owner\Documents\SAS Survival Guide.pdf
[2010/02/25 21:56:37 | 033,565,334 | ---- | C] () -- C:\Users\Owner\Documents\FM 21-76.pdf
[2009/12/25 10:19:40 | 000,009,672 | ---- | C] () -- C:\Windows\System32\Setup2k.ini
[2009/12/25 10:19:40 | 000,000,231 | ---- | C] () -- C:\Windows\System32\presetup.ini
[2009/12/25 10:17:58 | 000,593,920 | R--- | C] () -- C:\Windows\System32\HPBDO.DLL
[2009/12/25 10:17:58 | 000,348,160 | R--- | C] () -- C:\Windows\System32\HPWHEEL.DLL
[2009/12/25 10:17:58 | 000,171,238 | R--- | C] () -- C:\Windows\PMUninst.ini
[2009/12/25 10:17:58 | 000,000,554 | R--- | C] () -- C:\Windows\xUninstEx.ini
[2009/12/25 10:17:58 | 000,000,162 | R--- | C] () -- C:\Windows\xUninst.ini
[2009/12/09 23:54:38 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/11/01 21:58:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/10 16:23:01 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2007/02/20 13:07:56 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/08 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

========== LOP Check ==========

[2010/05/18 01:45:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2010/01/17 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitZipper
[2010/05/17 23:16:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/01 08:19:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DMCache
[2009/10/07 03:03:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2010/03/12 00:48:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame
[2009/10/14 03:38:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
[2009/01/03 18:55:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/04/20 18:16:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2010/01/27 03:36:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Red Kawa
[2009/05/03 11:40:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rogers Online Protection
[2009/11/12 01:02:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Screenshot Sender
[2010/05/19 16:00:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Simply Super Software
[2009/11/29 23:05:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/05/02 16:42:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TigerPlayer
[2010/05/19 20:21:34 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2009/12/29 01:38:03 | 000,000,516 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job
[2010/05/19 19:50:11 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/19 20:21:25 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/19 20:21:21 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/05/28 00:01:05 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/19 20:20:30 | 2950,520,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/01 09:34:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/01 09:34:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/19 20:20:28 | 3264,307,200 | -HS- | M] () -- C:\pagefile.sys
[2010/05/17 22:30:36 | 000,000,284 | ---- | M] () -- C:\sqmnoopt00.sqm

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/09/23 18:28:48 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/02/23 02:33:44 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/04/11 00:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 00:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/19 16:33:16 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/05/19 16:34:30 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/05/19 16:37:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/19 16:37:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/19 16:34:30 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/19 16:37:20 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/02/23 07:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/11 07:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 07:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/12/08 13:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2010/02/18 07:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

EXTRAS LOG (Extras.Txt)

OTL Extras logfile created on: 19/05/2010 8:38:32 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.36 Gb Total Space | 83.52 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BEB9C29-35A3-4215-B951-71E717C1D9F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1F3F3309-E89F-4655-B264-BBAE50C003B6}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{2077443D-ED77-433E-ADE6-3D758A1B7BEA}" = lport=23338 | protocol=6 | dir=in | name=bitcomet 23338 tcp |
"{224EEA87-B483-4AA5-B3AA-A8E554E5FE66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{62971627-CC62-4647-BA4A-EA6391C88D6D}" = lport=139 | protocol=6 | dir=in | app=system |
"{651B6171-B96E-4BC1-BEFF-7E15708B7107}" = rport=139 | protocol=6 | dir=out | app=system |
"{7AD851BB-21DB-4DA9-9D5C-0D6D08235C27}" = rport=445 | protocol=6 | dir=out | app=system |
"{82A3D7CA-8274-4C49-BF45-336ADEA42CA6}" = lport=445 | protocol=6 | dir=in | app=system |
"{84F0986B-AF08-4B69-B9FF-986591A29ED9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86A4CAA3-C780-4267-B099-97059A7CC289}" = lport=137 | protocol=17 | dir=in | app=system |
"{931A2AD9-58DC-42B0-8743-BED06367E006}" = lport=23338 | protocol=17 | dir=in | name=bitcomet 23338 udp |
"{A0DCF0F3-B33D-4566-AC15-647DE54142A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D8E45CB0-C249-45F1-A32F-932EA8167B34}" = rport=138 | protocol=17 | dir=out | app=system |
"{DBA8F48E-8ADA-4000-A8FD-9478C0769155}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA0B6480-F45D-45B3-A98F-8DAA449CCF43}" = rport=137 | protocol=17 | dir=out | app=system |
"{EFD9AF70-2CEF-4FFE-8BEE-9297BEB467F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0835F54B-5FE7-4D6F-B62D-6156AF039FBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09CAB2B6-AEE1-46C1-A1DA-B1343E9455E2}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{0DD69701-5C08-478D-BD62-9D6063B9053D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{130DE36C-B0CD-4774-B94B-BA889F3E77DE}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{13DB1CBE-8EB6-49EE-A611-27F228782128}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1CCBAF9A-A1EF-47DB-80BF-B8E605671AEB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{20BD1EE7-8E7D-4CA9-BAFA-36ACCBAF52BD}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{27D000E9-E1BD-4681-8C51-683BBC6C4839}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A50712E-E7B0-429C-9C60-B2F851609BFB}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{3715E69A-5CEE-4057-9A97-25A80219C6D4}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{3B0B5933-BDEF-4C8C-B679-32F66D1540BD}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{446E73C4-1B27-4C2A-9F70-1767F38D5AB1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4726C4E1-9F8C-4012-8E5B-6360F2D4E627}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{475D56D3-8ACB-4C3A-AA28-41F7F076BF68}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4B2C68FB-CCC1-4D7C-AD29-1EB26CDCFEDE}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{4D196D5E-8F3D-4468-9E85-570EC2B5C118}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{4DB26EDF-180D-4BD1-BA49-4C647125347E}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5A4BD1F8-6E29-467C-9A17-81476BD25242}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{5D5760C1-6131-4B48-BAD9-79C7FC0BBF1B}" = protocol=58 | dir=out | [email protected],-28546 |
"{5E59A529-D836-48DA-990A-5FCBDBB657D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E6857A5-8169-4D91-A793-31656208738B}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{6248934E-6655-4EAF-9237-AF221D9721EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{62BDD64B-8D1D-4C51-B7CF-D372B76DCE08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64151FB6-C020-40E6-A185-F1039FBA9687}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{651E94EE-EF8B-43F7-B156-B585132E6EC4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{71AB8D71-8F80-445A-B2D4-ABB1D3720086}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{763D3F05-A392-4C44-9688-EA0CCD305861}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7894EF9F-855C-4673-A471-163202CDEC8A}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{7909D129-397E-4FAA-9CA1-DB6C86B51F33}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{7DDAF9A7-E590-4079-B43A-CD52D75ACDCD}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{82EE821A-7FF5-486C-B567-0D114E681376}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{8643FF13-D417-46A2-9613-7E2BDDA1030E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8DA6B5D7-2203-40BB-907A-7E714BCA5DBE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8E1D3EB7-2459-473B-B0A1-7CA2E69768F9}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8E66A6F3-5CE9-4191-B535-913763175C1F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{966E9974-446D-4786-9185-393842BBFB57}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{99FB9855-460D-4D8B-AA99-F92292836E00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C06A7E5-7018-4A4D-8AFA-7359ABCD3C9E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C3EB170-384C-4DB5-9844-A435227E98D5}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9E56B5CD-83E8-4A50-B05B-BD34066319F7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9EE15BF7-6686-45FD-9288-3EB85A3717D9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A175410B-CDD1-4AA0-BF71-A4D2D6FCD56B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A714BBC4-44C9-410E-855F-AC15E7977C2F}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{B1140D7C-666B-4DFF-88A7-DCC2E1F5F862}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{B56225E8-3574-4809-A0FE-36AD379E2E99}" = protocol=58 | dir=in | [email protected],-28545 |
"{B9A8745E-A4C1-4000-8B25-0ABFE47651C4}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{BB29866A-442A-457D-B9CA-A3F87156993C}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{BD8669E6-66EC-4EB5-9DF6-36BB3BB9FF07}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-enus-downloader.exe |
"{BD911686-1161-4CEC-99EE-97DC2A6923C9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BFD1C091-3717-4EBC-8159-30EED35859A4}" = protocol=6 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe |
"{C19C081D-FEB1-4AA9-B0C8-D52042E1DEED}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{C2CE567C-F5E9-4267-B9D8-5A32A895290D}" = protocol=17 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe |
"{C727F165-1A91-4CCD-8FB9-1F3443B2889C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{CE123B9C-C8B4-4D6E-9A65-7561820F8E74}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CE535950-3C59-48B8-B22E-850195CB29BC}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{CE787773-0740-439E-8953-A190E391B787}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{DD5E01A0-B673-416B-A190-7D489DC9AC0C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-enus-downloader.exe |
"{DDF66F39-5F49-4A9B-AC0E-42CBC1DDA6E8}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{DE95BC3F-88DC-4E7C-BD22-92D872CE6565}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{E6E35E86-D6C3-49E9-A055-D5505238DD06}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{ECE2DFA8-A869-4192-8156-41F4E8587219}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F20F8E0F-3B3F-470F-BBD2-2D3E49CF35C8}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{F51DE90F-FD82-4BE9-BAB5-4AB889516D38}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{F62ABC85-6823-4969-9E95-2134D52CCAB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F899CD96-51E1-491C-9FF3-57EF00A02E59}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{F9AE9449-84E6-492B-9312-A31DEEEFBC2E}" = protocol=1 | dir=in | [email protected],-28543 |
"{FC820C29-E104-4392-9C23-511B01187EBC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FD273CE9-C122-4C40-81D4-67FA06D64CA4}" = protocol=1 | dir=out | [email protected],-28544 |
"{FD289D90-99CA-47EA-B51A-61A6D85EBFDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{7FB2724A-1994-419F-85E0-6E2D46F3D13A}C:\users\owner\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\owner\program files\dna\btdna.exe |
"TCP Query User{CDF55217-B035-449D-90C4-B2EB560A1DD3}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{5A3024D9-EB2A-4DBA-854B-1D1761762FA4}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{AF39D82E-D082-47DE-8078-AA65783FD3D1}C:\users\owner\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\owner\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034F8B84-40DE-EBB5-4B7E-07E719B1271B}" = Catalyst Control Center HydraVision Full
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1089C72B-8D02-1C2A-1832-B0007D8AA963}" = Catalyst Control Center Core Implementation
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1B1B3FC3-5D41-42B6-85B1-27223246E438}" = RPS Zip
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2573A5FB-0352-4B85-E948-10FFCDD28731}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{2B152D2E-039D-BDD5-DAB8-F9E715CF5FCA}" = Catalyst Control Center Graphics Light
"{2F1074A4-B6D4-4C4D-A728-C1EADDB188D9}" = RPS Security Cleanup
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{316CDA1E-4760-4772-94B0-0FFC56D85700}" = RPS CRT
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3AA1DCD6-CEE9-DAD4-79E3-6BF1F5D4744C}" = Catalyst Control Center Graphics Full Existing
"{3AB59D99-F209-4705-96A0-304C53D88958}" = RPS RpsCore
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4115D40F-3E40-8D0B-F2B7-5FE20E7D711C}" = Catalyst Control Center Graphics Previews Vista
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{426B3380-B8F7-4A69-9838-B1A8237F0B00}" = RPS Burn
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5E609F4B-4B10-6DD8-C47D-9703044AC5EF}" = Catalyst Control Center Graphics Full New
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6709A989-F0AC-43E5-9DE8-4100A85715BD}" = RPS Ad Blocker
"{6783BD80-A5DB-10A6-9F03-CE0B406BB982}" = Catalyst Control Center Graphics Previews Common
"{68F129E0-EF23-4CCE-A03F-B2C1A6DC9013}" = Rogers Online Protection
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6F5F989B-D61A-48BF-B860-3EB95600155F}" = RPS Firewall
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C2CD35D-FEC4-0272-9D16-CB1585C44FA6}" = ccc-utility
"{7EAB15F0-5857-A3B6-565F-F5A27EC4FD91}" = ATI Catalyst Install Manager
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8784867F-AA3D-4258-837C-0DC6EBAFDB5E}" = RPS Ksdk
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A7F6127-CF84-476E-B2DE-F3CC912CBF6C}" = RuneScape
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9102836A-D390-415F-45B2-27C9B3680303}" = ccc-core-static
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94570A74-CA05-43A7-9B1E-38142CDDE93B}" = RPS AntiVirus
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F7C9CE-5C2A-4095-9BC5-3AA6A49F191B}" = RPS Performance Tool
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9B743536-28E5-4A48-A1CC-8600A18386C3}" = Growler Guncam
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE68FB75-1887-48E8-95D9-6A2571CBC2EF}" = RPS ParentalControl
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C96AA12B-D119-4093-95B3-8AC44D38BED8}" = RPS Privacy Manager
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CFAC9887-F0FA-408D-BACE-8009A16C2E0D}" = RPS AntiSpyware
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4A70F1B-2046-AEBD-9F25-844BECFB163A}" = CCC Help English
"{D5520D44-B1D7-4D38-A9FF-23B0137CC71E}" = RPS AntiFraud
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD188FB1-263D-4602-9608-7CABFEA6E25F}" = RPS Backup
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DE39E9CB-637B-45B4-B7D6-4842F3988871}" = RPS App Detector
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E15329B7-99DB-4A2E-A6FC-68699A957264}" = RPS Diagnostic Utility
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}" = The Matrix - Path of Neo
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F88B38F4-1A34-4F7F-B2F7-9CA78F209BB0}" = RPS PopupBlocker
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ASIO4ALL" = ASIO4ALL
"AVG9Uninstall" = AVG 9.0
"AviSynth" = AviSynth 2.5
"BitComet" = BitComet 1.20
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"ERUNT_is1" = ERUNT 1.1j
"FL Studio 9" = FL Studio 9
"Game Booster_is1" = Game Booster
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"IL Download Manager" = IL Download Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MpcStar" = MpcStar 4.4
"Neffy" = Neffy 1,2,1,11
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"RadialpointClientGateway_is1" = Rogers Servicepoint Agent 2.0.21
"Sakura" = Sakura
"Sawer" = Sawer
"Sho Online" = Sho Online
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"Trojan Remover_is1" = Trojan Remover 6.8.1
"Videora iPod Converter" = Videora iPod Converter 5.04
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Applications" = Rogers Yahoo! Applications

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/05/2010 6:49:52 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, time stamp 0x4bb4be02,
faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e, exception
code 0xc0000005, fault offset 0x00025048, process id 0x16bc, application start time
0x01caf79f2d58f251.

Error - 19/05/2010 6:49:52 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application CCC.exe, version 2.0.0.0, time stamp 0x49ef8e09,
faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e, exception
code 0xc0000005, fault offset 0x0002ae5c, process id 0x1ef0, application start time
0x01caf79446942601.

Error - 19/05/2010 6:49:58 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application MOM.exe, version 2.0.0.0, time stamp 0x49ef8e68,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x00041e59, process id 0x1600, application start time
0x01caf794119037f1.

Error - 19/05/2010 6:50:26 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application sidebar.exe, version 6.0.6002.18005, time stamp
0x49e02551, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00041e59, process id 0x11a8, application
start time 0x01caf79415a1a181.

Error - 19/05/2010 6:55:08 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8089.726, time stamp
0x4a6ce533, faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e,
exception code 0xc0000005, fault offset 0x00009860, process id 0xf80, application
start time 0x01caf79416ae7da1.

Error - 19/05/2010 6:55:30 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application taskeng.exe, version 6.0.6002.18005, time stamp
0x49e01bf2, faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e,
exception code 0xc0000005, fault offset 0x00023859, process id 0x184c, application
start time 0x01caf796a99d03a1.

Error - 19/05/2010 7:33:17 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application Game.exe, version 0.0.0.0, time stamp 0x4be27e5d,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x54442d18, process id 0x1ab4, application start time 0x01caf7ab7c46bbc1.

Error - 19/05/2010 7:42:24 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, time stamp 0x4bb4be02,
faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e, exception
code 0xc0000005, fault offset 0x00025048, process id 0x1a8c, application start time
0x01caf7a6835ceb51.

Error - 19/05/2010 7:49:03 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application taskeng.exe, version 6.0.6002.18005, time stamp
0x49e01bf2, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0004a4d2, process id 0x10c, application
start time 0x01caf7a686604fe1.

Error - 19/05/2010 7:55:28 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 21/01/2009 12:14:09 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 94199
seconds with 900 seconds of active time. This session ended with a crash.

Error - 25/01/2009 9:07:54 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25073
seconds with 3000 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/05/2010 5:24:32 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 19/05/2010 7:51:14 PM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 19/05/2010 7:51:41 PM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 19/05/2010 8:00:13 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:57:40 PM on 19/05/2010 was unexpected.

Error - 19/05/2010 7:59:20 PM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 19/05/2010 7:59:45 PM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 19/05/2010 8:20:02 PM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 19/05/2010 8:20:46 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:18:45 PM on 19/05/2010 was unexpected.

Error - 19/05/2010 8:20:28 PM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 19/05/2010 8:37:26 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =


< End of report >

Thank you.

Edited by WintryElf, 19 May 2010 - 09:12 PM.

  • 0

Advertisements

#2
Mjöllnir
Posted 20 May 2010 - 02:47 AM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Welcome to Geeks to Go, WintryElf.

I will be helping you with your malware issues.

Before we get started, please read the following.
  • Please completely read through all instructions given you before attempting to follow them. If you are confused about any part of the instructions, post back with your questions and we'll figure things out.
  • Please post all logs in their entirety. DO NOT attach logs to a post unless I ask you to do that. Rather copy and paste the contents of the logs directly into the post.
  • Please refrain from running any tools or otherwise performing any fixes other than what I ask you to do.
  • Finally, do not PM me directly for help. If you have any questions, post them in this topic.




»» Step 1 ««

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - File not found [Auto | Stopped] -- -- (MSIU-8b1fdd3a)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
[2010/05/01 00:07:42 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/05/01 00:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/02/21 06:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Value error. File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.45,93.188.161.192
O33 - MountPoints2\{af8d9116-a658-11de-bf97-00238b2631fb}\Shell - "" = AutoRun
O33 - MountPoints2\{af8d9116-a658-11de-bf97-00238b2631fb}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
[2010/05/19 20:21:25 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/19 20:21:21 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/19 20:21:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/19 20:21:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/29 23:15:55 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/05/18 01:45:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2010/01/17 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitZipper

:Files
C:\Windows\Temp\Fsq.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[start explorer]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.






»» Step 2 ««

Try to run this scan in Normal Mode first - if you get a BSoD, then reboot into Safe Mode and try the scan again


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.






»» Step 3 ««

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**






»» Step 4 ««

OTL Scan
  • Download OTL to your desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    beep.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    ahcix86s.sys
    KR10N.sys
    nvstor32.sys
    nvrd32.sys
    explorer.exe
    svchost.exe
    userinit.exe
    symmpi.sys
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    srsvc.dll
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.





»» Step 5 ««

Post Logs
Please post back with the following information:
  • OTL Fix Log
  • GMER Log
  • ComboFix Log
  • OTL Scan Log

  • 0

#3
WintryElf
Posted 20 May 2010 - 01:29 PM

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Got your OTL log here. I'm about to run GMER in safe mode and wanted to post it first in case.

All processes killed
========== OTL ==========
Service MSIU-8b1fdd3a stopped successfully!
Service MSIU-8b1fdd3a deleted successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\ not found.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash\components folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ not found.
File C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ not found.
File C:\Program Files\BitComet\BitComet.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all video with BitComet\ not found.
File C:\Program Files\BitComet\BitComet.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ not found.
File C:\Program Files\BitComet\BitComet.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ not found.
File C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af8d9116-a658-11de-bf97-00238b2631fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af8d9116-a658-11de-bf97-00238b2631fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af8d9116-a658-11de-bf97-00238b2631fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af8d9116-a658-11de-bf97-00238b2631fb}\ not found.
File F:\setup.exe not found.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File C:\Users\Public\Desktop\BitComet.lnk not found.
C:\Users\Owner\AppData\Roaming\BitComet\torrents folder moved successfully.
C:\Users\Owner\AppData\Roaming\BitComet\share folder moved successfully.
C:\Users\Owner\AppData\Roaming\BitComet\cache folder moved successfully.
C:\Users\Owner\AppData\Roaming\BitComet\archive folder moved successfully.
C:\Users\Owner\AppData\Roaming\BitComet folder moved successfully.
C:\Users\Owner\AppData\Roaming\BitZipper folder moved successfully.
========== FILES ==========
C:\Windows\Temp\Fsq.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 1260382 bytes
->Temporary Internet Files folder emptied: 677091 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35758461 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 678 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2648026 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05202010_151740

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Users\Owner\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\~DFD4CE.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\~DFD534.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\~DFD55C.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\~DFD561.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edited by WintryElf, 20 May 2010 - 01:44 PM.

  • 0

#4
WintryElf
Posted 20 May 2010 - 02:57 PM

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I am entirely unable to run GMER. I tried to run it in normal mode, got a BSoD and a crash. I tried to run it in Safe Mode, gmer.exe stopped working. It's just not going to happen as far as I know. I tried to restart, and a popup came up telling me that an unauthorized modification was done to Windows Vista. It asked me to enter my product key - I bought my laptop preloaded with Vista - and so I clicked CANCEL. It's now saying in the corner of my screen, "This copy of Windows Vista is not genuine." What do I do to fix this?

And should I continue on to ComboFix or not? I await further instruction.

Thanks,

Wintry

Edited by WintryElf, 20 May 2010 - 03:37 PM.

  • 0

#5
Mjöllnir
Posted 20 May 2010 - 03:42 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
You should get a balloon that pops up and asks if you want to resolve the Genuine issue. Did you try that?
  • 0

#6
WintryElf
Posted 20 May 2010 - 03:52 PM

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I didn't see it. I'll reboot and look for it, hang on..
  • 0

#7
WintryElf
Posted 20 May 2010 - 04:11 PM

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I saw the window, it told me where to find my product key which I re-entered, it said it had been verified and then continued to write "unauthorized copy of Windows Vista" in the corner of my desktop background. Oh well - it could be because of the malware and to be honest that's the most pressing problem. What's the next step?

Thanks,

Wintry

Edited by WintryElf, 20 May 2010 - 04:43 PM.

  • 0

#8
Mjöllnir
Posted 20 May 2010 - 08:14 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

#9
WintryElf
Posted 20 May 2010 - 09:27 PM

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I attempted to click your link, the web page that opened said:

Unable to connect


Firefox can't establish a connection to the server at download.microsoft.com.
* The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

However, I was still able to go to google.ca and to microsoft.com, although manually searching its download center for MGADiag produced no results. So my connection was not faulty. I then tried Internet Explorer but it was also unable to open the page and asked me to diagnose connection problems - but it, too, could connect to google.ca.

ALSO: I got it: GMER running in Safe Mode w/o Networking and saved the log, although it only looked at two things. It said it was going through the rest but nothing appeared in the log besides two entries.

I will post GMER.txt anyway.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-20 21:18:53
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kglcapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by WintryElf, 20 May 2010 - 09:33 PM.

  • 0

#10
Mjöllnir
Posted 21 May 2010 - 11:57 AM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

  • 0

Advertisements

#11
WintryElf
Posted 21 May 2010 - 01:35 PM

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Here you go. :) Also, after noting that this was a Windows Validation check, I changed my desktop background after running it and the message in the corner "unauthorized" disappeared. Maybe it was just a cookie or something, but it's okay now :) Also, could you answer a question of mine? Even if I have a backdoor/keylogger on my PC, is it alright to log into something with an onscreen keyboard that shuffles key positions with each click?

Windows Validation Check
Log Created On: 1529_21-05-2010
------------------------

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
------------------------------
Last Success Time for Update Detection: 2010-05-18 00:07:02
Last Success Time for Update Download: 2010-05-18 00:07:18
Last Success Time for Update Installation: 2010-05-18 00:08:12


WVCheck's File Dump
-------------------
C:\Program Files\BestGameEver\Audiosurf\engine\channels\Crypt.dll
Size: 8704 bytes
Matched: crypt.dll
------------------------------


WVCheck's Missing File Check
-------------------
WVCheck found no missing files.


WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.


-------- End of File, program close at 1533_21-05-2010 --------

Edited by WintryElf, 21 May 2010 - 01:47 PM.

  • 0

#12
Mjöllnir
Posted 21 May 2010 - 11:15 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Hello.


Even if I have a backdoor/keylogger on my PC, is it alright to log into something with an onscreen keyboard that shuffles key positions with each click?

If the onscreen keyboard is part of a web site and is filling in a form and not displaying the characters on the page and the keyboard layout is random each time it is used, it should be fairly secure.




Okay, let's try GMER and ComboFix. If GMER fails, then continue with ComboFix.



Before scanning with GMER, make sure that Files is unchecked.


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all and Files boxes are unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.





Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#13
WintryElf
Posted 22 May 2010 - 12:01 AM

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi, GMER worked. Here is the log. Since you said not to try ComboFix unless GMER failed, I won't run it without further instruction. GMER log follows.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-22 01:55:53
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kglcapow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwOpenProcess [0xAE91D730]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwTerminateProcess [0xAE91D7E0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwTerminateThread [0xAE91D880]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys ZwWriteVirtualMemory [0xAE91D920]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 828EAB54 4 Bytes [30, D7, 91, AE] {XOR BH, DL; XCHG ECX, EAX; SCASB }
.text ntkrnlpa.exe!KeSetEvent + 621 828EAD84 8 Bytes [E0, D7, 91, AE, 80, D8, 91, ...] {LOOPNZ 0xffffffffffffffd9; XCHG ECX, EAX; SCASB ; SBB AL, 0x91; SCASB }
.text ntkrnlpa.exe!KeSetEvent + 681 828EADE4 4 Bytes [20, D9, 91, AE] {AND CL, BL; XCHG ECX, EAX; SCASB }
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9E602000, 0x2CB74C, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1400] ntdll.dll!NtProtectVirtualMemory 77984D34 5 Bytes JMP 007E000A
.text C:\Windows\Explorer.EXE[1400] ntdll.dll!NtWriteVirtualMemory 77985674 5 Bytes JMP 007F000A
.text C:\Windows\Explorer.EXE[1400] ntdll.dll!KiUserExceptionDispatcher 77985DC8 5 Bytes JMP 007D000A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!FindResourceExA 777E2575 7 Bytes JMP 2806C4C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!FindResourceA 777E2653 5 Bytes JMP 2806C430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!CreateEventA 778044C0 5 Bytes JMP 2806BF90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!LockResource 778068DF 5 Bytes JMP 2806C670 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!FindResourceExW 778069FD 7 Bytes JMP 2806C3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!LoadResource 77806ADB 7 Bytes JMP 2806C550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!FindResourceW 77807FA1 5 Bytes JMP 2806C330 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!SizeofResource 77807FBF 7 Bytes JMP 2806C600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] ADVAPI32.dll!CryptDeriveKey 776FFCAE 7 Bytes JMP 2806BAA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] ADVAPI32.dll!CryptDecrypt 776FFE91 7 Bytes JMP 2806BB00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!CreateDialogParamW 761272A2 5 Bytes JMP 2806FC80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!SetWindowPlacement 76127963 5 Bytes JMP 2806FB30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!SetWindowRgn 7612A221 7 Bytes JMP 2806FBD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!LoadImageW 7612C9E5 5 Bytes JMP 280702E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!LoadIconW 7612DA9F 5 Bytes JMP 28070460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!CreateWindowExW 76131305 5 Bytes JMP 2806DB70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!GetWindowLongW 7613F8BF 7 Bytes JMP 28070590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!PeekMessageW 7614045A 5 Bytes JMP 2806E590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!TrackPopupMenuEx 76150CE7 5 Bytes JMP 2806EC10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!MessageBoxIndirectW 7617D5D3 5 Bytes JMP 2806FE80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] SHELL32.dll!Shell_NotifyIconW 76BA8626 5 Bytes JMP 2806D260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] ole32.dll!CoRegisterClassObject 75FE7DB6 5 Bytes JMP 2806C9D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] ole32.dll!CoCreateInstance 76029EA6 5 Bytes JMP 2806CC50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] ole32.dll!CoInitializeEx 7602AD63 5 Bytes JMP 2806C8D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WININET.dll!InternetReadFile 769A654B 5 Bytes JMP 28073800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WININET.dll!InternetCloseHandle 769A9088 5 Bytes JMP 28073940 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WININET.dll!HttpOpenRequestA 769AD508 5 Bytes JMP 280736A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WININET.dll!HttpSendRequestA 769BEE89 5 Bytes JMP 280738A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Windows\System32\svchost.exe[6824] ntdll.dll!NtProtectVirtualMemory 77984D34 5 Bytes JMP 002A000A
.text C:\Windows\System32\svchost.exe[6824] ntdll.dll!NtWriteVirtualMemory 77985674 5 Bytes JMP 002B000A
.text C:\Windows\System32\svchost.exe[6824] ntdll.dll!KiUserExceptionDispatcher 77985DC8 5 Bytes JMP 001D000A
.text C:\Windows\System32\svchost.exe[6824] ole32.dll!CoCreateInstance 76029EA6 5 Bytes JMP 0106000A
.text C:\Windows\System32\svchost.exe[6824] USER32.dll!GetCursorPos 76140B88 5 Bytes JMP 010F000A

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Edited by WintryElf, 22 May 2010 - 12:01 AM.

  • 0

#14
Mjöllnir
Posted 22 May 2010 - 12:08 AM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Please continue with ComboFix.
  • 0

#15
WintryElf
Posted 22 May 2010 - 10:16 AM

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
ComboFix finished, here is the log. Also, please note that it was picking up Norton and ROP still being active, when I'd just disabled ROP and I no longer have Norton installed. I have the Norton Security Online folder but it's empty. So I ran it anyway.

ComboFix 10-05-21.04 - Owner 22/05/2010 3:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2813.1993 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Security Online *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Rogers Online Protection Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Rogers Online Protection Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: Norton Security Online *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Rogers Online Protection Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AbaleZip.dll

Infected copy of c:\windows\system32\drivers\kl1.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-04-22 to 2010-05-22 )))))))))))))))))))))))))))))))
.

2010-05-22 07:24 . 2010-05-22 07:24 -------- d-----w- c:\users\Owner\AppData\Local\temp
2010-05-22 07:24 . 2010-05-22 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-21 21:28 . 2010-05-21 21:28 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG9
2010-05-20 19:17 . 2010-05-20 19:17 -------- d-----w- C:\_OTL
2010-05-20 00:09 . 2010-05-20 00:09 -------- d-----w- c:\program files\ERUNT
2010-05-19 22:02 . 2010-05-19 22:02 -------- d-----w- C:\$AVG
2010-05-19 20:42 . 2010-05-18 20:00 86528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\g1iQG17a.dll
2010-05-19 20:37 . 2010-05-19 20:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-19 20:37 . 2010-05-19 20:37 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-19 20:37 . 2010-05-19 20:37 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-19 20:37 . 2010-05-19 20:37 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-19 20:37 . 2010-05-22 01:37 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-19 20:34 . 2010-05-19 20:34 25096 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-05-19 20:34 . 2010-05-19 20:34 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-19 20:33 . 2010-05-19 20:33 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-05-19 20:30 . 2010-05-19 20:30 -------- d-----w- c:\program files\AVG
2010-05-19 20:29 . 2010-05-19 23:56 -------- d-----w- c:\programdata\avg9
2010-05-19 20:07 . 2010-05-18 20:00 86528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\17e3a7.dll
2010-05-19 20:00 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-19 20:00 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-19 20:00 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-19 20:00 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-19 20:00 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-19 20:00 . 2010-05-19 20:00 -------- d-----w- c:\program files\Trojan Remover
2010-05-19 20:00 . 2010-05-19 20:00 -------- d-----w- c:\programdata\Simply Super Software
2010-05-19 20:00 . 2010-05-19 20:00 -------- d-----w- c:\users\Owner\AppData\Roaming\Simply Super Software
2010-05-19 19:31 . 2010-05-18 20:00 86528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\93eIQ3w7u.dll
2010-05-19 05:16 . 2010-05-18 20:00 86528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\W3uO9oCEI.dll
2010-05-19 01:35 . 2010-05-18 20:00 86528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\7kUOCE3.dll
2010-05-18 20:00 . 2010-05-18 20:00 86528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\55oC5.dll
2010-05-18 03:16 . 2010-05-18 03:16 -------- d-----w- c:\users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-05-15 22:58 . 2010-05-15 22:58 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-05-15 22:30 . 2010-05-15 22:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-11 19:55 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 01:30 . 2010-05-11 01:30 -------- d-----w- C:\Perfect World Entertainment
2010-05-08 20:02 . 2010-05-09 08:21 -------- d-----w- c:\users\Owner\Movies
2010-05-06 04:21 . 2010-05-07 00:19 -------- d-----w- c:\users\Owner\AppData\Roaming\mIRC
2010-05-04 04:47 . 2010-05-04 04:47 -------- d-----w- c:\users\Owner\AppData\Roaming\Media Player Classic
2010-05-02 20:41 . 2010-05-17 23:08 -------- d-----w- c:\programdata\boost_interprocess
2010-05-02 20:41 . 2010-05-02 20:42 -------- d-----w- c:\users\Owner\AppData\Roaming\TigerPlayer
2010-05-02 20:40 . 2010-05-02 20:41 -------- d-----w- c:\program files\MpcStar
2010-05-02 00:38 . 2010-05-02 00:38 -------- d-----w- c:\program files\iPod
2010-05-02 00:38 . 2010-05-02 00:40 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-02 00:38 . 2010-05-02 00:40 -------- d-----w- c:\program files\iTunes
2010-05-02 00:29 . 2010-05-02 00:30 -------- d-----w- c:\program files\QuickTime
2010-05-02 00:23 . 2010-05-02 00:23 -------- d-----w- c:\program files\Bonjour
2010-04-30 03:20 . 2010-05-22 06:04 -------- d-----w- c:\users\Owner\Ebooks
2010-04-29 06:19 . 2010-05-04 21:43 -------- d-----w- c:\users\Owner\Anime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 02:55 . 2010-04-18 05:05 -------- d-----w- c:\program files\BitComet
2010-05-19 20:25 . 2010-02-07 03:05 -------- d-----w- c:\programdata\Alwil Software
2010-05-19 04:20 . 2009-05-15 19:20 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2010-05-19 04:00 . 2009-05-15 19:25 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2010-05-19 01:32 . 2010-01-09 02:22 5153876 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-19 01:32 . 2010-01-09 02:22 384742432 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-18 19:36 . 2009-02-27 05:24 7052 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat
2010-05-18 02:38 . 2008-12-27 01:22 76296 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-15 22:57 . 2008-12-27 01:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-13 05:59 . 2009-11-12 03:42 -------- d-----w- c:\program files\Messenger Plus! Live
2010-05-12 07:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 07:02 . 2008-12-27 01:16 -------- d-----w- c:\programdata\Microsoft Help
2010-05-06 14:36 . 2009-10-02 19:06 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-02 00:38 . 2009-03-14 03:06 -------- d-----w- c:\program files\Common Files\Apple
2010-05-02 00:14 . 2010-05-02 00:14 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-24 01:57 . 2009-09-21 05:35 75 ----a-w- c:\users\Owner\jagex_runescape_preferences2.dat
2010-04-24 01:57 . 2009-02-20 05:25 41 ----a-w- c:\users\Owner\jagex_runescape_preferences.dat
2010-04-22 23:10 . 2010-01-21 23:20 -------- d-----w- c:\programdata\WinZip
2010-04-22 22:56 . 2010-04-15 23:00 -------- d-----w- c:\program files\StepMania
2010-04-20 22:16 . 2010-04-18 04:52 -------- d-----w- c:\users\Owner\AppData\Roaming\OpenCandy
2010-04-19 08:24 . 2010-04-19 08:22 -------- d-----w- c:\program files\VirtualDJ
2010-04-19 00:51 . 2009-11-30 03:05 278 ----a-w- c:\users\Owner\AppData\Roaming\wklnhst.dat
2010-04-18 04:52 . 2010-04-18 04:52 -------- d-----w- c:\program files\ASIO4ALL v2
2010-04-18 04:51 . 2010-04-18 04:49 -------- d-----w- c:\program files\VstPlugins
2010-04-18 04:51 . 2010-04-18 04:44 -------- d-----w- c:\program files\Image-Line
2010-04-18 04:49 . 2010-04-18 04:49 -------- d-----w- c:\program files\Outsim
2010-04-16 03:54 . 2010-04-16 03:54 552 ----a-w- c:\users\Owner\AppData\Local\d3d8caps.dat
2010-04-09 02:05 . 2009-07-04 22:20 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-04-09 02:05 . 2009-07-04 22:20 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-04-09 02:05 . 2009-07-04 22:20 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-04-09 02:05 . 2009-07-04 22:20 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-04-09 02:05 . 2009-07-04 22:20 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-04-09 02:05 . 2009-07-04 22:20 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 17:17 . 2009-05-13 23:55 -------- d-----w- c:\programdata\PMB Files
2010-04-07 21:10 . 2008-05-28 04:51 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 21:09 . 2010-04-07 21:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 21:08 . 2008-05-28 04:51 -------- d-----w- c:\program files\Java
2010-04-02 06:28 . 2010-04-02 06:28 0 ----a-w- c:\users\Owner\jagex__preferences3.dat
2010-04-02 05:28 . 2010-04-02 05:28 -------- d-----w- c:\program files\Jagex Games Studio
2010-03-31 20:43 . 2008-05-28 01:43 672380 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-31 20:43 . 2008-05-28 01:43 127578 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-17 23:55 . 2010-03-17 23:55 8681984 ----a-w- c:\users\Owner\AppData\Roaming\OpenCandy\WeFiSetup_5_141_513.exe.exe
2010-03-05 14:13 . 2010-03-05 14:13 947472 ----a-w- c:\windows\system32\msjava.dll
2010-03-05 14:01 . 2010-04-15 02:45 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 22:13 . 2010-04-02 23:25 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-02-23 11:10 . 2010-04-15 02:46 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-15 02:46 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-15 02:46 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-30 23:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 23:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-30 23:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-30 23:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-23 01:26 . 2010-02-23 01:26 147456 ----a-w- c:\windows\system32\uc_neosteam_launching.dll
2010-02-22 18:28 . 2010-04-02 23:25 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-13 2937528]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-28 442467]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-28 1165192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 08:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 11:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 21:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 11:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-06-28 00:42 442467 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fe,e2,37,e1,64,5b,ca,01

R3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-05-19 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-05-19 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-05-19 27144]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-16 3465452]
R3 Radialpoint Security Services;Rogers Online Protection;c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [2009-09-03 111312]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
R3 XDva300;XDva300;c:\windows\system32\XDva300.sys [x]
R3 XDva317;XDva317;c:\windows\system32\XDva317.sys [x]
R3 XDva327;XDva327;c:\windows\system32\XDva327.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-05-19 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-05-19 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-05-19 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-05-19 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-05-19 242896]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-28 77824]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-23 172032]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-05-19 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-19 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-05-19 2325816]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-05-06 17:51]

2010-05-22 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-28 22:14]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kdvu4iq1.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-UCam_Menu - c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
AddRemove-mIRC - c:\users\Owner\Program Files\WorldOfWarcraft\mIRC\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 03:24
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2330517536-145518523-815747673-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):56,cb,0e,20,b3,4d,81,e6,6b,f5,2e,ee,c3,71,82,51,9f,b3,79,fc,76,
7c,80,24,fd,73,61,4c,b0,52,6b,f3,07,2a,2d,95,aa,74,94,4d,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2330517536-145518523-815747673-1000_Classes\CLSID\{80d1d1e1-fb9b-4d57-95a7-577d391cb1e9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000166
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,3c,66,ca,c8,45,fe,62,dc,2e,4d,91,eb,9e,ca,8f,8d,0e,e5,e9,15,a6,ff,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-05-22 03:31:06
ComboFix-quarantined-files.txt 2010-05-22 07:31

Pre-Run: 88,410,038,272 bytes free
Post-Run: 89,328,218,112 bytes free

- - End Of File - - AA22222A1CFFC35A8D269B7BAD2CB192

Edited by WintryElf, 22 May 2010 - 10:20 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP