Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC hijacked by "Antivir Solution", can't do anything

Started by Capriboy , Jul 16 2010 12:05 AM

  • This topic is locked This topic is locked

#16
Capriboy
Posted 23 July 2010 - 11:47 AM

Capriboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I don't know if there's a name for it but that really doesn't matter. It's now gone from my computer thanks to the help of Kahdah from G2Go. I'm sure they can help you get rid of your problem as well. There are a few programs that they would like you to download and run right off the bat and if that doesn't help then I think I'm correct when I say that you need to start your own topic in the Virus, Spyware & Malware Removal forum. List some basic info about your computer and detail the problems you are having. Then just patiently wait and one of the very smart Geeks will get back to you and instruct you on how to take care of your problem. It'll be a back and forth thing and depending on your availability and the availability of the person you will be working with, it may take a few hours or a few days to fix your computer.

Good luck!
  • 0

Advertisements

#17
Capriboy
Posted 23 July 2010 - 12:10 PM

Capriboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Kahdah,

Thanks for offering to help with these other issues. Once again, I'm going out of town for the weekend and won't be able to try your suggestions until Monday. I'll let you know the results when I get back.
  • 0

#18
kahdah
Posted 23 July 2010 - 01:48 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Sure no problem.
marilee you will need to start your own topic in order to get help please do not post in other people's topic's.
  • 0

#19
Capriboy
Posted 26 July 2010 - 09:55 PM

Capriboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here's the results of the SystemLook

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:52 on 26/07/2010 by Editor 1 (Administrator - Elevation successful)

========== Filefind ==========

Searching for "quartz.dll"
C:\WINDOWS\$hf_mig$\KB975560\SP2QFE\quartz.dll --a--c 1291776 bytes [17:04 27/11/2009] [17:04 27/11/2009] E2BE4CA73D62423D73B9040A26361404
C:\WINDOWS\$hf_mig$\KB975560\SP3GDR\quartz.dll --a--c 1291776 bytes [17:11 27/11/2009] [17:11 27/11/2009] B5DC220D79FFB8A3BBD523DD6E286EFB
C:\WINDOWS\$hf_mig$\KB975560\SP3QFE\quartz.dll --a--c 1291776 bytes [17:23 27/11/2009] [17:23 27/11/2009] 35472C8EB8A4762B81FC3A9650304825
C:\WINDOWS\$hf_mig$\KB975562\SP2QFE\quartz.dll --a--c 1291776 bytes [18:14 05/02/2010] [18:14 05/02/2010] C2F1B359372FD91D350B097F07EE4C77
C:\WINDOWS\$hf_mig$\KB975562\SP3GDR\quartz.dll --a--c 1291776 bytes [18:27 05/02/2010] [18:27 05/02/2010] 49804C9E6B0B709A0B607DB7E9462AA3
C:\WINDOWS\$hf_mig$\KB975562\SP3QFE\quartz.dll --a--c 1291776 bytes [18:29 05/02/2010] [18:29 05/02/2010] 3A46918AC21841C970D26C9C76776122
C:\WINDOWS\$NtUninstallKB975560$\quartz.dll -----c 1290752 bytes [05:44 11/02/2010] [19:27 03/06/2009] 7401A5E1B24693DC05E1293A8D8DDF0F
C:\WINDOWS\$NtUninstallKB975562$\quartz.dll -----c 1291264 bytes [05:31 11/06/2010] [17:33 27/11/2009] 3E84884952423AEA61051C92DACD7F1C
C:\WINDOWS\ServicePackFiles\i386\quartz.dll -----c 1287680 bytes [17:06 30/04/2007] [07:56 04/08/2004] CDBC0E967CB1312E1266CB3ADCB844DD
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\quartz.dll --a--c 1288192 bytes [02:13 05/09/2008] [00:12 14/04/2008] B4822C5241762BC96AE8D8B10CD65BC7
C:\WINDOWS\system32\dllcache\quartz.dll --a--c 1291264 bytes [16:18 30/04/2007] [18:40 05/02/2010] 4DC682A545244397E3A29D48CEADDAB1

========== Reg ==========

[quart*.dll]
Hive unrecognized.

-=End Of File=-
  • 0

#20
kahdah
Posted 27 July 2010 - 05:34 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok please do the following.
Go to Start > Run then type in cmd then hit ok.

THen in the black box that opens type in the following and hit enter after typing it in copy C:\WINDOWS\system32\dllcache\quartz.dll C:\Windows\system32\
After that restart the program that was telling you it could not find quartz.dll.

After that we will try to trouble shoot the other error.
  • 0

#21
Capriboy
Posted 27 July 2010 - 08:47 PM

Capriboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hi Kahdah,

Okay, copying that file took care of the Encore program. It opens and seems to work fine now.

The Avid program not finding the 1394 port is now the problem. Hopefully we'll be able to figure that one out.
  • 0

#22
kahdah
Posted 28 July 2010 - 05:30 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
This may or may not work.

Go to Start > Run > then type in this regsvr32 "C:\Program Files\Common Files\Avid\dvbuffers.ax" then hit the OK button.
Then plug in the device and see if it then will recognize it.
  • 0

#23
Capriboy
Posted 28 July 2010 - 09:20 AM

Capriboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
It didn't work. A window popped up saying

DllRegisterServer in C:\Program Files\Common Files\Avid\dvbuffers.ax failed.
Return code was: 0x80040154
  • 0

#24
kahdah
Posted 28 July 2010 - 12:22 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok let's try to unregister it then reregister it.
you can do it by following the same steps but do this code instead.
regsvr32 /u "C:\Program Files\Common Files\Avid\dvbuffers.ax" then hit the OK button.
Then paste the following code in regsvr32 "C:\Program Files\Common Files\Avid\dvbuffers.ax" then hit the OK button.

Let me know the outcome.
  • 0

#25
Capriboy
Posted 28 July 2010 - 10:08 PM

Capriboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I can't get past the first step. I get the following message:

LoadLibrary("C:Program Files\Common Files\Avid\dvbuffers.ax") failed - The specified module could not be found.
  • 0

Advertisements

#26
Capriboy
Posted 28 July 2010 - 11:34 PM

Capriboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Good news!

I don't know why, but my Avid editing software is now recognizing the 1394 port again. I am once again able to capture and play back video through it. Maybe that file copying did work, although I know when I first started the program after we did it, there wasn't any change. Anyway, it seems I'm back to normal. If there's anything else that pops up, it would be with something that I don't really need or use very often and is therefore non-essential.

Thanks for everything. I think we can close this up now, although I do have another computer that needs cleaning. Some type of "fotomoto" virus. I'll start another topic with that problem in a few days.
  • 0

#27
kahdah
Posted 29 July 2010 - 05:38 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great glad it is working again.

If you want I can clean up the other computer in this thread if you want that way you don't have to start a new topic.
If you choose to do that the on the other computer do the following.

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED

  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  • Show All (don't miss this one)

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Edited by kahdah, 29 July 2010 - 05:39 AM.

  • 0

#28
Capriboy
Posted 30 July 2010 - 09:14 AM

Capriboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here's the reports from the other computer. I apologize if I'm posting this twice. I thought I just posted but it didn't pop up in the thread, so I'm trying again.

OTL logfile created on: 7/29/2010 11:10:07 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Luis Ramentas\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 600.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.61 Gb Total Space | 12.87 Gb Free Space | 18.22% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 36.00 Gb Free Space | 7.73% Space Free | Partition Type: NTFS
Drive E: | 223.58 Gb Total Space | 18.70 Gb Free Space | 8.37% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 2.27 Gb Free Space | 30.48% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUISAVID
Current User Name: Luis Ramentas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Luis Ramentas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\qnhpgplv.exe ( )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\system32\AvidSDMService.exe (Avid Technology, Inc.)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\msagent\agentsvr.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Internet Security\ISSVC.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\ewido\security suite\ewidoctrl.exe (ewido networks)
PRC - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe ()
PRC - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe ()
PRC - C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe ()
PRC - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe ()
PRC - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ACK-270U\MMKEYBD.EXE (Dritek System Inc.)
PRC - C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Luis Ramentas\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AvidStartup) -- C:\WINDOWS\System32\AvidStartup.exe File not found
SRV - (DomainService) -- C:\WINDOWS\System32\qnhpgplv.exe ( )
SRV - (AvidSDMService) -- C:\WINDOWS\system32\AvidSDMService.exe (Avid Technology, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (navapsvc) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (SBService) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation)
SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SAVScan) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (ewido security suite guard) -- C:\Program Files\ewido\security suite\ewidoguard.exe (ewido networks)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (ISSVC) -- C:\Program Files\Norton Internet Security\ISSVC.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ewido security suite control) -- C:\Program Files\ewido\security suite\ewidoctrl.exe (ewido networks)
SRV - (maya70docserver) -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe ()
SRV - (Belkin 54g Wireless USB Network Adapter Service) -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe ()
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (DS1410D) -- C:\WINDOWS\System32\drivers\DS1410D.SYS File not found
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20071220.001\symidsco.sys (Symantec Corporation)
DRV - (Serial) -- C:\WINDOWS\system32\drivers\AvidXPSerial.sys ()
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Flamethrower) -- C:\WINDOWS\system32\drivers\Flamethrower.sys (Avid Technology, Inc.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060705.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060705.018\NAVENG.SYS (Symantec Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (SAVRTPEL) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (ewido security suite driver) -- C:\Program Files\ewido\security suite\guard.sys ()
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (bkn50USB) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (IdeChnDr) Intel® -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys (Intel Corporation)
DRV - (IdeBusDr) -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys (Intel Corporation)
DRV - (UdfReadr) -- C:\WINDOWS\System32\drivers\udfreadr.sys (Adaptec)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2007/12/05 14:50:09 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (no name) - {1b6f2bf5-4098-4459-b4b8-323ff3372790} - C:\WINDOWS\system32\ycsprmsf.dll ()
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {92C2B262-D0A5-45B9-8280-E31E1B0B488E} - C:\WINDOWS\system32\jkhff.dll ()
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (no name) - {ABB68206-5154-47D3-ABC5-611C1658ABA0} - C:\WINDOWS\System32\rqrqqqq.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O4 - HKLM..\Run: [18140b37] C:\WINDOWS\System32\jipjgsxy.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Multimedia Keyboard] C:\Program Files\ACK-270U\MMKEYBD.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PRISMSVR.EXE] C:\WINDOWS\System32\PRISMSVR.EXE File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Seto] C:\DOCUME~1\LUISRA~1\APPLIC~1\FNTS~1\dllhost.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Luis Ramentas\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1096476092123 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1140900989750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...-130_02-win.cab (Java Plug-in 1.3.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E19F9331-3110-11d4-991C-005004D3B3DB} http://java.sun.com/...-130_02-win.cab (Java Plug-in 1.3.0_02)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido\security suite\shellhook.dll ()
O28 - HKLM ShellExecuteHooks: {ABB68206-5154-47D3-ABC5-611C1658ABA0} - C:\WINDOWS\System32\rqrqqqq.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkhff.dll) - C:\WINDOWS\system32\jkhff.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/24 14:11:36 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/05 08:13:08 | 000,000,103 | RHS- | M] () - F:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5c6154d0-142a-11df-bfeb-d0c672570c32}\Shell\AutoRun\command - "" = wscript.exe jargon.vbs
O33 - MountPoints2\{5c6154d0-142a-11df-bfeb-d0c672570c32}\Shell\Open\Command - "" = wscript.exe jargon.vbs
O33 - MountPoints2\{bb549cb4-77de-11dd-bf8b-f86a9dc31560}\Shell\AutoRun\command - "" = wscript.exe jargon.vbs
O33 - MountPoints2\{bb549cb4-77de-11dd-bf8b-f86a9dc31560}\Shell\Open\Command - "" = wscript.exe jargon.vbs
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/29 23:08:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luis Ramentas\Desktop\OTL.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/29 23:12:46 | 000,001,094 | -HS- | M] () -- C:\WINDOWS\System32\ffhkj.ini2
[2010/07/29 23:12:44 | 000,001,094 | -HS- | M] () -- C:\WINDOWS\System32\ffhkj.ini
[2010/07/29 23:08:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/29 23:07:14 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/29 23:06:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/29 23:05:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/29 23:05:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/29 23:04:26 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Luis Ramentas\NTUSER.DAT
[2010/07/29 23:04:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Luis Ramentas\ntuser.ini
[2010/07/29 22:30:36 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Luis Ramentas\Desktop\n3s5drmc.exe
[2010/07/29 22:27:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luis Ramentas\Desktop\OTL.exe
[2010/07/22 01:15:12 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PTPublisher.lnk
[2010/07/21 21:56:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/21 20:25:03 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Luis Ramentas\Adobe Encore DVD_VUI.pref
[2010/07/21 05:06:56 | 000,994,059 | -HS- | M] () -- C:\WINDOWS\System32\yxsgjpij.ini2
[2010/07/21 05:06:34 | 000,063,558 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/29 23:08:46 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Luis Ramentas\Desktop\n3s5drmc.exe
[2008/03/01 20:27:58 | 000,994,059 | -HS- | C] () -- C:\WINDOWS\System32\yxsgjpij.ini2
[2008/01/20 11:11:28 | 000,078,400 | ---- | C] () -- C:\WINDOWS\System32\ycsprmsf.dll
[2008/01/20 11:08:30 | 000,993,999 | -HS- | C] () -- C:\WINDOWS\System32\yxsgjpij.ini
[2008/01/20 11:08:28 | 000,087,104 | ---- | C] () -- C:\WINDOWS\System32\jipjgsxy.dll
[2008/01/17 23:39:55 | 000,078,400 | ---- | C] () -- C:\WINDOWS\System32\syfrpcdf.dll
[2008/01/17 23:36:57 | 000,992,139 | -HS- | C] () -- C:\WINDOWS\System32\ckuesngi.ini
[2008/01/07 00:15:38 | 000,078,400 | ---- | C] () -- C:\WINDOWS\System32\nddeublp.dll
[2008/01/07 00:12:40 | 000,992,019 | -HS- | C] () -- C:\WINDOWS\System32\bpsxidhb.ini
[2008/01/06 23:12:40 | 000,991,899 | -HS- | C] () -- C:\WINDOWS\System32\fjrngroe.ini
[2008/01/06 23:09:38 | 000,078,400 | ---- | C] () -- C:\WINDOWS\System32\qfluatni.dll
[2008/01/06 22:09:40 | 000,991,839 | -HS- | C] () -- C:\WINDOWS\System32\mdmgxqif.ini
[2008/01/06 22:06:38 | 000,078,400 | ---- | C] () -- C:\WINDOWS\System32\rcclkwmh.dll
[2008/01/05 18:39:20 | 000,991,779 | -HS- | C] () -- C:\WINDOWS\System32\udlniklw.ini
[2008/01/03 22:29:03 | 000,991,659 | -HS- | C] () -- C:\WINDOWS\System32\vwuaritl.ini
[2008/01/03 21:25:54 | 000,991,539 | -HS- | C] () -- C:\WINDOWS\System32\ajvukqbk.ini
[2008/01/01 22:44:38 | 000,991,419 | -HS- | C] () -- C:\WINDOWS\System32\dwhcykwq.ini
[2008/01/01 21:47:37 | 000,078,400 | ---- | C] () -- C:\WINDOWS\System32\sgidstgn.dll
[2008/01/01 21:44:45 | 000,991,299 | -HS- | C] () -- C:\WINDOWS\System32\xcppvulo.ini
[2008/01/01 21:41:45 | 000,991,239 | -HS- | C] () -- C:\WINDOWS\System32\iyptylic.ini
[2008/01/01 20:44:38 | 000,991,179 | -HS- | C] () -- C:\WINDOWS\System32\masnwbgc.ini
[2008/01/01 20:41:43 | 000,078,400 | ---- | C] () -- C:\WINDOWS\System32\hocyyovo.dll
[2007/12/22 15:16:49 | 000,991,119 | -HS- | C] () -- C:\WINDOWS\System32\iwnxjltg.ini
[2007/12/22 15:13:30 | 000,078,400 | ---- | C] () -- C:\WINDOWS\System32\hafgkore.dll
[2007/12/20 21:02:18 | 000,987,454 | -HS- | C] () -- C:\WINDOWS\System32\pgqvtvqu.ini
[2007/12/19 22:15:54 | 000,000,533 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2007/12/19 19:09:17 | 000,992,887 | -HS- | C] () -- C:\WINDOWS\System32\fboywlwa.ini
[2007/12/18 08:37:59 | 000,981,448 | -HS- | C] () -- C:\WINDOWS\System32\nfnisqnn.ini
[2007/12/17 08:27:26 | 000,971,189 | -HS- | C] () -- C:\WINDOWS\System32\kaolqfvj.ini
[2007/12/15 14:28:17 | 000,971,129 | -HS- | C] () -- C:\WINDOWS\System32\bylpxlqu.ini
[2007/12/13 19:29:39 | 000,934,158 | -HS- | C] () -- C:\WINDOWS\System32\jnntidnj.ini
[2007/12/12 19:28:41 | 000,916,893 | -HS- | C] () -- C:\WINDOWS\System32\fjofqbkn.ini
[2007/12/11 19:25:35 | 000,912,962 | -HS- | C] () -- C:\WINDOWS\System32\ahgvraob.ini
[2007/12/10 19:17:33 | 000,858,824 | -HS- | C] () -- C:\WINDOWS\System32\mmeirutr.ini
[2007/12/07 18:35:30 | 000,001,094 | -HS- | C] () -- C:\WINDOWS\System32\ffhkj.ini2
[2007/12/07 18:35:30 | 000,001,094 | -HS- | C] () -- C:\WINDOWS\System32\ffhkj.ini
[2007/12/07 18:35:27 | 000,339,552 | ---- | C] () -- C:\WINDOWS\System32\jkhff.dll
[2007/12/06 18:23:03 | 000,006,608 | -HS- | C] () -- C:\WINDOWS\System32\bbeeg.ini2
[2007/12/06 18:23:02 | 000,006,608 | -HS- | C] () -- C:\WINDOWS\System32\bbeeg.ini
[2007/12/05 21:41:30 | 000,006,537 | -HS- | C] () -- C:\WINDOWS\System32\jjllm.ini2
[2007/12/05 21:41:29 | 000,006,739 | -HS- | C] () -- C:\WINDOWS\System32\jjllm.ini
[2007/12/05 20:23:09 | 000,006,661 | -HS- | C] () -- C:\WINDOWS\System32\nqstv.ini
[2007/12/05 20:23:09 | 000,006,609 | -HS- | C] () -- C:\WINDOWS\System32\nqstv.ini2
[2007/12/05 19:02:01 | 000,006,670 | -HS- | C] () -- C:\WINDOWS\System32\ihhkj.ini2
[2007/12/05 19:02:01 | 000,006,670 | -HS- | C] () -- C:\WINDOWS\System32\ihhkj.ini
[2007/12/04 21:34:12 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/04 20:49:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\gjkkj.ini2
[2007/12/04 20:48:55 | 000,433,167 | -HS- | C] () -- C:\WINDOWS\System32\gjkkj.ini
[2007/12/04 20:43:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fcccdcy.dll
[2007/10/03 20:06:34 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/10/03 20:05:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/07/05 13:46:10 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2007/07/05 13:46:02 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2007/07/05 13:46:02 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2007/05/30 17:57:17 | 000,016,264 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/10 17:29:51 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/02/08 14:54:54 | 001,728,606 | ---- | C] () -- C:\WINDOWS\System32\libmmdd.dll
[2007/02/08 14:40:15 | 001,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2006/12/03 13:41:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/05/27 18:27:31 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/05/27 18:27:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/03/17 22:07:57 | 000,000,006 | ---- | C] () -- C:\WINDOWS\dcstds3.dll
[2006/03/17 14:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/17 14:16:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/17 14:16:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/15 22:39:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/04 02:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2005/11/24 22:28:13 | 000,004,803 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/17 19:52:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/09/17 19:32:35 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2005/07/14 19:49:44 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/07/14 19:49:44 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/07/14 19:48:31 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/07/12 20:28:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2005/07/12 20:28:32 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/04/21 21:49:42 | 000,000,074 | -H-- | C] () -- C:\WINDOWS\YNNHOJED.DLL
[2005/02/06 17:50:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/01/02 21:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2004/11/30 23:16:03 | 000,005,123 | ---- | C] () -- C:\WINDOWS\BorisRED2.5.ini
[2004/11/30 22:50:45 | 000,700,416 | R--- | C] () -- C:\WINDOWS\System32\omfToolkit.dll
[2004/11/19 23:33:16 | 000,001,915 | ---- | C] () -- C:\WINDOWS\BorisFXLtd6.1.ini
[2004/10/26 15:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/28 08:52:47 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/09/28 08:52:47 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004/09/24 14:28:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/09/24 14:23:15 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/09/24 14:23:15 | 000,003,275 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/08/04 00:56:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/04/23 17:46:19 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\Look Suite.win.dll
[2003/11/17 10:33:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/11/17 10:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2001/12/27 16:07:14 | 000,006,925 | ---- | C] () -- C:\WINDOWS\System32\LANGMONI.DLL
[2001/08/18 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2005/01/02 20:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2007/07/08 19:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PTI
[2008/08/03 23:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2006/05/10 19:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/11/06 18:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luis Ramentas\Application Data\Image Zone Express
[2007/01/13 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luis Ramentas\Application Data\NetMedia Providers
[2006/05/10 21:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luis Ramentas\Application Data\Opera
[2007/02/08 14:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luis Ramentas\Application Data\PACE Anti-Piracy
[2007/09/25 19:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luis Ramentas\Application Data\Printer Info Cache
[2007/01/13 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luis Ramentas\Application Data\Publish Providers
[2007/01/13 17:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luis Ramentas\Application Data\Sony
[2005/10/10 21:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luis Ramentas\Application Data\Ulead Systems(2)
[2007/09/12 21:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luis Ramentas\Application Data\uTorrent
[2010/07/29 23:08:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/01/27 03:16:41 | 000,003,300 | ---- | M] () -- C:\1347968.vpc
[2008/08/05 19:46:07 | 000,003,300 | ---- | M] () -- C:\1741984.vpc
[2008/02/05 10:03:36 | 000,003,300 | ---- | M] () -- C:\3642703.vpc
[2007/12/04 20:46:33 | 000,000,002 | ---- | M] () -- C:\403966872
[2008/02/03 11:05:45 | 000,003,300 | ---- | M] () -- C:\5334546.vpc
[2007/05/16 14:40:19 | 000,003,300 | ---- | M] () -- C:\747593.vpc
[2006/03/28 23:19:41 | 002,327,233 | ---- | M] ( ) -- C:\audacity-win-1.2.4b.exe
[2004/09/24 14:11:36 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2006/12/06 19:21:13 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/09/24 14:11:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/09/27 21:06:06 | 062,651,176 | ---- | M] (Macromedia ) -- C:\Dreamweaver8-en.exe
[2005/09/27 21:16:16 | 092,828,160 | ---- | M] (Macromedia, Inc. ) -- C:\Fireworks8-en.exe
[2005/09/27 20:51:35 | 113,060,248 | ---- | M] (Macromedia ) -- C:\Flash8-en.exe
[2005/10/17 21:36:00 | 011,693,024 | ---- | M] (InstallShield Software Corporation) -- C:\GoogleEarthSetup.exe
[2008/08/09 16:44:49 | 001,154,709 | ---- | M] () -- C:\Install
[2004/09/24 14:11:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/09/08 20:41:05 | 034,211,008 | ---- | M] (Apple Computer, Inc. ) -- C:\iTunesSetup.exe
[2006/03/28 23:21:32 | 000,614,943 | ---- | M] () -- C:\lame-3.96.1.zip
[2006/02/25 14:46:13 | 012,580,696 | ---- | M] (Microsoft Corporation) -- C:\mm20enu.exe
[2005/08/09 16:29:44 | 012,754,672 | ---- | M] (Microsoft Corporation) -- C:\MP10Setup.exe
[2004/09/24 14:11:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/07/14 01:46:53 | 035,604,792 | ---- | M] () -- C:\NISAS05ENG.exe
[2005/11/20 12:44:40 | 000,000,282 | ---- | M] () -- C:\npr7092.smil
[2004/09/29 09:28:16 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/09/29 09:28:16 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/29 23:05:14 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2007/12/04 20:44:11 | 000,057,856 | ---- | M] () -- C:\pgdxf.exe
[2005/07/15 07:28:42 | 000,000,406 | ---- | M] () -- C:\smitfiles.txt
[2006/01/05 21:56:05 | 000,355,178 | ---- | M] () -- C:\Vidprop.exe
[2008/01/01 20:43:37 | 000,006,657 | ---- | M] () -- C:\w.exe

< %systemroot%\system32\*.dll /lockedfiles >
[2007/12/07 18:35:29 | 000,339,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\jkhff.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/09/24 06:43:24 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/09/24 06:43:24 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/09/24 06:43:24 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll

========== Files - Unicode (All) ==========
[2007/12/05 14:50:17 | 000,000,000 | ---D | M](C:\Documents and Settings\Luis Ramentas\Application Data\F?nts) -- C:\Documents and Settings\Luis Ramentas\Application Data\Fοnts
[2007/12/05 14:50:17 | 000,000,000 | ---D | M](C:\Documents and Settings\Luis Ramentas\Application Data\F?nts) -- C:\Documents and Settings\Luis Ramentas\Application Data\Fοnts
[2007/12/04 20:44:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Luis Ramentas\Application Data\F?nts\F?nts) -- C:\Documents and Settings\Luis Ramentas\Application Data\Fοnts\Fοnts
(C:\Documents and Settings\Luis Ramentas\Application Data\F?nts) -- C:\Documents and Settings\Luis Ramentas\Application Data\Fοnts

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\w.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Install:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Luis Ramentas\Desktop\awkeygen.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Luis Ramentas\Desktop\AVSDVDPlayer.exe:SummaryInformation
< End of report >


OTL Extras logfile created on: 7/29/2010 11:10:07 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Luis Ramentas\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 600.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.61 Gb Total Space | 12.87 Gb Free Space | 18.22% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 36.00 Gb Free Space | 7.73% Space Free | Partition Type: NTFS
Drive E: | 223.58 Gb Total Space | 18.70 Gb Free Space | 8.37% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 2.27 Gb Free Space | 30.48% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUISAVID
Current User Name: Luis Ramentas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\system32\winav.exe" = %windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Sorenson Media\Sorenson Squeeze\Squeeze.exe" = C:\Program Files\Sorenson Media\Sorenson Squeeze\Squeeze.exe:*:Enabled:Sorenson Squeeze Application -- (Sorenson Media, Inc.)
"C:\Program Files\JavaSoft\JRE\1.3.0_02\bin\java.exe" = C:\Program Files\JavaSoft\JRE\1.3.0_02\bin\java.exe:*:Enabled:java -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\MAXON\CINEMA 4D R10\NET Render Client.exe" = C:\Program Files\MAXON\CINEMA 4D R10\NET Render Client.exe:*:Enabled:CINEMA 4D ® -- (MAXON Computer GmbH)
"C:\Program Files\MAXON\CINEMA 4D R10\NET Render Server.exe" = C:\Program Files\MAXON\CINEMA 4D R10\NET Render Server.exe:*:Enabled:CINEMA 4D ® -- (MAXON Computer GmbH)
"C:\DOCUME~1\LUISRA~1\LOCALS~1\Temp\win267.exe" = C:\DOCUME~1\LUISRA~1\LOCALS~1\Temp\win267.exe:*:Enabled:win267 -- File not found
"c:\windows\system32\lpld4.exe" = c:\windows\system32\lpld4.exe:*:Enabled:lpld4 -- File not found
"%windir%\system32\winav.exe" = %windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\trcclbvn.exe" = C:\WINDOWS\system32\trc
"C:\WINDOWS\system32\syrmagvt.exe" = C:\WINDOWS\system32\syr
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\hwdiypqh.exe" = C:\WINDOWS\system32\hwd
"C:\WINDOWS\system32\mtmjhcea.exe" = C:\WINDOWS\system32\mtm
"C:\WINDOWS\system32\qnhpgplv.exe" = C:\WINDOWS\system32\qnhphcea.exe -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{15CA0D1A-242F-4602-BC58-16CFD1B68DA9}_is1" = SureThing CD Labeler Primera Edition 5
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{27D117D8-ADC1-4BC3-BD3C-96BC07B90F61}" = Avid FilmScribe
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0
"{30D5D4BF-D869-4FAD-AFA3-5367C6EA8A99}" = Avid Codecs LE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4C2F216E-91A5-4340-9751-C0B6B9952FF4}" = Avid FX
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4EFCD8A9-0488-4BEA-9B11-D318F6F06D40}" = Avid Log Exchange
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{547D4265-AF45-42E9-A62A-C58182AA35B9}" = Sentinel Protection Installer 7.0.0
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{5F1788B3-C9CE-4BAD-8293-3B622DA643D1}" = Microsoft Windows Vista Upgrade Advisor
"{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}" = Adobe After Effects 6.5
"{6475E715-AD90-4FC5-879F-30C6DBDE1EDF}" = Avid MetaSyncPublisher
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7CCF4660-D2D5-49FC-96A2-643A39811550}" = Avid Xpress Pro
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{845AF1DD-3618-471F-9745-B1CD9378F669}" = Symantec SCSSDist MSI
"{87684482-BE03-4F86-999E-BA8A9FF18605}" = Avid MetaSyncManager
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88BFBE72-7E9C-4DED-AF1D-1245ACE3C213}" = Sorenson Squeeze
"{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{92739D63-7D7F-42DC-945B-3DFB80E40F56}" = AvidAfterEffectsEMP
"{92DFE3E1-88A2-427B-9D0C-141CF86A11FB}" = Boris Graffiti Ltd
"{9844A4E1-0C84-4A1A-B7EC-65BAABFBEF32}" = Avid EDL Manager
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{99B41A19-7FD5-4B0C-A2AB-1A065669F8A3}" = Maya 7.0
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 7.1
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CA0}" = Ulead DVD Workshop Trial
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AB0ABB51-62D4-4F7E-A054-F46D4BBA163C}" = Avid® 3D 2.1a
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C0F62AFB-ABC2-4979-B21B-148EEEA2B6BD}" = Avid DIO Runtime
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD60152B-9F50-4B91-97B0-85B19EFFFCF5}" = Boris FX Ltd
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D4A823CA-D124-456E-9A98-71544A928897}" = Sony ACID Music Studio 6.0b
"{D8F6834B-D5E7-4451-8681-B051ABD8561D}" = ccCommon
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E265B87E-C3E5-4338-9889-1579581BF280}" = Sonic ReelDVD
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F836B31F-4E5C-4DCB-88D7-6F9714B21D83}" = TMPGEnc DVD Author 1.5
"{FA899DA3-A494-4BB4-A739-B630B9892BFB}" = PTPublisher
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"{FF20F6D2-28E0-43FF-8A49-E69D07B12224}" = Belkin 54g USB Network Adapter
"Adaptec UDF Reader" = Adaptec UDF Reader
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Encore DVD 2.0" = Adobe Encore DVD 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Audacity_is1" = Audacity 1.2.4
"AVS DVD Player_is1" = AVS DVD Player version 1.6.1
"Boris RED 2.5" = RED for Avid AVX 1.5
"CINEMA 4D Release 10" = CINEMA 4D Release 10
"CleanUp!" = CleanUp!
"Cycore Effects" = Cycore Effects 1.0
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ewidosecuritysuite" = ewido security suite
"ExpressRip" = Express Rip Uninstall
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"Intelligent Assistant" = Intelligent Assistant
"JRE 1.3.0_02" = Java 2 Runtime Environment Standard Edition v1.3.0_02
"Keylight (1.0v4) for Adobe After Effects" = Keylight (1.0v4) for Adobe After Effects
"Knoll Light Factory 2" = Knoll Light Factory 2
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Magic Bullet Editors AVX" = Magic Bullet Editors AVX
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Multimedia Keyboard" = Multimedia Keyboard
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster v3.4
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2010 2:08:34 AM | Computer Name = LUISAVID | Source = Application Hang | ID = 1002
Description = Hanging application Adobe Encore DVD.exe, version 2.0.0.48678, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2010 4:49:03 AM | Computer Name = LUISAVID | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 7/16/2010 10:35:42 AM | Computer Name = LUISAVID | Source = Application Hang | ID = 1002
Description = Hanging application Adobe Encore DVD.exe, version 2.0.0.48678, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2010 11:45:10 AM | Computer Name = LUISAVID | Source = Application Hang | ID = 1002
Description = Hanging application Adobe Encore DVD.exe, version 2.0.0.48678, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/19/2010 10:57:18 PM | Computer Name = LUISAVID | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 7/20/2010 3:37:38 AM | Computer Name = LUISAVID | Source = Application Hang | ID = 1002
Description = Hanging application Adobe Encore DVD.exe, version 2.0.0.48678, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2010 3:43:59 AM | Computer Name = LUISAVID | Source = Application Hang | ID = 1002
Description = Hanging application Adobe Encore DVD.exe, version 2.0.0.48678, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2010 4:49:08 AM | Computer Name = LUISAVID | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 7/22/2010 5:15:06 AM | Computer Name = LUISAVID | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 7/22/2010 7:11:10 AM | Computer Name = LUISAVID | Source = Application Error | ID = 1000
Description = Faulting application stcd.exe, version 5.0.577.0, faulting module
dwwin.dll, version 2.1.577.0, fault address 0x000f93b5.

[ System Events ]
Error - 7/30/2010 1:52:55 AM | Computer Name = LUISAVID | Source = Application Popup | ID = 876
Description = Driver UdfReadr.SYS has been blocked from loading.

Error - 7/30/2010 1:53:02 AM | Computer Name = LUISAVID | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 7/30/2010 1:53:02 AM | Computer Name = LUISAVID | Source = Service Control Manager | ID = 7000
Description = The Avid Startup service failed to start due to the following error:
%%2

Error - 7/30/2010 1:53:55 AM | Computer Name = LUISAVID | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/30/2010 2:05:29 AM | Computer Name = LUISAVID | Source = Application Popup | ID = 876
Description = Driver UdfReadr.SYS has been blocked from loading.

Error - 7/30/2010 2:05:35 AM | Computer Name = LUISAVID | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 7/30/2010 2:05:35 AM | Computer Name = LUISAVID | Source = Service Control Manager | ID = 7000
Description = The Avid Startup service failed to start due to the following error:
%%2


< End of report >



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-30 08:30:28
Windows 5.1.2600 Service Pack 2
Running: n3s5drmc.exe; Driver: C:\DOCUME~1\LUISRA~1\LOCALS~1\Temp\uflyapog.sys


---- System - GMER 1.0.15 ----

SSDT 81755798 ZwConnectPort
SSDT \??\C:\Program Files\ewido\security suite\guard.sys ZwOpenProcess [0xEED6C68C]
SSDT \??\C:\Program Files\ewido\security suite\guard.sys ZwTerminateProcess [0xEED6C604]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F4F9416D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F4F93FC2

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF635F380, 0x22083D, 0xE8000020]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xBA197400, 0x5215E, 0xE0000020]
.protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".p" section [0xBA200820] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".p" section [0xBA200820]
.protect’’’’hardlockunknown last code section [0xBA200600, 0x54B9, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xBA200600, 0x54B9, 0xE0000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#29
kahdah
Posted 30 July 2010 - 03:39 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#30
Capriboy
Posted 31 July 2010 - 01:23 AM

Capriboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here's the Combofix report

ComboFix 10-07-30.02 - Luis Ramentas 07/30/2010 23:53:20.1.2 - x86
Running from: c:\documents and settings\Luis Ramentas\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Luis Ramentas\Start Menu\Programs\MalwareAlarm
C:\w.exe
c:\windows\cookies.ini
c:\windows\patch.exe
c:\windows\system32\ahgvraob.ini
c:\windows\system32\ajvukqbk.ini
c:\windows\system32\bbeeg.ini
c:\windows\system32\bbeeg.ini2
c:\windows\system32\bpsxidhb.ini
c:\windows\system32\bylpxlqu.ini
c:\windows\system32\ckuesngi.ini
c:\windows\system32\dwhcykwq.ini
c:\windows\system32\fboywlwa.ini
c:\windows\system32\ffhkj.ini
c:\windows\system32\ffhkj.ini2
c:\windows\system32\fjofqbkn.ini
c:\windows\system32\fjrngroe.ini
c:\windows\system32\gjkkj.ini
c:\windows\system32\gjkkj.ini2
c:\windows\system32\ihhkj.ini
c:\windows\system32\ihhkj.ini2
c:\windows\system32\iwnxjltg.ini
c:\windows\system32\iyptylic.ini
c:\windows\system32\jipjgsxy.dll
c:\windows\system32\jjllm.ini
c:\windows\system32\jjllm.ini2
c:\windows\system32\jkhff.dll
c:\windows\system32\jnntidnj.ini
c:\windows\system32\kaolqfvj.ini
c:\windows\system32\masnwbgc.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mdmgxqif.ini
c:\windows\system32\mmeirutr.ini
c:\windows\system32\nfnisqnn.ini
c:\windows\system32\nqstv.ini
c:\windows\system32\nqstv.ini2
c:\windows\system32\pgqvtvqu.ini
c:\windows\system32\udlniklw.ini
c:\windows\system32\vwuaritl.ini
c:\windows\system32\xcppvulo.ini
c:\windows\system32\ycsprmsf.dll
c:\windows\system32\yxsgjpij.ini
c:\windows\system32\yxsgjpij.ini2
c:\windows\system32\yxsgjpij.tmp
c:\windows\system32\drivers\WFTDriverLog.txt . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Service_DomainService


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 06:58 . 2010-07-31 06:58 -------- d-----w- c:\documents and settings\Luis Ramentas\Local Settings\Application Data\Help
2010-07-31 06:48 . 2010-07-31 06:48 452104 ----a-w- c:\documents and settings\Luis Ramentas\Application Data\Real\Update\setup3.12\setup.exe
2010-07-31 06:47 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 07:03 . 2005-07-14 08:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-31 07:02 . 2007-02-11 01:06 0 ----a-w- c:\windows\system32\drivers\WFTDriverLog.txt
2010-07-31 06:45 . 2005-10-02 00:44 -------- d-----w- c:\program files\Google
2010-07-31 06:44 . 2005-07-13 03:22 -------- d-----w- c:\program files\2Wire
2010-07-22 04:56 . 2007-09-05 07:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-08 05:23 . 2008-02-29 03:29 -------- d-----w- c:\documents and settings\Luis Ramentas\Application Data\U3
2005-09-15 03:45 . 2005-09-15 03:45 36868 -c--a-w- c:\program files\uninst-Lux.exe
2005-04-01 15:44 . 2005-04-01 15:44 12971 -c--a-w- c:\program files\uninstal.log
2007-05-31 00:57 . 2007-05-31 00:57 16264 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-17 7561216]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-06 48752]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-20 180269]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-05-06 22656]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-27 90112]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-02-15 61440]
"NvMediaCenter"="NvMCTray.dll" [2006-03-17 86016]
"Multimedia Keyboard"="c:\progra~1\ACK-270U\MMKeybd.EXE" [2001-09-13 98304]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI2"=diomidi.dll
"wave1"=Digi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"c:\\Program Files\\JavaSoft\\JRE\\1.3.0_02\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\MAXON\\CINEMA 4D R10\\NET Render Client.exe"=
"c:\\Program Files\\MAXON\\CINEMA 4D R10\\NET Render Server.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\windows\system32\qnhpgplv.exe"= c:\windows\system32\qnh

R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\rt2500usb.sys [2004-07-16 140416]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido\security suite\guard.sys [2004-11-22 3072]
S2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 Flamethrower;Flamethrower;c:\windows\system32\drivers\Flamethrower.sys [2006-12-04 464768]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - GUSVC
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

2008-09-13 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Luis Ramentas.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-05-06 22:47]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://sbc.yahoo.com/dsl
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{1b6f2bf5-4098-4459-b4b8-323ff3372790} - c:\windows\system32\ycsprmsf.dll
Toolbar-SITEguard - (no file)
HKCU-Run-Seto - c:\docume~1\LUISRA~1\APPLIC~1\FNTS~1\dllhost.exe
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-18140b37 - c:\windows\system32\jipjgsxy.dll
AddRemove-Boris RED 2.5 - c:\program files\Boris FX
AddRemove-HijackThis - c:\documents and settings\Luis Ramentas\Desktop\HijackThis.exe
AddRemove-PCFriendly - c:\program files\PCFriendly\inuninst.exe
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 00:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|’’’’"•€|ž»Ōw*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\\"

[HKEY_LOCAL_MACHINE\software\ShudderLTD\PSGuard\PSGuard\License*]
"Data"="InstallTime=1c58849:4d5874c0\0d\0aLastRunTime=1c58849:4d5874c0\0d\0a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\l3codeca.acm
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm

- - - - - - - > 'explorer.exe'(2160)
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\browselc.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\AvidSDMService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\ewido\security suite\ewidoctrl.exe
c:\program files\Alias\Maya7.0\docs\wrapper.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
c:\program files\Alias\Maya7.0\docs\jre\bin\java.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2010-07-31 00:15:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-31 07:15

Pre-Run: 13,402,456,064 bytes free
Post-Run: 21,807,415,296 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 6825E3326C6472503B919A215FF72B6C
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP