Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

OTL Fix

Started by spurta , Aug 04 2010 11:37 PM

Please log in to reply

#16
MariaCristina

Posted 20 August 2010 - 11:01 PM

Visiting Staff

Visiting Consultant
277 posts

Hello, spurta.

We need to submit a file to analysis, so you need to enable the viewing of hidden files and folders, as well as system files:

Go to My Computer, then click on menu Tools > Folder Options > View tab
Under the Hidden files and folders heading, select Show hidden files and folder

Uncheck: Hide file extensions for known file types option and Hide protected operating system files (recommended) options.

Click Yes to confirm.

Now, open Internet Explorer and visite this page: http://virscan.org/

Click on the browse button and navigate to the file listed in red below:

c:\windows\system32\winzvprt5.sys

Click on the Upload button
IIf a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the clipboard in your next reply.

Once you have done, you should undo the changes in Folder Options to hide system files.

Open notepad and copy/paste the text in the codebox below into it:

http://www.geekstogo.com/forum/topic/283653-otl-fix/page__gopid__1886122#entry1886122
Suspect::
c:\windows\system32\winzvprt5.sys

Folder::
c:\documents and settings\Spurta\Application Data\Ytuw
c:\documents and settings\Spurta\Application Data\Dele

DirLook::
c:\documents and settings\Spurta\c:\docume~1\Spurta\LOCALS~1\APPLIC~1\mpx

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply. Don't forget the VirScan results.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

#17
spurta

Posted 21 August 2010 - 06:51 PM

Member

Topic Starter
Member
18 posts

Here are the results.

Nothing from Virscan

VirSCAN.org Scanned Report :
Scanned time : 2010/08/22 08:34:10 (EST)
Scanner results: Scanners did not find malware!
File Name : winzvprt5.sys
File Size : 608 byte
File Type : data
MD5 : 9804db184de52b4c34428561be76fe01
SHA1 : d05b8d56cf0953ebdfeffc2bedca95da5e7cd27b
Online report : http://virscan.org/r...fe6c23bbe3.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.19 20100822050157 2010-08-22 4.82 -
AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 1.23 -
AntiVir 8.2.4.38 7.10.10.239 2010-08-20 0.26 -
Antiy 2.0.18 20100821.4955373 2010-08-21 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.01 -
Authentium 5.1.1 201008211717 2010-08-21 1.29 -
AVAST! 4.7.4 100821-0 2010-08-21 0.00 -
AVG 8.5.793 271.1.1/3086 2010-08-22 0.23 -
BitDefender 7.90123.6157624 7.33499 2010-08-22 4.39 -
ClamAV 0.96.1 11607 2010-08-21 0.00 -
Comodo 4.0 5799 2010-08-20 1.13 -
CP Secure 1.3.0.5 2010.08.21 2010-08-21 0.01 -
Dr.Web 5.0.2.3300 2010.08.22 2010-08-22 8.85 -
F-Prot 4.4.4.56 20100821 2010-08-21 1.25 -
F-Secure 7.02.73807 2010.08.21.01 2010-08-21 10.72 -
Fortinet 4.1.143 12.268 2010-08-21 0.10 -
GData 21.703/21.275 20100821 2010-08-21 7.84 -
ViRobot 20100821 2010.08.21 2010-08-21 0.37 -
Ikarus T3. 2010.08.21.76570 2010-08-21 4.93 -
JiangMin 13.0.900 2010.08.21 2010-08-21 1.29 -
Kaspersky 5.5.10 2010.08.21 2010-08-21 0.03 -
KingSoft 2009.2.5.15 2010.8.21.18 2010-08-21 0.68 -
McAfee 5400.1158 6081 2010-08-21 17.75 -
Microsoft 1.6103 2010.08.21 2010-08-21 5.24 -
Norman 6.05.11 6.05.00 2010-08-21 6.01 -
Panda 9.05.01 2010.08.16 2010-08-16 0.65 -
Trend Micro 9.120-1004 7.400.05 2010-08-21 0.02 -
Quick Heal 11.00 2010.08.21 2010-08-21 2.23 -
Rising 20.0 22.61.04.04 2010-08-20 0.23 -
Sophos 3.10.0 4.56 2010-08-22 4.12 -
Sunbelt 3.9.2432.2 6771 2010-08-21 12.39 -
Symantec 1.3.0.24 20100821.004 2010-08-21 0.23 -
nProtect 20100820.01 8830232 2010-08-20 9.25 -
The Hacker 6.5.2.1 v00352 2010-08-20 0.33 -
VBA32 3.12.14.0 20100819.1636 2010-08-19 2.97 -
VirusBuster 4.5.11.10 10.127.63/2044858 2010-08-22 2.34 -

And the ComboFix Log:

ComboFix 10-08-21.01 - Spurta 08/22/2010 9:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.491 [GMT 10:00]
Running from: c:\documents and settings\Spurta\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Spurta\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point

file zipped: c:\windows\system32\winzvprt5.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Spurta\Application Data\Dele
c:\documents and settings\Spurta\Application Data\Ytuw

.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-18 00:40 . 2010-08-18 00:40 -------- d-----r- c:\program files\Norton Support
2010-08-17 22:20 . 2010-08-17 22:20 -------- d-----w- c:\program files\ERUNT
2010-08-10 23:00 . 2010-01-21 02:35 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-08-10 14:31 . 2010-08-10 14:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Downloaded Installations
2010-08-10 14:30 . 2010-01-21 02:35 217136 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-08-10 14:30 . 2010-01-21 02:35 310320 ----a-w- c:\windows\system32\drivers\SymEFA.sys
2010-08-10 14:30 . 2010-01-21 02:35 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-08-10 14:30 . 2010-01-21 02:35 482432 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-08-10 14:30 . 2010-01-21 02:35 259632 ----a-w- c:\windows\system32\drivers\BHDrvx86.sys
2010-08-10 11:30 . 2010-08-10 11:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-10 09:57 . 2010-08-10 09:57 -------- d-----w- c:\documents and settings\Spurta\Application Data\SUPERAntiSpyware.com
2010-08-10 09:57 . 2010-08-10 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-10 09:56 . 2010-08-10 09:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-10 09:02 . 2010-08-10 09:02 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-08-10 08:15 . 2010-08-10 08:15 -------- d-----w- c:\program files\Telstra
2010-08-08 07:36 . 2010-08-08 07:36 78643200 --sha-w- C:\NRTPage.sys
2010-08-08 00:57 . 2010-08-08 00:57 -------- d-----w- c:\documents and settings\Spurta\Local Settings\Application Data\Symantec
2010-08-08 00:56 . 2010-08-10 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-08-08 00:56 . 2010-08-08 00:56 -------- d-----w- c:\documents and settings\Spurta\Local Settings\Application Data\Downloaded Installations
2010-08-08 00:55 . 2010-08-10 14:30 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-08 00:55 . 2010-08-18 10:41 -------- d-----w- c:\program files\Symantec
2010-08-08 00:55 . 2010-08-10 14:30 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-08 00:55 . 2010-08-08 01:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-08 00:54 . 2010-08-10 23:19 -------- d-----w- c:\windows\system32\drivers\N360
2010-08-08 00:54 . 2010-08-08 00:54 -------- d-----w- c:\program files\Norton 360 Premier Edition
2010-08-08 00:54 . 2010-08-08 00:54 -------- d-----w- c:\program files\Windows Sidebar
2010-08-08 00:54 . 2010-08-08 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-07 13:21 . 2010-08-08 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-08-07 13:21 . 2010-08-07 13:21 -------- d-----w- c:\program files\NortonInstaller
2010-08-02 11:04 . 2010-08-21 09:40 -------- d-----w- c:\documents and settings\Spurta\Application Data\Vso
2010-08-01 08:35 . 2010-08-01 08:35 -------- d-----w- c:\documents and settings\Spurta\Local Settings\Application Data\{79CBA0D9-FAF3-4C8C-8366-7A33BCB3C8D8}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 11:04 . 2007-07-02 09:35 -------- d-----w- c:\documents and settings\Spurta\Application Data\Skype
2010-08-21 10:45 . 2009-03-25 08:30 -------- d-----w- c:\documents and settings\Spurta\Application Data\skypePM
2010-08-14 23:45 . 2007-03-19 04:34 -------- d-----w- c:\program files\WinSCP3
2010-08-10 14:30 . 2010-08-08 00:55 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-10 14:30 . 2010-08-08 00:55 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-10 13:42 . 2009-12-02 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-10 13:42 . 2009-12-02 03:54 -------- d-----w- c:\documents and settings\Spurta\Application Data\Malwarebytes
2010-08-10 09:00 . 2007-02-14 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-08 09:06 . 2007-03-27 10:04 -------- d-----w- c:\program files\Alcohol Soft
2010-08-07 13:23 . 2008-02-14 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-08-01 10:31 . 2009-09-17 19:07 -------- d-----w- c:\documents and settings\Spurta\Application Data\vlc
2010-08-01 04:49 . 2008-02-25 11:30 10752 ----a-w- c:\windows\DCEBoot.exe
2010-07-23 02:12 . 2009-11-26 04:23 -------- d-----w- c:\program files\TexMakerX
2010-07-21 09:21 . 2008-05-19 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-14 05:24 . 2010-07-14 05:24 24 ----a-w- c:\windows\system32\config\systemprofile\Application Data\hwzypv.dat
2010-07-11 23:39 . 2009-11-27 09:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-04 12:44 . 2010-07-17 12:58 552960 ----a-r- C:\OTLPE.exe
2010-07-03 11:25 . 2010-02-15 02:49 -------- d-----w- c:\documents and settings\Spurta\Application Data\Apple Computer
2010-07-03 11:24 . 2010-02-15 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-02 04:40 . 2010-06-22 04:34 -------- d-----w- c:\program files\NCH Swift Sound
2010-07-02 04:37 . 2010-06-22 04:34 -------- d-----w- c:\documents and settings\Spurta\Application Data\NCH Swift Sound
2010-07-02 04:36 . 2010-06-22 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-07-02 04:09 . 2006-08-12 04:51 193064 ----a-w- c:\documents and settings\Spurta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-01 02:23 . 2008-01-16 00:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-01 02:20 . 2010-07-01 02:20 -------- d-----w- c:\program files\V1 Home 2.0
2010-06-23 03:19 . 2010-06-23 03:19 -------- d-----w- c:\documents and settings\Spurta\Application Data\Recordpad
2010-06-14 14:30 . 2005-08-15 20:40 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2008-02-29 11:26 . 2008-02-29 11:26 38 ----a-w- c:\program files\ITK-Scope.aliases
2008-02-29 11:26 . 2008-02-29 11:26 262144 ----a-w- c:\program files\ITK-Scope.exe
2008-02-29 11:26 . 2008-02-29 11:26 2095 ----a-w- c:\program files\ITK-Scope.ini
2006-06-07 04:40 . 2006-06-07 04:40 132848 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-03-20 06:55 . 2007-10-13 07:47 608 --sha-w- c:\windows\system32\winzvprt5.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Spurta\c:\docume~1\Spurta\LOCALS~1\APPLIC~1\mpx ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-3 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroCheck"=c:\windows\system32\\NeroCheck.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"dla"=c:\windows\system32\dla\tfswctrl.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"igfxtray"=c:\windows\system32\igfxtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Spurta\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\itunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"23913:TCP"= 23913:TCP:BitComet 23913 TCP
"23913:UDP"= 23913:UDP:BitComet 23913 UDP
"8809:TCP"= 8809:TCP:BitComet 8809 TCP
"8809:UDP"= 8809:UDP:BitComet 8809 UDP

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 4:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 4:41 AM 67656]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [8/11/2010 12:29 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2010 12:35 PM 102448]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [?]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\N360\0308000.029\BHDrvx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\BHDrvx86.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys [?]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100820.001\IDSXpx86.sys [8/21/2010 11:34 AM 331640]
S2 WinServ;TCP/IP;c:\documents and settings\Spurta\c:\docume~1\Spurta\LOCALS~1\APPLIC~1\mpx --> c:\documents and settings\Spurta\c:\docume~1\Spurta\LOCALS~1\APPLIC~1\mpx [?]
S3 ATHFMWDL;Wireless predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [3/10/2010 9:00 PM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [3/10/2010 9:00 PM 8320]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [10/3/2007 3:35 PM 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/27/2007 7:58 PM 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uxtuneup

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 04:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-27 02:44]
.
.
------- Supplementary Scan -------
.
uStart Page = https://osa.adfa.edu...change&reason=0
mStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Spurta\Application Data\Mozilla\Firefox\Profiles\gz3eafa1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Spurta\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: XULRunner: {CEF63772-71E0-49D8-BDD5-23E0AF9ECE7D} - c:\documents and settings\Spurta\Local Settings\Application Data\{CEF63772-71E0-49D8-BDD5-23E0AF9ECE7D}
FF - HiddenExtension: XULRunner: {79CBA0D9-FAF3-4C8C-8366-7A33BCB3C8D8} - c:\documents and settings\Spurta\Local Settings\Application Data\{79CBA0D9-FAF3-4C8C-8366-7A33BCB3C8D8}\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 10:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinServ]
"ImagePath"="c:\documents and settings\Spurta\c:\docume~1\Spurta\LOCALS~1\APPLIC~1\mpx"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1608)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(5376)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-22 10:26:25
ComboFix-quarantined-files.txt 2010-08-22 00:26
ComboFix2.txt 2010-08-18 07:58

Pre-Run: 11,552,903,168 bytes free
Post-Run: 11,557,240,832 bytes free

- - End Of File - - A03B906FF915DA8024EF52BFEBC7757F
Upload was successful

#18
MariaCristina

Posted 24 August 2010 - 09:16 PM

Visiting Staff

Visiting Consultant
277 posts

Hello, spurta.

Did you set the WinServ service to use some personal TCP/IP settings?

Do you know these folders listed in red bellow?

c:\documents and settings\Spurta\c:\docume~1\Spurta\LOCALS~1\APPLIC~1\mpx

Any idea why you have another C:\ folder and subfolders inside your profile folder?

Select these lines in red, right click on the selection and go to copy:

c:\documents and settings\Spurta\c:\*.* /s

Close ALL open windows and run OTL.exe

** Windows Vista and Windows 7 users:
Right click in OTL.exe, then click on Run as admin

Click on None button;
Right-click on any blank part under Custom Scans/Fixes then click on Paste
Click on Run Scan button.

Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, this time it will open just OTL.Txt. It is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here in a new reply.

#19
spurta

Posted 25 August 2010 - 04:23 PM

Member

Topic Starter
Member
18 posts

Maria,

I have not knowingly set individual IP addresses. I did have to run WinSockXP and another fix to get wireless access back on the laptop, which may have done something. I do not know the files you have highlighted either. Here is the OTL log.

OTL logfile created on: 8/26/2010 8:16:16 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Spurta\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 631.00 Mb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2058 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.44 Gb Total Space | 10.72 Gb Free Space | 15.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SPURTALAPTOP
Current User Name: Spurta
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/13 08:11:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spurta\Desktop\OTL.exe
PRC - [2010/07/20 03:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/21 12:35:49 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2008/05/19 18:59:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/06/13 20:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/10/31 13:21:58 | 000,200,704 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\Common Files\National Instruments\Security\nidmsrv.exe
PRC - [2006/10/31 13:21:52 | 000,057,344 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2006/10/31 13:21:44 | 000,049,152 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkads.exe
PRC - [2006/09/28 19:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/08/02 12:53:40 | 000,688,190 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2006/05/24 20:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/24 20:27:10 | 001,372,244 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe
PRC - [2006/04/06 16:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 18:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/02/06 15:46:42 | 000,049,152 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2005/04/02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2003/10/29 04:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/05/10 14:50:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/08/13 08:11:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spurta\Desktop\OTL.exe
MOD - [2010/01/21 12:35:45 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\asOEHook.dll
MOD - [2006/08/26 01:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 07:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WinServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\OpcEnum.exe -- (OpcEnum)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/26 11:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/21 12:35:49 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2008/05/19 18:59:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/02 18:39:35 | 000,307,968 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/02/27 12:15:14 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/10/31 13:21:58 | 000,200,704 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\Common Files\National Instruments\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2006/10/31 13:21:52 | 000,057,344 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2006/10/31 13:21:44 | 000,049,152 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2006/09/28 19:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/08/02 12:53:40 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)
SRV - [2006/04/06 16:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/06 15:46:42 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2005/04/02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - [2002/05/10 14:50:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\NETw3x32.sys -- (NETw3x32) Intel®
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Spurta\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ATHFMWDL.sys -- (ATHFMWDL)
DRV - [2010/08/11 00:30:48 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/09 19:57:34 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100825.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/09 19:57:34 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100825.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/08 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/08 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/06 03:15:40 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/23 02:53:20 | 000,104,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/21 13:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/01/21 12:35:49 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/01/21 12:35:49 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/01/21 12:35:49 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/01/21 12:35:49 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/01/21 12:35:30 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/01/21 12:35:30 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/01/02 03:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/30 10:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/12/30 10:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 10:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/12/30 10:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/12/30 10:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/07/10 17:51:34 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/01/23 08:49:08 | 000,037,664 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/10/03 15:35:52 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2007/01/30 12:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/28 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2006/11/15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/06/27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2006/05/24 20:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 20:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 20:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 20:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 20:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 20:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 19:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 19:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/04 11:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/10/14 10:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 10:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 10:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/21 22:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 22:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 22:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/12 19:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 07:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/10 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 01:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/02/13 11:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/12/16 18:13:02 | 000,034,297 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2003/10/15 17:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2002/02/05 18:30:42 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell....c=au&l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://osa.adfa.edu...change&reason=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: {CEF63772-71E0-49D8-BDD5-23E0AF9ECE7D}:1.9.1
FF - prefs.js..network.proxy.autoconfig_url: "http://www.unsw.adfa...u.au/proxy.pac"
FF - prefs.js..network.proxy.http: "harvest.adfa.edu.au"
FF - prefs.js..network.proxy.http_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/10 21:01:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CEF63772-71E0-49D8-BDD5-23E0AF9ECE7D}: C:\Documents and Settings\Spurta\Local Settings\Application Data\{CEF63772-71E0-49D8-BDD5-23E0AF9ECE7D} [2010/07/14 15:27:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{79CBA0D9-FAF3-4C8C-8366-7A33BCB3C8D8}: C:\Documents and Settings\Spurta\Local Settings\Application Data\{79CBA0D9-FAF3-4C8C-8366-7A33BCB3C8D8}\ [2010/08/01 18:35:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/08/11 19:19:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/24 14:04:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/22 13:27:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/10 21:01:08 | 000,000,000 | ---D | M]

[2008/09/01 14:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Mozilla\Extensions
[2007/09/04 11:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Mozilla\Firefox\Profiles\gz3eafa1.default\extensions
[2010/08/25 10:02:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/06 10:23:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2006/06/07 14:40:18 | 000,027,376 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
[2005/10/02 12:28:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/08/18 17:48:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (BitComet)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Spurta\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Spurta\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/23 10:57:35 | 000,000,109 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/23 11:25:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/18 10:40:05 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2010/08/18 09:07:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/18 09:03:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/18 09:03:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/18 09:03:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/18 09:03:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/18 08:42:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/18 08:21:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/18 08:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/18 08:19:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Spurta\Desktop\erunt_setup.exe
[2010/08/15 10:18:52 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Spurta\Desktop\TFC.exe
[2010/08/13 08:10:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Spurta\Desktop\OTL.exe
[2010/08/12 15:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\My Documents\relocation
[2010/08/12 06:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/08/11 09:00:09 | 000,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/08/11 00:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Downloaded Installations
[2010/08/11 00:30:42 | 000,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys
[2010/08/11 00:30:41 | 000,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndisv.sys
[2010/08/11 00:30:41 | 000,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndis.sys
[2010/08/11 00:30:40 | 000,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symfw.sys
[2010/08/11 00:30:40 | 000,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symids.sys
[2010/08/11 00:30:38 | 000,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymEFA.sys
[2010/08/11 00:30:37 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2010/08/11 00:30:36 | 000,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.sys
[2010/08/11 00:30:34 | 000,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\cchpx86.sys
[2010/08/11 00:30:33 | 000,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\BHDrvx86.sys
[2010/08/11 00:27:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0308000.029
[2010/08/10 21:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/10 21:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/10 21:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/10 19:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\Application Data\SUPERAntiSpyware.com
[2010/08/10 19:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/10 19:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/10 19:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\My Documents\Symantec
[2010/08/10 19:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/10 18:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Telstra
[2010/08/10 17:01:33 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Spurta\Desktop\WinsockxpFix.exe
[2010/08/08 10:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\Local Settings\Application Data\Symantec
[2010/08/08 10:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2010/08/08 10:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\Local Settings\Application Data\Downloaded Installations
[2010/08/08 10:55:31 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/08 10:55:30 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/08 10:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/08 10:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/08 10:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/08/08 10:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/08/08 10:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360 Premier Edition
[2010/08/08 10:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/08/07 23:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/07 23:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/08/05 19:39:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/05 12:59:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Spurta\Recent
[2010/08/02 21:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\Application Data\Vso
[2010/08/01 18:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\Local Settings\Application Data\{79CBA0D9-FAF3-4C8C-8366-7A33BCB3C8D8}
[2010/07/29 12:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\My Documents\SysEng
[2010/07/21 19:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\My Documents\eComm
[2010/07/20 14:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\Desktop\Images
[2010/07/17 22:58:56 | 000,552,960 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/07/17 22:57:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/14 15:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\Local Settings\Application Data\{CEF63772-71E0-49D8-BDD5-23E0AF9ECE7D}
[2010/07/01 12:22:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Data
[2010/07/01 12:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\V1 Home 2.0
[2010/06/23 13:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\My Documents\Recordpad
[2010/06/23 13:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\Application Data\Recordpad
[2010/06/22 14:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/22 14:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/06/22 14:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/06/22 14:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\Application Data\NCH Swift Sound
[2010/06/22 13:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/22 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/22 13:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/17 17:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spurta\Application Data\Facebook
[2 C:\Documents and Settings\Spurta\My Documents\*.tmp files -> C:\Documents and Settings\Spurta\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/26 08:00:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/08/24 10:44:51 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Spurta\Desktop\Microsoft Office Word 2003.lnk
[2010/08/23 21:27:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/23 21:26:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/23 21:26:05 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 21:26:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/23 12:57:33 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Spurta\ntuser.dat
[2010/08/22 12:26:24 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\Spurta\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 12:26:24 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/22 10:15:57 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/22 08:42:04 | 003,820,392 | R--- | M] () -- C:\Documents and Settings\Spurta\Desktop\ComboFix.exe
[2010/08/21 20:45:21 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/21 19:40:17 | 000,138,281 | ---- | M] () -- C:\Documents and Settings\Spurta\Application Data\vso_ts_preview.xml
[2010/08/19 08:34:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Spurta\ntuser.ini
[2010/08/18 17:48:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/18 09:07:53 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/08/18 08:49:55 | 001,156,474 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/08/18 08:20:33 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Spurta\Desktop\NTREGOPT.lnk
[2010/08/18 08:20:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Spurta\Desktop\ERUNT.lnk
[2010/08/18 08:19:57 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Spurta\Desktop\erunt_setup.exe
[2010/08/16 22:03:20 | 357,740,740 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\Uni Research.rar
[2010/08/15 10:18:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spurta\Desktop\TFC.exe
[2010/08/13 08:11:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spurta\Desktop\OTL.exe
[2010/08/11 08:57:41 | 000,002,076 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK
[2010/08/11 00:30:48 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/11 00:30:48 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/11 00:30:48 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/11 00:30:48 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/11 00:27:38 | 000,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNetV.inf
[2010/08/11 00:27:38 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/08/11 00:27:36 | 000,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\symnetv.cat
[2010/08/10 19:56:55 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/10 17:25:00 | 000,000,856 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/10 17:25:00 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/08/10 16:48:08 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Spurta\Desktop\WinsockxpFix.exe
[2010/08/09 12:35:06 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Spurta\Desktop\Shortcut to 20100808-003-v5i32.lnk
[2010/08/09 12:11:41 | 000,003,666 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\cc_20100809_121134.reg
[2010/08/08 17:36:55 | 078,643,200 | -HS- | M] () -- C:\NRTPage.sys
[2010/08/05 15:02:16 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\Spurta\Desktop\mbam-clean.exe
[2010/08/05 14:53:17 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/08/05 14:21:28 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Spurta\Desktop\iExplorer.exe.com
[2010/08/01 14:49:46 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2010/07/29 13:54:10 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Spurta\Copy of Entire Degree Assessment Results WAM Calculator.xls
[2010/07/23 12:12:24 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TexMakerX.lnk
[2010/07/21 11:03:56 | 000,257,536 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\ADS_temp.doc
[2010/07/21 09:22:49 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Spurta\My Documents\~$S_temp.doc
[2010/07/20 15:43:25 | 000,020,469 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\wristReferral.pdf
[2010/07/20 12:51:42 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\timetable Session2-2010.xls
[2010/07/17 21:09:33 | 000,074,916 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\Tiger Airways _ Itinerary.pdf
[2010/07/04 22:44:04 | 000,552,960 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/07/03 19:54:16 | 001,820,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/02 14:09:37 | 000,193,064 | ---- | M] () -- C:\Documents and Settings\Spurta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/01 12:24:28 | 000,011,684 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\cc_20100701_121341.reg
[2010/07/01 12:20:25 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\V1 Home 2.0.lnk
[2010/06/27 10:51:11 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/06/27 10:51:11 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/06/22 13:32:30 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/22 13:26:48 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/15 12:45:51 | 000,027,210 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\BigpondModemChat15Jun10.pdf
[2010/06/04 19:20:47 | 000,281,600 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\Mday.pub
[2010/06/04 17:38:07 | 000,141,012 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\rubyDeans.pdf
[2010/05/30 18:07:36 | 000,063,546 | ---- | M] () -- C:\Documents and Settings\Spurta\My Documents\aaronRubyDeans_3.pdf
[2010/05/28 11:42:51 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\Spurta\Application Data\AutoGK.ini
[2 C:\Documents and Settings\Spurta\My Documents\*.tmp files -> C:\Documents and Settings\Spurta\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/18 09:07:53 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/08/18 09:07:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/18 09:03:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/18 09:03:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/18 09:03:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/18 09:03:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/18 09:03:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/18 08:24:44 | 003,820,392 | R--- | C] () -- C:\Documents and Settings\Spurta\Desktop\ComboFix.exe
[2010/08/18 08:20:33 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Spurta\Desktop\NTREGOPT.lnk
[2010/08/18 08:20:33 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Spurta\Desktop\ERUNT.lnk
[2010/08/16 21:50:00 | 357,740,740 | ---- | C] () -- C:\Documents and Settings\Spurta\My Documents\Uni Research.rar
[2010/08/11 09:01:04 | 001,156,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/08/11 00:30:42 | 000,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.inf
[2010/08/11 00:30:41 | 000,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.cat
[2010/08/11 00:30:38 | 000,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.cat
[2010/08/11 00:30:38 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.inf
[2010/08/11 00:30:37 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.inf
[2010/08/11 00:30:36 | 000,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.cat
[2010/08/11 00:30:36 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.inf
[2010/08/11 00:30:35 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.cat
[2010/08/11 00:30:34 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.cat
[2010/08/11 00:30:34 | 000,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.inf
[2010/08/11 00:30:33 | 000,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.CAT
[2010/08/11 00:30:33 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.inf
[2010/08/11 00:27:38 | 000,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNetV.inf
[2010/08/11 00:27:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/08/11 00:27:36 | 000,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\symnetv.cat
[2010/08/10 19:56:55 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/10 16:46:34 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/09 12:35:06 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Spurta\Desktop\Shortcut to 20100808-003-v5i32.lnk
[2010/08/09 12:11:37 | 000,003,666 | ---- | C] () -- C:\Documents and Settings\Spurta\My Documents\cc_20100809_121134.reg
[2010/08/08 17:36:55 | 078,643,200 | -HS- | C] () -- C:\NRTPage.sys
[2010/08/08 10:55:30 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/08 10:55:30 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/08 10:55:12 | 000,002,076 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK
[2010/08/05 18:44:17 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Spurta\Desktop\gmer.exe
[2010/08/05 15:02:36 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\Spurta\Desktop\mbam-clean.exe
[2010/08/05 14:25:42 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Spurta\Desktop\iExplorer.exe.com
[2010/07/21 09:22:49 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Spurta\My Documents\~$S_temp.doc
[2010/07/21 09:22:48 | 000,257,536 | ---- | C] () -- C:\Documents and Settings\Spurta\My Documents\ADS_temp.doc
[2010/07/20 15:43:25 | 000,020,469 | ---- | C] () -- C:\Documents and Settings\Spurta\My Documents\wristReferral.pdf
[2010/07/20 12:46:05 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Spurta\My Documents\timetable Session2-2010.xls
[2010/07/17 21:09:33 | 000,074,916 | ---- | C] () -- C:\Documents and Settings\Spurta\My Documents\Tiger Airways _ Itinerary.pdf
[2010/07/01 12:24:17 | 000,011,684 | ---- | C] () -- C:\Documents and Settings\Spurta\My Documents\cc_20100701_121341.reg
[2010/07/01 12:20:25 | 000,001,655 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\V1 Home 2.0.lnk
[2010/06/22 13:30:40 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/22 13:26:48 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/15 12:45:51 | 000,027,210 | ---- | C] () -- C:\Documents and Settings\Spurta\My Documents\BigpondModemChat15Jun10.pdf
[2010/06/04 17:38:06 | 000,141,012 | ---- | C] () -- C:\Documents and Settings\Spurta\My Documents\rubyDeans.pdf
[2010/05/30 18:07:36 | 000,063,546 | ---- | C] () -- C:\Documents and Settings\Spurta\My Documents\aaronRubyDeans_3.pdf
[2009/01/26 07:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/09 09:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/22 13:44:13 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/24 17:20:31 | 000,009,279 | ---- | C] () -- C:\WINDOWS\AmvTransform.ini
[2008/11/24 17:20:31 | 000,008,913 | ---- | C] () -- C:\WINDOWS\fwupgrade.ini
[2008/11/24 17:20:31 | 000,008,157 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2008/11/24 17:20:31 | 000,007,454 | ---- | C] () -- C:\WINDOWS\Disktool.INI
[2008/11/24 17:20:31 | 000,003,677 | ---- | C] () -- C:\WINDOWS\SoundCon.INI
[2008/11/24 17:20:31 | 000,000,170 | ---- | C] () -- C:\WINDOWS\settings.ini
[2008/07/07 17:04:58 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008/06/18 13:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/26 23:25:10 | 000,002,691 | ---- | C] () -- C:\WINDOWS\System32\CCProxy.ini
[2008/01/26 23:25:10 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\AccInfo.ini
[2007/11/14 08:15:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/10/13 17:47:29 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2007/09/02 09:30:56 | 000,000,146 | ---- | C] () -- C:\WINDOWS\Capture.INI
[2007/07/31 19:00:37 | 000,006,583 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2007/07/31 19:00:28 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2007/07/31 19:00:28 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2007/07/31 19:00:27 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2007/07/31 19:00:26 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2007/07/31 19:00:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2007/07/31 19:00:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2007/07/31 19:00:24 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2007/07/31 19:00:24 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2007/07/31 19:00:23 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2007/07/31 19:00:23 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2007/07/31 19:00:22 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2007/07/31 19:00:22 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2007/07/31 19:00:21 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2007/07/31 19:00:21 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2007/07/31 19:00:21 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2007/07/31 19:00:19 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2007/06/21 13:38:39 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/06/10 18:12:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/03/27 20:19:36 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007/02/18 10:50:38 | 000,000,099 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/02/02 19:07:23 | 000,000,283 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2006/11/28 10:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2006/09/24 15:28:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/07 19:27:57 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/08/20 21:14:09 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/14 22:28:12 | 000,000,443 | R--- | C] () -- C:\WINDOWS\hpw0460k.ini
[2006/08/14 22:27:26 | 000,000,426 | ---- | C] () -- C:\WINDOWS\hpdj460.ini
[2006/08/14 22:26:36 | 000,001,564 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2006/08/14 22:26:29 | 000,000,606 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/08/03 21:50:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/03 21:40:30 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/03 21:01:07 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/08/03 20:58:02 | 000,000,435 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/12 13:46:20 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2006/05/24 20:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 12:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 14:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 14:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/16 08:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2007/06/07 21:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/02/08 08:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Altium2004
[2008/09/08 11:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AltiumDesigner6
[2009/03/25 22:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AltiumDesigner6_Security
[2010/02/08 09:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AltiumDesignerSummer08
[2009/04/02 13:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AltiumDesignerSummer08_Security
[2007/10/30 16:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007/06/19 18:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7(2)
[2009/08/18 13:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/07/10 18:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/02/03 13:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/07/16 11:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2010/07/02 14:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/04/16 07:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/08/18 14:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
[2010/03/10 20:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009/08/18 13:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/16 07:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/11/20 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/03/07 17:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2006/08/12 14:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/07/03 19:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/02 18:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/07/03 13:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/08/14 22:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/10/04 20:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/06/22 13:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/15 12:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/11 00:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2010/02/24 21:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\AnvSoft
[2009/11/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\benibela
[2007/02/22 14:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\BitTorrent
[2009/07/10 18:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\DAEMON Tools Lite
[2010/06/17 17:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Facebook
[2007/12/09 09:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Image Zone Express
[2006/08/09 17:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Leadertech
[2007/08/11 21:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\MSNInstaller
[2010/07/02 14:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\NCH Swift Sound
[2006/08/12 14:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\NetMedia Providers
[2010/04/16 07:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Nokia
[2010/04/16 07:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Nokia Ovi Suite
[2010/04/16 07:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\PC Suite
[2006/08/12 14:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Publish Providers
[2010/06/23 13:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Recordpad
[2006/08/12 14:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Sony
[2006/08/10 19:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Template
[2008/03/02 18:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\TuneUp Software
[2008/07/03 13:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Ubisoft
[2008/08/15 20:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Ulead Systems
[2010/08/21 19:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\Vso
[2009/09/02 21:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spurta\Application Data\xm1
[2010/08/26 08:00:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========

========== Custom Scans ==========

< c:\documents and settings\Spurta\c:\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
< End of report >

#20
josue1120

Posted 25 August 2010 - 04:40 PM

New Member

Member
4 posts

Edited by josue1120, 25 August 2010 - 04:50 PM.

#21
MariaCristina

Posted 26 August 2010 - 05:21 PM

Visiting Staff

Visiting Consultant
277 posts

Hello, spurta.

Select these lines in red bellow, then right-click on the selection and go to copy:

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
SRV - File not found [Auto | Stopped] -- -- (WinServ)

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Run OTL.exe

** Windows Vista and Windows 7 users:
Right-click on the file then choose Run as admin option.

Right-click on any blank part under Custom Scans/Fixes then click on Paste

Close ALL open windows except OTL.

Click on Run Fix button.

The tool will run the script and will ask to reboot your system. Allow it.

When back into Windows, OTL will be automatically ran. Allow it, if asked.

A notepad window will be shown, with some data.
Copy ALL (edit > select all > copy) its contents and paste here in a new reply.

This log would be saved in C:\_OTL\MovedFiles folder, named as date_time.log.

Eg: 03142010_145545.log

Next:

Please, download Kaspersky AVP Tool from one of these two links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

Save it in your desktop.

Double-click the file and follow the prompts. Once it finish, open the folder Virus Removal Tool. It will be created in the same directory where you saved the setup file.

To run the tool, just double-click its shortcut Posted Image

Make sure these options are checked:

Computer
Local Disk (C:)

Also mark all the disks/removable drives that would/will appear under Local Disk, if exist.

Hit the Start button to begin the scan.

Be patient, it will take a while.

When the scan is complete, if it finds something it will ask you what to do. Click in Skip (we only want the log).

Note: Maybe you may have to click in Skip several times if the tool finds multiple files, so be patient. You may want to mark the checkbox "Apply to all objects", when you click in the "skip" option.

While running the scan, the button Scan will change to a red icon.

When the scan is complete, the button will change back to a green icon.

Click in Report button.

Then click the plus sign + next the last Autoscan from the list (the most recent), to expand it:

Posted Image

Click one time in Task Started to select it, hold the shift key and click in Task Completed to select this range.

Right-click in this selection, then click in Copy

Open Notepad, then go to menu Edit > paste

Name it as log.txt and save it in your desktop.

Copy all its contents and paste in your next reply. Don't forget the log from OTL fix.

After that, if you want to uninstall the tool:

Close all open windows and save all that you want.
Go to the folder Virus Removal Tool and run the file unins000.exe
Follow the prompts.

Your computer will be rebooted.