Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! Do not know if I'm clean...WIN XP user


  • Please log in to reply

#1
alternate

alternate

    Member

  • Member
  • PipPip
  • 83 posts
I performed the tasks outlined on the forum...But Antivir once in a while blocks threats without me visiting any suspicious sites...may be I'm still infected...here's my logs:
I cant complete the Gmer scan..its taking forever so I aborted.
OTL logfile created on: 10/13/2010 10:41:55 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 242.85 Gb Free Space | 81.47% Space Free | Partition Type: NTFS

Computer Name: DD3000 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/13 19:03:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/09/14 15:59:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/02 13:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/02/02 13:35:20 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/02/11 08:48:00 | 000,480,264 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2008/06/27 17:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/06/27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/13 19:03:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2004/08/04 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/01 19:13:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/05 15:03:53 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/02 13:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/02 13:35:20 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/06/27 17:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WN111v2.sys -- (WN111v2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/06/11 00:25:11 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/25 16:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/02/11 08:47:48 | 000,156,552 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mausbft.sys -- (MAUSBFT)
DRV - [2007/12/14 05:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/10/29 08:13:26 | 000,732,928 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/11/30 12:00:00 | 000,276,736 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SAA713x.sys -- (713xTVCard)
DRV - [2004/11/30 12:00:00 | 000,021,760 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WDMTuner.sys -- (WDMTVTuner)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 16:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/07/24 13:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 05:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...E-6ED84FE674D1}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Free TV Bar c3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.5.5
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: {F08C2212-0CB4-447A-AF86-8804668F7FD3}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AutocompletePro\[email protected] File not found
FF - HKLM\software\mozilla\Firefox\extensions\\{F08C2212-0CB4-447A-AF86-8804668F7FD3}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{F08C2212-0CB4-447A-AF86-8804668F7FD3} [2010/10/11 00:00:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/11 15:24:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/15 20:27:10 | 000,000,000 | ---D | M]

[2010/03/03 16:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/13 17:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions
[2010/08/17 19:37:51 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/06/17 00:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions\[email protected]
[2010/03/22 03:52:24 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\alot-search.xml
[2010/07/14 16:50:04 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\aol-search.xml
[2010/03/03 20:21:06 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\askcom.xml
[2010/06/11 00:29:27 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\bigseekpro.xml
[2010/05/14 17:37:13 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\bing.xml
[2010/06/21 20:29:48 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\conduit.xml
[2010/10/13 17:25:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 11:26:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 14:00:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 11:13:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/06/17 15:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/30 04:19:50 | 000,111,960 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npww.dll

O1 HOSTS File: ([2010/10/11 15:38:54 | 000,421,609 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14540 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/03 14:59:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: perfeset - (C:\WINDOWS\system32\automstp.dll) - C:\WINDOWS\System32\automstp.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JDCT - jl_jdct.drv File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/13 19:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/10/13 19:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/13 19:03:23 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/13 18:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2010/10/13 18:42:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/13 18:42:12 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/13 18:42:12 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/13 18:42:12 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/13 18:42:12 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/13 18:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/13 18:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/13 18:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/13 18:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/13 18:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/13 18:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/13 18:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/13 18:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/13 17:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/10/13 17:36:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/13 17:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/13 17:36:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/13 17:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/13 17:36:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 17:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/12 21:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\The.House.of.the.Devil.2009.LIMITED.BDRip.XviD-ESPiSE- [ www.torrentday.com ]
[2010/10/11 23:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/11 16:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/11 16:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/11 15:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/11 14:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/11 00:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/11 00:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/11 00:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{F08C2212-0CB4-447A-AF86-8804668F7FD3}
[2010/10/09 23:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\stretcher manual
[2010/10/09 22:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\MOV to AVI MPEG WMV Converter
[2010/10/09 22:19:06 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2010/10/07 14:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Mumford & Sons - Sigh No More (LE) [2009] NLT-Release
[2010/09/29 21:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Carbona
[2010/09/24 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Save Flash
[2010/09/24 12:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MY_FLASH
[2010/09/15 21:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/09/15 21:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2010/09/05 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/09/04 23:41:06 | 000,706,696 | ---- | C] (Vanguard Software Solutions, Inc.) -- C:\WINDOWS\vsslight.dll
[2010/09/04 23:41:06 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\vp6vfw.dll
[2010/09/04 23:41:06 | 000,421,888 | ---- | C] (Vanguard Software Solutions, Inc.) -- C:\WINDOWS\vssh264dec.dll
[2010/09/04 23:41:06 | 000,167,936 | ---- | C] (Vanguard Software Solutions, Inc.) -- C:\WINDOWS\vsswlt.dll
[2010/09/04 23:41:06 | 000,098,304 | ---- | C] (Vanguard Software Solutions, Inc.) -- C:\WINDOWS\vssh264.dll
[2010/09/04 23:41:06 | 000,093,184 | ---- | C] (Winnov) -- C:\WINDOWS\wnvwinx.dll
[2010/09/04 23:41:06 | 000,049,152 | ---- | C] (Vanguard Software Solutions, Inc.) -- C:\WINDOWS\vssh264core.dll
[2010/09/04 23:41:05 | 000,466,944 | ---- | C] (On2.com) -- C:\WINDOWS\vp4vfw.dll
[2010/09/04 23:41:05 | 000,424,960 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\msms001.vwp
[2010/09/04 23:41:05 | 000,422,912 | ---- | C] (Morgan Multimedia) -- C:\WINDOWS\m3jp2k32.dll
[2010/09/04 23:41:05 | 000,312,832 | ---- | C] (eMajix.com, Inc.) -- C:\WINDOWS\CLRVIDDC.DLL
[2010/09/04 23:41:05 | 000,307,200 | ---- | C] (Aware Inc.) -- C:\WINDOWS\icmw_32.dll
[2010/09/04 23:41:05 | 000,299,008 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\rt32dcmp.dll
[2010/09/04 23:41:05 | 000,135,168 | ---- | C] (Iterated Systems, Inc.) -- C:\WINDOWS\clrviddd.dll
[2010/09/04 23:41:05 | 000,122,880 | ---- | C] (Vivo Software) -- C:\WINDOWS\vivog723.acm
[2010/09/04 23:41:05 | 000,118,784 | ---- | C] (Alparysoft R&D Ltd.) -- C:\WINDOWS\aslcodec_dshow.dll
[2010/09/04 23:41:05 | 000,090,112 | ---- | C] (Image Power Inc.) -- C:\WINDOWS\jp2avi.dll
[2010/09/04 23:41:05 | 000,081,920 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\CtWbJpg.DLL
[2010/09/04 23:41:05 | 000,056,320 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\voxmsdec.ax
[2010/09/04 23:41:05 | 000,049,664 | ---- | C] (Netscape Communications) -- C:\WINDOWS\nsrt2432.acm
[2010/09/04 23:41:05 | 000,038,912 | ---- | C] (NCT Company) -- C:\WINDOWS\alf2cd.acm
[2010/09/04 23:41:05 | 000,034,304 | ---- | C] (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany) -- C:\WINDOWS\qpeg32.dll
[2010/09/04 23:41:04 | 000,454,656 | ---- | C] (Videosoft, Inc.) -- C:\WINDOWS\vsshdsd.dll
[2010/09/04 23:41:04 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\pncrt.dll
[2010/09/04 23:41:04 | 000,204,800 | ---- | C] (Espre Solutions Inc) -- C:\WINDOWS\lsvxdec.dll
[2010/09/04 23:41:04 | 000,155,648 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\vmnc.dll
[2010/09/04 23:41:04 | 000,092,160 | ---- | C] (Avid Technology, Inc) -- C:\WINDOWS\AvidQTAVUICodec.qtx
[2010/09/04 23:41:04 | 000,088,464 | ---- | C] (VDOnet Corp.) -- C:\WINDOWS\DECVW_32.DLL
[2010/09/04 23:41:04 | 000,082,432 | ---- | C] (VDOnet LTD..) -- C:\WINDOWS\vdowave.drv
[2010/09/04 23:41:04 | 000,076,800 | ---- | C] (VDOnet Corp.) -- C:\WINDOWS\VDODEC32.dll
[2010/09/04 23:41:04 | 000,057,344 | ---- | C] (Micronas Intermetall) -- C:\WINDOWS\mi-sc4.acm
[2010/09/04 23:41:03 | 000,211,968 | ---- | C] (SoftMedia) -- C:\WINDOWS\ViVD2.dll
[2010/09/04 23:41:02 | 000,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\vp7vfw.dll
[2010/09/04 23:41:02 | 000,225,280 | ---- | C] (Vivo Software) -- C:\WINDOWS\ivvideo.dll
[2010/09/04 23:29:09 | 004,255,744 | ---- | C] (Gabest) -- C:\Documents and Settings\Administrator\Desktop\mplayerc.exe
[2010/09/04 23:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2010/09/04 22:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
[2010/09/04 22:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2010/09/01 19:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/08/27 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Pricelist china
[2010/08/24 21:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/24 21:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Adobe.CS5.Keygen.Only.CORE-Deantjah
[2010/08/24 21:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/08/20 22:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Adobe CS5
[2010/08/20 22:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Resumes
[2010/08/20 21:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/08/20 21:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora
[2010/08/20 21:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Portable_Time_Stopper_v3.0
[2010/08/20 17:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hammertap
[2010/08/20 17:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\HammerTap v3.1.1011.38
[2010/08/17 19:52:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\aliedit
[2010/08/17 19:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\trademanager
[2010/08/16 16:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\bolsas
[2010/08/08 02:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WinAVI
[2010/08/08 02:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinAVI Video Converter
[2010/07/20 22:04:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/07/19 15:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2010/07/19 15:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2010/07/19 15:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/07/18 20:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/07/18 20:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/07/18 20:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/07/18 20:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/07/10 22:50:44 | 732,942,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\espise-xvid-thotd.avi
[2010/10/13 22:35:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/13 22:15:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-879983540-839522115-500UA.job
[2010/10/13 21:50:59 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-879983540-839522115-500.job
[2010/10/13 21:50:58 | 000,000,324 | -HS- | M] () -- C:\WINDOWS\tasks\Qgwuirybh.job
[2010/10/13 21:50:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/13 19:31:35 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/13 19:03:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/13 18:42:33 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/13 18:39:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/13 18:13:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/13 17:36:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 17:35:52 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/13 17:35:26 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/10/13 17:35:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/10/13 16:15:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-879983540-839522115-500Core.job
[2010/10/13 13:50:14 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/10/13 02:07:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/13 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DD3000-Administrator.job
[2010/10/13 01:44:57 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/12 21:58:27 | 000,042,146 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The.House.of.the.Devil.2009.HDTV.Xvid-SER.srt
[2010/10/11 19:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/11 15:38:54 | 000,421,609 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/11 12:53:18 | 000,000,093 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/11 11:18:46 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Fhovuyepiyij.dat
[2010/10/11 00:00:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hxahuxocacirisoh.bin
[2010/10/10 16:05:00 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\note for extender.rtf
[2010/10/09 23:58:35 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to movtoavi.lnk
[2010/10/09 23:03:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-879983540-839522115-500.job
[2010/10/09 22:32:29 | 000,104,960 | RHS- | M] () -- C:\WINDOWS\System32\dpnsvrf.dll
[2010/10/09 21:48:14 | 000,003,068 | ---- | M] () -- C:\Enlish.lng
[2010/10/09 20:17:14 | 000,003,890 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\power gym instructions.rtf
[2010/10/08 20:31:16 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Adobe GIF Format CS5 Prefs
[2010/10/07 00:38:16 | 012,515,760 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_2308.psd
[2010/10/06 21:13:06 | 020,907,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SAM SCOTT2.bmp
[2010/10/06 21:13:05 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Adobe BMP Format CS5 Prefs
[2010/10/06 21:12:43 | 003,555,506 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SAM SCOTT.jpg
[2010/10/06 20:47:23 | 020,907,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\8a11901f710f93a71ec4b0241f457bb6095acb7420100716-1.bmp
[2010/10/06 20:05:37 | 000,015,321 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\8a11901f710f93a71ec4b0241f457bb6095acb7420100716.pdf
[2010/10/02 10:24:36 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\plano de tel.rtf
[2010/09/30 17:42:45 | 000,004,380 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\amazon greet.rtf
[2010/09/15 22:33:36 | 000,003,890 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rosetta note2.rtf
[2010/09/15 20:27:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/15 20:27:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/10 20:00:34 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/04 00:59:04 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/08/30 03:07:40 | 010,855,821 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\order 56.5 kg.rtf
[2010/08/29 20:07:15 | 001,652,224 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MANS SEX TOY MOQ 1 CARTON USD EX-WORKS PRICE.xls
[2010/08/28 01:54:46 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Adobe Photoshop CS5.lnk
[2010/08/28 00:11:35 | 000,077,316 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\scouting.pdf
[2010/08/28 00:09:10 | 000,028,537 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\25Things.pdf
[2010/08/28 00:08:48 | 001,074,591 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SOTR.pdf
[2010/08/25 11:13:32 | 003,575,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/20 21:42:24 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk
[2010/08/16 23:15:47 | 000,003,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dropshippers.rtf
[2010/08/13 01:13:07 | 000,333,865 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2010-2011_Student_Calendar.pdf
[2010/08/09 21:05:21 | 000,829,990 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dahan instructions.rtf
[2010/08/08 02:14:49 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinAVI Video Converter .lnk
[2010/07/23 02:54:39 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gigs.rtf
[2010/07/18 20:48:29 | 000,000,025 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/13 20:02:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/10/13 18:42:33 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/13 17:36:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 17:35:52 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/13 17:35:26 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/10/13 17:35:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/10/12 21:56:03 | 732,942,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\espise-xvid-thotd.avi
[2010/10/12 21:44:01 | 000,042,146 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The.House.of.the.Devil.2009.HDTV.Xvid-SER.srt
[2010/10/11 12:53:18 | 000,000,093 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/10 16:05:00 | 000,002,340 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\note for extender.rtf
[2010/10/09 23:58:35 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to movtoavi.lnk
[2010/10/09 22:34:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/10/09 22:32:29 | 000,104,960 | RHS- | C] () -- C:\WINDOWS\System32\dpnsvrf.dll
[2010/10/09 22:32:29 | 000,000,324 | -HS- | C] () -- C:\WINDOWS\tasks\Qgwuirybh.job
[2010/10/09 21:46:05 | 000,003,068 | ---- | C] () -- C:\Enlish.lng
[2010/10/09 20:17:14 | 000,003,890 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\power gym instructions.rtf
[2010/10/06 21:48:24 | 012,515,760 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_2308.psd
[2010/10/06 21:13:03 | 020,907,896 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SAM SCOTT2.bmp
[2010/10/06 21:12:40 | 003,555,506 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SAM SCOTT.jpg
[2010/10/06 20:47:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe BMP Format CS5 Prefs
[2010/10/06 20:47:21 | 020,907,896 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\8a11901f710f93a71ec4b0241f457bb6095acb7420100716-1.bmp
[2010/10/06 20:05:37 | 000,015,321 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\8a11901f710f93a71ec4b0241f457bb6095acb7420100716.pdf
[2010/09/29 18:57:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Fhovuyepiyij.dat
[2010/09/29 18:57:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hxahuxocacirisoh.bin
[2010/09/15 20:27:13 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/15 20:27:13 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/06 17:11:44 | 000,003,890 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rosetta note2.rtf
[2010/09/04 23:41:05 | 000,225,280 | ---- | C] () -- C:\WINDOWS\qtmlClient.dll
[2010/09/04 23:41:04 | 000,573,440 | ---- | C] () -- C:\WINDOWS\tvqdec.dll
[2010/09/04 23:41:04 | 000,245,760 | ---- | C] () -- C:\WINDOWS\LCMW2.dll
[2010/09/04 23:41:04 | 000,076,800 | ---- | C] () -- C:\WINDOWS\BeHereiVideo.qtx
[2010/09/04 23:41:02 | 000,035,840 | ---- | C] () -- C:\WINDOWS\xanlib.dll
[2010/09/04 00:59:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/09/02 13:45:19 | 000,004,380 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\amazon greet.rtf
[2010/09/01 12:00:14 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-879983540-839522115-500.job
[2010/08/30 02:28:56 | 010,855,821 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\order 56.5 kg.rtf
[2010/08/29 19:45:18 | 001,652,224 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MANS SEX TOY MOQ 1 CARTON USD EX-WORKS PRICE.xls
[2010/08/28 01:54:46 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Adobe Photoshop CS5.lnk
[2010/08/28 00:11:34 | 000,077,316 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\scouting.pdf
[2010/08/28 00:09:10 | 000,028,537 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\25Things.pdf
[2010/08/28 00:08:45 | 001,074,591 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SOTR.pdf
[2010/08/24 21:43:54 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe GIF Format CS5 Prefs
[2010/08/24 21:33:17 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DD3000-Administrator.job
[2010/08/20 21:42:24 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk
[2010/08/16 23:15:47 | 000,003,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dropshippers.rtf
[2010/08/13 01:13:06 | 000,333,865 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2010-2011_Student_Calendar.pdf
[2010/08/08 02:14:49 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinAVI Video Converter .lnk
[2010/07/23 02:54:39 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gigs.rtf
[2010/07/18 20:48:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/18 20:47:40 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-879983540-839522115-500.job
[2010/07/14 19:18:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/06/10 11:13:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/04/25 21:54:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/22 12:23:27 | 001,147,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/22 01:54:58 | 000,964,890 | ---- | C] () -- C:\WINDOWS\System32\alleg42.dll
[2010/03/22 01:54:45 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\xobni_installer_updater.log
[2010/03/09 12:49:38 | 000,006,457 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\MSI3.1Logfile.log
[2010/03/05 03:01:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/03 22:55:03 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 18:34:29 | 000,006,571 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/03 06:52:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/16 19:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/06/27 17:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2004/08/04 05:00:00 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/04/18 17:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 17:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2010/09/04 22:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
[2010/03/07 23:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/20 21:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/09/15 21:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2010/03/09 12:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Downloaded Installations
[2010/03/12 19:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/09/29 14:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nitro PDF
[2010/03/22 01:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/06/11 00:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Toolbar4
[2010/10/13 01:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/03/05 21:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VirtualStore
[2010/03/22 01:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WeatherBug
[2010/10/13 18:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/04 21:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/03/03 18:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/03/09 12:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/08/27 22:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/03/03 16:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/04/25 21:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2010/04/25 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2010/04/18 01:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/05/05 16:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/13 21:50:58 | 000,000,324 | -HS- | M] () -- C:\WINDOWS\Tasks\Qgwuirybh.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/14 16:47:54 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2010/07/14 16:47:54 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2010/03/03 14:59:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/06 13:02:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/03 14:59:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/09 21:48:14 | 000,003,068 | ---- | M] () -- C:\Enlish.lng
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/03/03 14:59:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/03 14:59:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2003/02/21 05:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\msvcr71.dll
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/10/13 21:50:50 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/03/03 06:50:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/03 06:50:55 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/03 06:50:54 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
OTL Extras logfile created on: 10/13/2010 10:41:55 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 242.85 Gb Free Space | 81.47% Space Free | Partition Type: NTFS

Computer Name: DD3000 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"1047:TCP" = 1047:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- File not found
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- File not found
"C:\Program Files\Common Files\aol\1279151022\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1279151022\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- File not found
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\trademanager\AliIM.exe" = C:\Program Files\trademanager\AliIM.exe:*:Enabled:AliIM -- File not found
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}" = Fast Track
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}" = SplitCam
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Essentials
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31B27B28-5E06-4483-A363-8D1F2A97D38D}" = HP Officejet J3600 Series
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3712BB20-EAA2-012B-AD56-000000000000}" = TurboTax 2009 wfliper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F60CD17-EE34-4f77-83B7-F8ADBDC31D46}" = ProductContext
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88FBDCF4-8ACF-46e6-9C33-231FBA6378D8}" = J3600
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BE27845A-6438-4DCF-AE3D-44EC96CB31CA}" = honestech TVR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D27F8BF7-61A4-4F0D-A190-9E2CE8C0773B}" = 3600_Help
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9E13063-C8E2-4D39-8F6B-5FE5D2EAD0E5}" = Nitro PDF Professional
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"DivX Setup.divx.com" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HaaliMkx" = Haali Media Splitter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROR" = Microsoft Office Professional 2007 Trial
"PROSet" = Intel® PRO Network Connections Drivers
"SopCast" = SopCast 3.2.8
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2010 9:31:13 PM | Computer Name = DD3000 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.3250, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2010 11:03:22 PM | Computer Name = DD3000 | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15315, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2010 11:40:56 PM | Computer Name = DD3000 | Source = ESENT | ID = 489
Description = wuauclt (1652) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/13/2010 11:40:56 PM | Computer Name = DD3000 | Source = ESENT | ID = 455
Description = wuaueng.dll (1652) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 10/13/2010 11:41:06 PM | Computer Name = DD3000 | Source = ESENT | ID = 489
Description = wuauclt (1652) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/13/2010 11:41:06 PM | Computer Name = DD3000 | Source = ESENT | ID = 455
Description = wuaueng.dll (1652) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 10/13/2010 11:47:53 PM | Computer Name = DD3000 | Source = ESENT | ID = 489
Description = wuauclt (2020) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/13/2010 11:47:54 PM | Computer Name = DD3000 | Source = ESENT | ID = 455
Description = wuaueng.dll (2020) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 10/13/2010 11:48:15 PM | Computer Name = DD3000 | Source = ESENT | ID = 489
Description = wuauclt (2020) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/13/2010 11:48:15 PM | Computer Name = DD3000 | Source = ESENT | ID = 455
Description = wuaueng.dll (2020) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 10/13/2010 9:41:17 PM | Computer Name = DD3000 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/13/2010 9:41:17 PM | Computer Name = DD3000 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/13/2010 10:50:33 PM | Computer Name = DD3000 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/13/2010 10:50:33 PM | Computer Name = DD3000 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/13/2010 11:00:05 PM | Computer Name = DD3000 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/13/2010 11:00:05 PM | Computer Name = DD3000 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/13/2010 11:02:21 PM | Computer Name = DD3000 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/13/2010 11:02:21 PM | Computer Name = DD3000 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/14/2010 12:51:20 AM | Computer Name = DD3000 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/14/2010 12:51:21 AM | Computer Name = DD3000 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:54 on 13/10/2010 (Administrator)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========

Removing Orphan:
"[email protected]"="C:\Program Files\AutocompletePro\[email protected]" -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{F08C2212-0CB4-447A-AF86-8804668F7FD3} -> Success!
Deleting C:\Documents and Settings\Administrator\Local Settings\Application Data\{F08C2212-0CB4-447A-AF86-8804668F7FD3} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[email protected] [22:58 17/06/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:27 16/09/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [18:26 25/05/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [21:00 11/10/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [18:13 13/10/2010]

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions\
[email protected] [06:43 17/06/2010]
{4D144BC3-23FB-47de-90C5-63CCB0139CCF} [02:37 18/08/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:23 22/04/2010]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:59 11/10/2010]

-=E.O.F=-

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4816

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

10/14/2010 5:45:40 PM
mbam-log-2010-10-14 (17-45-40).txt

Scan type: Quick scan
Objects scanned: 167277
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
Still have a malware job and some malware files present.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AutocompletePro\[email protected] File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.[2010/10/09 22:34:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/10/09 22:32:29 | 000,104,960 | RHS- | C] () -- C:\WINDOWS\System32\dpnsvrf.dll
[2010/10/09 22:32:29 | 000,000,324 | -HS- | C] () -- C:\WINDOWS\tasks\Qgwuirybh.job
[2010/09/29 18:57:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Fhovuyepiyij.dat
[2010/09/29 18:57:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hxahuxocacirisoh.bin
 
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

b]We Need to check for Rootkits with RootRepeal[/b]
[*]Extract RootRepeal.exe from the archive.
[*]Open Posted Image on your desktop.
[*]Before you run the scan go into Settings, Options, General and move the slider to Middle Level then close the Settings box!
[*]Click the Posted Image button.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]
Run the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Ron
  • 0

#3
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Thanks Ron for all your help...
here's the logs:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected] not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4064EA35-578D-4073-A834-C96D82CBCF40} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4064EA35-578D-4073-A834-C96D82CBCF40}\ not found.
C:\WINDOWS\system32\dpnsvrf.dll moved successfully.
C:\WINDOWS\tasks\Qgwuirybh.job moved successfully.
C:\WINDOWS\Fhovuyepiyij.dat moved successfully.
C:\WINDOWS\Hxahuxocacirisoh.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2410697497 bytes
->Temporary Internet Files folder emptied: 87464042 bytes
->Java cache emptied: 32369004 bytes
->FireFox cache emptied: 93333886 bytes
->Google Chrome cache emptied: 5050736 bytes
->Flash cache emptied: 20667 bytes

User: All Users
->Flash cache emptied: 35 bytes

User: amazon only
->Temp folder emptied: 744 bytes
->Temporary Internet Files folder emptied: 400759 bytes
->Flash cache emptied: 2836 bytes

User: Amazon user
->Temp folder emptied: 274102 bytes
->Temporary Internet Files folder emptied: 411593 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Guest
->Temp folder emptied: 63932 bytes
->Temporary Internet Files folder emptied: 122235 bytes
->Flash cache emptied: 2836 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 907453 bytes
->Flash cache emptied: 5399 bytes

User: NetworkService
->Temp folder emptied: 4142 bytes
->Temporary Internet Files folder emptied: 161893057 bytes
->Java cache emptied: 5472514 bytes
->Flash cache emptied: 13284 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10260307 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 47007 bytes
RecycleBin emptied: 655445458 bytes

Total Files Cleaned = 3,306.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10152010_195433

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 10/15/2010 7:59:20 PM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 244.60 Gb Free Space | 82.06% Space Free | Partition Type: NTFS

Computer Name: DD3000 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/13 19:03:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/02 13:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/02/02 13:35:20 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/02/11 08:48:00 | 000,480,264 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2008/06/27 17:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/06/27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/13 19:03:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2004/08/04 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/01 19:13:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/05 15:03:53 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/02 13:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/02 13:35:20 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/06/27 17:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WN111v2.sys -- (WN111v2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/06/11 00:25:11 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/25 16:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/02/11 08:47:48 | 000,156,552 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mausbft.sys -- (MAUSBFT)
DRV - [2007/12/14 05:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/10/29 08:13:26 | 000,732,928 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/11/30 12:00:00 | 000,276,736 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SAA713x.sys -- (713xTVCard)
DRV - [2004/11/30 12:00:00 | 000,021,760 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WDMTuner.sys -- (WDMTVTuner)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 16:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/07/24 13:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 05:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...E-6ED84FE674D1}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Free TV Bar c3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.5.5
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/11 15:24:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/15 20:27:10 | 000,000,000 | ---D | M]

[2010/03/03 16:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/15 17:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions
[2010/08/17 19:37:51 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/06/17 00:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions\[email protected]
[2010/03/22 03:52:24 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\alot-search.xml
[2010/07/14 16:50:04 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\aol-search.xml
[2010/03/03 20:21:06 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\askcom.xml
[2010/06/11 00:29:27 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\bigseekpro.xml
[2010/05/14 17:37:13 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\bing.xml
[2010/06/21 20:29:48 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\searchplugins\conduit.xml
[2010/10/15 17:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 11:26:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 14:00:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 11:13:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/06/17 15:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/30 04:19:50 | 000,111,960 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npww.dll

O1 HOSTS File: ([2010/10/11 15:38:54 | 000,421,609 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14540 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/03 14:59:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: perfeset - (C:\WINDOWS\system32\automstp.dll) - C:\WINDOWS\System32\automstp.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/15 19:54:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/13 23:01:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/10/13 22:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2010/10/13 22:53:53 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/10/13 22:52:39 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/10/13 19:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/10/13 19:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/13 19:03:23 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/13 18:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2010/10/13 18:42:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/13 18:42:12 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/13 18:42:12 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/13 18:42:12 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/13 18:42:12 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/13 18:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/13 18:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/13 18:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/13 18:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/13 18:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/13 18:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/13 18:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/13 18:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/13 17:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/10/13 17:36:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/13 17:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/13 17:36:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/13 17:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/13 17:36:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 17:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/11 23:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/11 16:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/11 16:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/11 15:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/11 14:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/11 00:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/11 00:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/09 23:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\stretcher manual
[2010/10/09 22:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\MOV to AVI MPEG WMV Converter
[2010/10/09 22:19:06 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2010/10/07 14:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Mumford & Sons - Sigh No More (LE) [2009] NLT-Release
[2010/09/29 21:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Carbona
[2010/09/24 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Save Flash
[2010/09/24 12:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MY_FLASH
[2010/09/15 21:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/09/15 21:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2010/09/05 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/09/04 23:41:06 | 000,706,696 | ---- | C] (Vanguard Software Solutions, Inc.) -- C:\WINDOWS\vsslight.dll
[2010/09/04 23:41:06 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\vp6vfw.dll
[2010/09/04 23:41:06 | 000,421,888 | ---- | C] (Vanguard Software Solutions, Inc.) -- C:\WINDOWS\vssh264dec.dll
[2010/09/04 23:41:06 | 000,167,936 | ---- | C] (Vanguard Software Solutions, Inc.) -- C:\WINDOWS\vsswlt.dll
[2010/09/04 23:41:06 | 000,098,304 | ---- | C] (Vanguard Software Solutions, Inc.) -- C:\WINDOWS\vssh264.dll
[2010/09/04 23:41:06 | 000,093,184 | ---- | C] (Winnov) -- C:\WINDOWS\wnvwinx.dll
[2010/09/04 23:41:06 | 000,049,152 | ---- | C] (Vanguard Software Solutions, Inc.) -- C:\WINDOWS\vssh264core.dll
[2010/09/04 23:41:05 | 000,466,944 | ---- | C] (On2.com) -- C:\WINDOWS\vp4vfw.dll
[2010/09/04 23:41:05 | 000,424,960 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\msms001.vwp
[2010/09/04 23:41:05 | 000,422,912 | ---- | C] (Morgan Multimedia) -- C:\WINDOWS\m3jp2k32.dll
[2010/09/04 23:41:05 | 000,312,832 | ---- | C] (eMajix.com, Inc.) -- C:\WINDOWS\CLRVIDDC.DLL
[2010/09/04 23:41:05 | 000,307,200 | ---- | C] (Aware Inc.) -- C:\WINDOWS\icmw_32.dll
[2010/09/04 23:41:05 | 000,299,008 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\rt32dcmp.dll
[2010/09/04 23:41:05 | 000,135,168 | ---- | C] (Iterated Systems, Inc.) -- C:\WINDOWS\clrviddd.dll
[2010/09/04 23:41:05 | 000,122,880 | ---- | C] (Vivo Software) -- C:\WINDOWS\vivog723.acm
[2010/09/04 23:41:05 | 000,118,784 | ---- | C] (Alparysoft R&D Ltd.) -- C:\WINDOWS\aslcodec_dshow.dll
[2010/09/04 23:41:05 | 000,090,112 | ---- | C] (Image Power Inc.) -- C:\WINDOWS\jp2avi.dll
[2010/09/04 23:41:05 | 000,081,920 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\CtWbJpg.DLL
[2010/09/04 23:41:05 | 000,056,320 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\voxmsdec.ax
[2010/09/04 23:41:05 | 000,049,664 | ---- | C] (Netscape Communications) -- C:\WINDOWS\nsrt2432.acm
[2010/09/04 23:41:05 | 000,038,912 | ---- | C] (NCT Company) -- C:\WINDOWS\alf2cd.acm
[2010/09/04 23:41:05 | 000,034,304 | ---- | C] (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany) -- C:\WINDOWS\qpeg32.dll
[2010/09/04 23:41:04 | 000,454,656 | ---- | C] (Videosoft, Inc.) -- C:\WINDOWS\vsshdsd.dll
[2010/09/04 23:41:04 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\pncrt.dll
[2010/09/04 23:41:04 | 000,204,800 | ---- | C] (Espre Solutions Inc) -- C:\WINDOWS\lsvxdec.dll
[2010/09/04 23:41:04 | 000,155,648 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\vmnc.dll
[2010/09/04 23:41:04 | 000,092,160 | ---- | C] (Avid Technology, Inc) -- C:\WINDOWS\AvidQTAVUICodec.qtx
[2010/09/04 23:41:04 | 000,088,464 | ---- | C] (VDOnet Corp.) -- C:\WINDOWS\DECVW_32.DLL
[2010/09/04 23:41:04 | 000,082,432 | ---- | C] (VDOnet LTD..) -- C:\WINDOWS\vdowave.drv
[2010/09/04 23:41:04 | 000,076,800 | ---- | C] (VDOnet Corp.) -- C:\WINDOWS\VDODEC32.dll
[2010/09/04 23:41:04 | 000,057,344 | ---- | C] (Micronas Intermetall) -- C:\WINDOWS\mi-sc4.acm
[2010/09/04 23:41:03 | 000,211,968 | ---- | C] (SoftMedia) -- C:\WINDOWS\ViVD2.dll
[2010/09/04 23:41:02 | 000,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\vp7vfw.dll
[2010/09/04 23:41:02 | 000,225,280 | ---- | C] (Vivo Software) -- C:\WINDOWS\ivvideo.dll
[2010/09/04 23:29:09 | 004,255,744 | ---- | C] (Gabest) -- C:\Documents and Settings\Administrator\Desktop\mplayerc.exe
[2010/09/04 23:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2010/09/04 22:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
[2010/09/04 22:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2010/09/01 19:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/08/27 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Pricelist china
[2010/08/24 21:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/24 21:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/08/20 22:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Resumes
[2010/08/20 21:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/08/20 21:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora
[2010/08/20 21:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Portable_Time_Stopper_v3.0
[2010/08/20 17:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hammertap
[2010/08/20 17:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\HammerTap v3.1.1011.38
[2010/08/17 19:52:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\aliedit
[2010/08/17 19:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\trademanager
[2010/08/08 02:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WinAVI
[2010/08/08 02:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinAVI Video Converter
[2010/07/20 22:04:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/07/19 15:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2010/07/19 15:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2010/07/19 15:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/07/18 20:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/07/18 20:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/07/18 20:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/07/18 20:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real

========== Files - Modified Within 90 Days ==========

[2010/10/15 19:58:11 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-879983540-839522115-500.job
[2010/10/15 19:58:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/15 19:15:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-879983540-839522115-500UA.job
[2010/10/14 20:42:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/14 20:20:40 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/14 16:15:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-879983540-839522115-500Core.job
[2010/10/14 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DD3000-Administrator.job
[2010/10/13 22:52:40 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/10/13 22:35:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/13 19:31:35 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/13 19:03:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/13 18:42:33 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/13 18:39:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/13 18:13:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/13 17:36:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 17:35:52 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/13 17:35:26 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/10/13 17:35:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/10/13 13:50:14 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/10/11 19:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/11 15:38:54 | 000,421,609 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/11 12:53:18 | 000,000,093 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/09 23:58:35 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to movtoavi.lnk
[2010/10/09 23:03:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-879983540-839522115-500.job
[2010/10/09 21:48:14 | 000,003,068 | ---- | M] () -- C:\Enlish.lng
[2010/10/08 20:31:16 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Adobe GIF Format CS5 Prefs
[2010/10/07 00:38:16 | 012,515,760 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_2308.psd
[2010/10/06 21:13:06 | 020,907,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SAM SCOTT2.bmp
[2010/10/06 21:13:05 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Adobe BMP Format CS5 Prefs
[2010/10/06 21:12:43 | 003,555,506 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SAM SCOTT.jpg
[2010/10/06 20:47:23 | 020,907,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\8a11901f710f93a71ec4b0241f457bb6095acb7420100716-1.bmp
[2010/10/06 20:05:37 | 000,015,321 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\8a11901f710f93a71ec4b0241f457bb6095acb7420100716.pdf
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/09/15 22:33:36 | 000,003,890 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rosetta note2.rtf
[2010/09/15 20:27:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/15 20:27:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/10 20:00:34 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/04 00:59:04 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/08/30 03:07:40 | 010,855,821 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\order 56.5 kg.rtf
[2010/08/29 20:07:15 | 001,652,224 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MANS SEX TOY MOQ 1 CARTON USD EX-WORKS PRICE.xls
[2010/08/28 01:54:46 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Adobe Photoshop CS5.lnk
[2010/08/28 00:11:35 | 000,077,316 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\scouting.pdf
[2010/08/28 00:09:10 | 000,028,537 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\25Things.pdf
[2010/08/28 00:08:48 | 001,074,591 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SOTR.pdf
[2010/08/25 11:13:32 | 003,575,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/20 21:42:24 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk
[2010/08/17 23:51:18 | 615,240,661 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\www.AZmovie.net-Alone.2007.Thai.Eng.Sub.Hardcoded.H246.DVDRip.LKRG.mp4
[2010/08/13 01:13:07 | 000,333,865 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2010-2011_Student_Calendar.pdf
[2010/08/08 02:14:49 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinAVI Video Converter .lnk
[2010/07/20 13:55:28 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EXTREMELY__IMPORTANT__MUST__READ.rtf
[2010/07/18 20:48:29 | 000,000,025 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

========== Files Created - No Company Name ==========

[2010/10/15 01:04:31 | 000,032,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Isolation.2005.DVDRip.XviD-ViLLAiN.srt
[2010/10/15 01:00:31 | 615,240,661 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\www.AZmovie.net-Alone.2007.Thai.Eng.Sub.Hardcoded.H246.DVDRip.LKRG.mp4
[2010/10/15 01:00:31 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EXTREMELY__IMPORTANT__MUST__READ.rtf
[2010/10/15 01:00:31 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Free Download Movies - Music - Ebooks - Magazines - Wallpapers and much more....URL
[2010/10/15 00:44:47 | 000,027,935 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Alone.2007.DVDRip.XviD.srt
[2010/10/13 20:02:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/10/13 18:42:33 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/13 17:36:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 17:35:52 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/13 17:35:26 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/10/13 17:35:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/10/11 12:53:18 | 000,000,093 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/09 23:58:35 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to movtoavi.lnk
[2010/10/09 22:34:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/10/09 21:46:05 | 000,003,068 | ---- | C] () -- C:\Enlish.lng
[2010/10/06 21:48:24 | 012,515,760 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_2308.psd
[2010/10/06 21:13:03 | 020,907,896 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SAM SCOTT2.bmp
[2010/10/06 21:12:40 | 003,555,506 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SAM SCOTT.jpg
[2010/10/06 20:47:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe BMP Format CS5 Prefs
[2010/10/06 20:47:21 | 020,907,896 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\8a11901f710f93a71ec4b0241f457bb6095acb7420100716-1.bmp
[2010/10/06 20:05:37 | 000,015,321 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\8a11901f710f93a71ec4b0241f457bb6095acb7420100716.pdf
[2010/09/15 20:27:13 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/15 20:27:13 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/06 17:11:44 | 000,003,890 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rosetta note2.rtf
[2010/09/04 23:41:05 | 000,225,280 | ---- | C] () -- C:\WINDOWS\qtmlClient.dll
[2010/09/04 23:41:04 | 000,573,440 | ---- | C] () -- C:\WINDOWS\tvqdec.dll
[2010/09/04 23:41:04 | 000,245,760 | ---- | C] () -- C:\WINDOWS\LCMW2.dll
[2010/09/04 23:41:04 | 000,076,800 | ---- | C] () -- C:\WINDOWS\BeHereiVideo.qtx
[2010/09/04 23:41:02 | 000,035,840 | ---- | C] () -- C:\WINDOWS\xanlib.dll
[2010/09/04 00:59:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/09/01 12:00:14 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-879983540-839522115-500.job
[2010/08/30 02:28:56 | 010,855,821 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\order 56.5 kg.rtf
[2010/08/29 19:45:18 | 001,652,224 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MANS SEX TOY MOQ 1 CARTON USD EX-WORKS PRICE.xls
[2010/08/28 01:54:46 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Adobe Photoshop CS5.lnk
[2010/08/28 00:11:34 | 000,077,316 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\scouting.pdf
[2010/08/28 00:09:10 | 000,028,537 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\25Things.pdf
[2010/08/28 00:08:45 | 001,074,591 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SOTR.pdf
[2010/08/24 21:43:54 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe GIF Format CS5 Prefs
[2010/08/24 21:33:17 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DD3000-Administrator.job
[2010/08/20 21:42:24 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk
[2010/08/13 01:13:06 | 000,333,865 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2010-2011_Student_Calendar.pdf
[2010/08/08 02:14:49 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinAVI Video Converter .lnk
[2010/07/18 20:48:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/18 20:47:40 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-879983540-839522115-500.job
[2010/07/14 19:18:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/06/10 11:13:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/04/25 21:54:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/22 12:23:27 | 001,147,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/22 01:54:58 | 000,964,890 | ---- | C] () -- C:\WINDOWS\System32\alleg42.dll
[2010/03/22 01:54:45 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\xobni_installer_updater.log
[2010/03/09 12:49:38 | 000,006,457 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\MSI3.1Logfile.log
[2010/03/05 03:01:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/03 22:55:03 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 18:34:29 | 000,006,571 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/03 06:52:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/16 19:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/06/27 17:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2004/08/04 05:00:00 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/04/18 17:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 17:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2010/09/04 22:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
[2010/03/07 23:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/20 21:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/09/15 21:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2010/03/09 12:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Downloaded Installations
[2010/03/12 19:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/09/29 14:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nitro PDF
[2010/03/22 01:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/06/11 00:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Toolbar4
[2010/10/15 01:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/03/05 21:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VirtualStore
[2010/03/22 01:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WeatherBug
[2010/10/13 18:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/04 21:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/03/03 18:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/03/09 12:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/08/27 22:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/03/03 16:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/04/25 21:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2010/04/25 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2010/04/18 01:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/05/05 16:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



< End of report >

ComboFix 10-10-15.03 - Administrator 10/15/2010 20:11:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1432 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\george.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Administrator\Recent\Thumbs.db
C:\install.exe
c:\program files\messenge
c:\windows\Readme.txt
c:\windows\system32\scvideo.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-16 to 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-16 02:54 . 2010-10-16 02:54 -------- d-----w- C:\_OTL
2010-10-15 02:26 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-15 02:26 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-14 01:29 . 2010-10-14 01:29 -------- d-----w- c:\program files\Alwil Software
2010-10-14 01:29 . 2010-10-14 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-14 00:36 . 2010-10-14 00:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-14 00:36 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 00:36 . 2010-10-14 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-14 00:36 . 2010-10-14 00:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-14 00:36 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 00:35 . 2010-10-14 00:35 -------- d-----w- c:\program files\ERUNT
2010-10-11 22:34 . 2010-10-11 22:34 -------- d-----w- c:\program files\ESET
2010-10-11 21:00 . 2010-10-11 21:00 -------- d-----w- c:\program files\Common Files\Java
2010-10-11 21:00 . 2010-09-15 09:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-10 05:34 . 2006-09-26 20:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2010-10-10 05:34 . 2010-10-10 05:35 -------- d-----w- c:\program files\MOV to AVI MPEG WMV Converter
2010-10-10 05:19 . 2010-10-10 05:19 -------- d-----w- C:\OutputFolder
2010-10-09 07:16 . 2010-10-09 07:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-09 07:10 . 2010-10-09 07:15 -------- d-s---w- c:\documents and settings\amazon only
2010-09-24 19:13 . 2010-10-10 04:55 -------- d-----w- c:\program files\Save Flash
2010-09-16 04:46 . 2010-09-26 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-09-16 04:23 . 2010-09-16 04:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-05 135664]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2009-02-11 480264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScheduleTV.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ScheduleTV.lnk
backup=c:\windows\pss\ScheduleTV.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 03:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-29 15:13 77824 ----a-r- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-29 15:13 94208 ----a-r- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 21:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2009-02-11 15:48 480264 ------w- c:\windows\system32\M-AudioTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 23:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-28 01:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-29 15:13 114688 ----a-r- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-04-28 04:41 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-10-29 15:13 1404928 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [11/30/2004 1:00 PM 276736]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/13/2010 6:42 PM 135336]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2/2/2010 1:35 PM 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2/2/2010 1:35 PM 65856]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [11/30/2004 1:00 PM 21760]
R3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\drivers\mausbft.sys [4/19/2010 4:13 PM 156552]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [5/24/2010 5:30 PM 30560]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2.sys --> c:\windows\system32\DRIVERS\WN111v2.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-DD3000-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-25 10:44]

2010-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-879983540-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-05 07:00]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-879983540-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-05 07:00]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.bigseekpro.com/splitcam/{C5DF51D5-B0F7-4E4F-8F3E-6ED84FE674D1}
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2399412&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npperformeroptimum.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npww.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
MSConfigStartUp-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
MSConfigStartUp-Modulo_administrativo - c:\program files\messenge\Asdiph.exe
MSConfigStartUp-Modulo_Ad_Autorizador - c:\program files\messenge\Nvsvc32.exe
MSConfigStartUp-Modulo_Ad_bne - c:\program files\messenge\Aswebsrv.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-10-15 20:16:47
ComboFix-quarantined-files.txt 2010-10-16 03:16

Pre-Run: 262,522,552,320 bytes free
Post-Run: 262,483,243,008 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7E6770D176908221566B0A2926D93F2F

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/10/15 20:18
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF75A8000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB1812000 Size: 138496 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF749A000 Size: 95360 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA5C9000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Address: 0xF7A03000 Size: 6144 File Visible: - Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xB14AB000 Size: 86016 File Visible: - Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xB16B5000 Size: 139264 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79FB000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
Address: 0xB99C8000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBAA86000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7547000 Size: 49536 File Visible: - Signed: -
Status: -

Name: cercsr6.sys
Image Path: cercsr6.sys
Address: 0xF7717000 Size: 29120 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7627000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF74B2000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798D000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF76F7000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB1650000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79A3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF792F000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C1000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB9A44000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Address: 0xB9F6C000 Size: 163328 File Visible: - Signed: -
Status: -

Name: es1371mp.sys
Image Path: C:\WINDOWS\system32\drivers\es1371mp.sys
Address: 0xF76E7000 Size: 40704 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF77EF000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBAAA6000 Size: 34944 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF7462000 Size: 128896 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79F9000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D8000 Size: 125056 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xF7927000 Size: 10624 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF77FF000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FD000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBAA76000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF77AF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB9DC0000 Size: 9600 File Visible: - Signed: -
Status: -

Name: HPZid412.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xBAA56000 Size: 49920 File Visible: - Signed: -
Status: -

Name: HPZipr12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xB9DB0000 Size: 16224 File Visible: - Signed: -
Status: -

Name: HPZius12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xF77CF000 Size: 21568 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB09A8000 Size: 263040 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7577000 Size: 52736 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBFA31000 Size: 901120 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBFA01000 Size: 196608 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF9E1000 Size: 131072 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xBA056000 Size: 830560 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF9D3000 Size: 57344 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7557000 Size: 41856 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF798B000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF76D7000 Size: 36096 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB1834000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB18FD000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF77F7000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB04EE000 Size: 171776 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB9FD8000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7439000 Size: 92032 File Visible: - Signed: -
Status: -

Name: mausbft.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mausbft.sys
Address: 0xB1668000 Size: 149888 File Visible: - Signed: -
Status: -

Name: mbr.sys
Image Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys
Address: 0xB99E8000 Size: 20864 File Visible: No Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79FD000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF781F000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB9DB8000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB1124000 Size: 181248 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB1777000 Size: 451456 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF777F000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA1B1000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBAFB0000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF787C000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF740C000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBAFD8000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB14E0000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB9E4E000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA151000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBAAC6000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB1855000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7787000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574592 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xB9A06000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB9F58000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79C1000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7597000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCIIde.sys
Image Path: PCIIde.sys
Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\Drivers\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB9FFB000 Size: 147456 File Visible: - Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF79EF000 Size: 7872 File Visible: No Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB9E3D000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF780F000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7947000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7517000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7507000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF74F7000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7817000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB17E6000 Size: 176512 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79FF000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB9E0C000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7537000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB0C01000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SAA713x.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SAA713x.sys
Address: 0xB9F94000 Size: 276736 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF7482000 Size: 98304 File Visible: - Signed: -
Status: -

Name: senfilt.sys
Image Path: C:\WINDOWS\system32\drivers\senfilt.sys
Address: 0xB9E65000 Size: 732928 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBAFE4000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF7567000 Size: 64896 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xB9F18000 Size: 260352 File Visible: - Signed: -
Status: -

Name: splitcam.sys
Image Path: C:\WINDOWS\system32\DRIVERS\splitcam.sys
Address: 0xF7527000 Size: 36864 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7450000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB0E99000 Size: 336256 File Visible: - Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xF778F000 Size: 23040 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xF7587000 Size: 49152 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79B9000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB13BB000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB18A5000 Size: 359040 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7807000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA1A1000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB9DD8000 Size: 209408 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF779F000 Size: 31616 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79CD000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF77E7000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA131000 Size: 57600 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xBA01F000 Size: 143360 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF77C7000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xB9DB4000 Size: 15104 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF77BF000 Size: 26496 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF77DF000 Size: 20480 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7777000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xBA042000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBAAB6000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xB99F0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB1266000 Size: 82944 File Visible: - Signed: -
Status: -

Name: WDMTuner.sys
Image Path: C:\WINDOWS\system32\drivers\WDMTuner.sys
Address: 0xF7757000 Size: 21760 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1839104 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1839104 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -


QuickScan Beta 32-bit v0.9.9.41
-------------------------------
Scan date: Fri Oct 15 20:20:01 2010
Machine ID: 1CDE3483



No infection found.
-------------------



Processes
---------
Adobe Reader and Acrobat Manager 2612 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AntiVir Desktop 2676 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
AntiVir Desktop 1912 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
AntiVir Desktop 312 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
AntiVir Desktop 1716 C:\Program Files\Avira\AntiVir Desktop\sched.exe
Apple Mobile Device Service 1928 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Atheros Configuration Service (ACS) 1524 C:\WINDOWS\system32\acs.exe
Firefox 1984 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 2164 C:\Program Files\Mozilla Firefox\plugin-container.exe
Intuit Update Service 2008 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
iTunes 3128 C:\Program Files\iPod\bin\iPodService.exe
iTunes 2492 C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE 6 U22 176 C:\Program Files\Java\jre6\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 2664 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System 3716 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 1860 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 624 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 2696 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 704 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 692 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 576 C:\WINDOWS\system32\smss.exe
Microsoft® Windows® Operating System 1444 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 236 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 420 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 516 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1256 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1180 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1060 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1992 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 964 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 888 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 648 C:\WINDOWS\system32\winlogon.exe
Microsoft® Windows® Operating System 2308 C:\WINDOWS\system32\wscntfy.exe
Microsoft® Windows® Operating System 1052 C:\WINDOWS\system32\wuauclt.exe
Nalpeiron License Management 396 C:\WINDOWS\system32\NLSSRV32.EXE
Nero Home 2824 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
Nero Home 2976 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
Nero Home 3032 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
Nitro PDF Professional 380 C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
RichVideo Module 448 C:\Program Files\CyberLink\Shared files\RichVideo.exe
TaskBarIconApplet 2424 C:\WINDOWS\system32\M-AudioTaskBarIcon.exe


Network activity
----------------
Process firefox.exe (1984) connected on port 80 (HTTP) --> 96.17.220.20
Process firefox.exe (1984) connected on port 80 (HTTP) --> 69.63.189.39
Process firefox.exe (1984) connected on port 80 (HTTP) --> 66.102.7.148
Process firefox.exe (1984) connected on port 80 (HTTP) --> 66.235.143.54
Process firefox.exe (1984) connected on port 80 (HTTP) --> 72.14.213.101
Process firefox.exe (1984) connected on port 80 (HTTP) --> 204.2.197.201
Process firefox.exe (1984) connected on port 80 (HTTP) --> 24.143.207.43
Process firefox.exe (1984) connected on port 80 (HTTP) --> 96.17.213.115
Process firefox.exe (1984) connected on port 80 (HTTP) --> 24.143.207.43

Process svchost.exe (964) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe CS5 Service Manager C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe Updater Startup Utility C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE
Google Update C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Nero Home C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
SBSV 2010/02/19-11:02:07 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
TaskBarIconApplet C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U22 c:\program files\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U22 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
WangWang Installed Check Plugin for Moz C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hre8x6ak.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
WangWang Installed Check Plugin for Moz C:\Program Files\Mozilla Firefox\plugins\npww.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys
--> HKLM\System\ControlSet001\services\mbr\"ImagePath"


Scan
----


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.05 MB sent, 1.71 KB recvd
Scanned 1009 files and modules - 20 seconds

==============================================================================
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
I missed a remnant on the last OTL Run Fix.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O36 - AppCertDlls: perfeset - (C:\WINDOWS\system32\automstp.dll) - C:\WINDOWS\System32\automstp.dll File not found
     
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top

Otherwise your logs look pretty good now. Let's do a few more checks just to make sure:

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP but tell me.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

As a final check see if GMER will now run. I would pause your anti-virus while running GMER. It will be much faster if the anti-virus is not running and the anti-virus may be interfering with GMER. We did remove some malware that was active so it might have been the problem but GMER is also sensitive to hard drive errors which the disk check should clean up for us.

Ron
  • 0

#5
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
This morning computer is running a bit slow again and antivir has blocked another threat.
logs:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FD000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798D000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF749A000 atapi.sys
0xF7717000 cercsr6.sys
0xF7482000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7462000 fltMgr.sys
0xF7450000 sr.sys
0xF7439000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF740C000 NDIS.sys
0xF787C000 Mup.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA056000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xBA042000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77DF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA01F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76E7000 \SystemRoot\system32\drivers\es1371mp.sys
0xB9FFB000 \SystemRoot\system32\drivers\portcls.sys
0xF76F7000 \SystemRoot\system32\drivers\drmk.sys
0xB9FD8000 \SystemRoot\system32\drivers\ks.sys
0xB9F94000 \SystemRoot\system32\DRIVERS\SAA713x.sys
0xF7587000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xB9F6C000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7577000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7567000 \SystemRoot\system32\DRIVERS\serial.sys
0xBAFE4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9F58000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7557000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7547000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7537000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9F18000 \SystemRoot\system32\drivers\smwdm.sys
0xB9E65000 \SystemRoot\system32\drivers\senfilt.sys
0xF7527000 \SystemRoot\system32\DRIVERS\splitcam.sys
0xBA5C9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7517000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBAFD8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9E4E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7507000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF74F7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7807000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9E3D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1B1000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF780F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7817000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9E0C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1A1000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF781F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79B9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9DD8000 \SystemRoot\system32\DRIVERS\update.sys
0xBAFB0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA151000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA131000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79CD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7927000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF7757000 \SystemRoot\system32\drivers\WDMTuner.sys
0xF79F9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB9A06000 \SystemRoot\System32\Drivers\Null.SYS
0xF79FB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7777000 \SystemRoot\System32\drivers\vga.sys
0xF79FD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79FF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF777F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7787000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7947000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB18FD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB18A5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1855000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB1834000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB1812000 \SystemRoot\System32\drivers\afd.sys
0xBAAC6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBAAB6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF778F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB17E6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB1777000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBAAA6000 \SystemRoot\System32\Drivers\Fips.SYS
0xB16B5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A03000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xBAA86000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF779F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9DC0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBAA76000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB1668000 \SystemRoot\system32\DRIVERS\mausbft.sys
0xB9DB8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB9DB4000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xBAA56000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB9DB0000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB1650000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79A3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB99F0000 \SystemRoot\System32\watchdog.sys
0xF792F000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xB9A44000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E1000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D3000 \SystemRoot\System32\ialmrnt5.dll
0xBFA01000 \SystemRoot\System32\ialmdev5.DLL
0xBFA31000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB14AB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB14E0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB1266000 \SystemRoot\system32\drivers\wdmaud.sys
0xB13BB000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1124000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79C1000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB0E99000 \SystemRoot\system32\DRIVERS\srv.sys
0xB09A8000 \SystemRoot\System32\Drivers\HTTP.sys
0xB99C8000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
0xF79EF000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB99E8000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
576 C:\WINDOWS\system32\smss.exe
624 csrss.exe
648 C:\WINDOWS\system32\winlogon.exe
692 C:\WINDOWS\system32\services.exe
704 C:\WINDOWS\system32\lsass.exe
888 C:\WINDOWS\system32\svchost.exe
964 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1180 svchost.exe
1256 svchost.exe
1444 C:\WINDOWS\system32\spoolsv.exe
1524 C:\WINDOWS\system32\acs.exe
1716 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1912 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1928 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1992 C:\WINDOWS\system32\svchost.exe
2008 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
176 C:\Program Files\Java\jre6\bin\jqs.exe
236 C:\WINDOWS\system32\svchost.exe
312 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
380 C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
396 C:\WINDOWS\system32\NLSSRV32.EXE
420 C:\WINDOWS\system32\svchost.exe
448 C:\Program Files\CyberLink\Shared files\RichVideo.exe
516 C:\WINDOWS\system32\svchost.exe
1860 alg.exe
2424 C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
2492 C:\Program Files\iTunes\iTunesHelper.exe
2612 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2664 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2676 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2696 C:\WINDOWS\system32\ctfmon.exe
2824 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
2976 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
3032 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
3128 C:\Program Files\iPod\bin\iPodService.exe
1052 C:\WINDOWS\system32\wuauclt.exe
3716 C:\WINDOWS\explorer.exe
3764 C:\Documents and Settings\Administrator\Desktop\OTL.exe
2828 C:\Program Files\Mozilla Firefox\firefox.exe
464 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJB-00J3A0, Rev: 01.03E01

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


sfc /scannow was skipped , it asked for a CD


Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/10/2010 10:27:18 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/10/2010 8:40:04 AM
Type: warning Category: 2
Event: 4113 Source: Avira AntiVir
AntiVir has detected 'TR/Crypt.XPACK.Gen' in the file C:\System Volume Information\_restore{435EC9D0-B8D6-4C2A-9C41-476DBD741478}\RP3\A0002225.exe

Log: 'Application' Date/Time: 16/10/2010 7:28:04 AM
Type: warning Category: 2
Event: 4113 Source: Avira AntiVir
AntiVir has detected 'TR/Crypt.XPACK.Gen' in the file C:\System Volume Information\_restore{435EC9D0-B8D6-4C2A-9C41-476DBD741478}\RP3\A0002225.exe

Log: 'Application' Date/Time: 16/10/2010 6:16:04 AM
Type: warning Category: 2
Event: 4113 Source: Avira AntiVir
AntiVir has detected 'TR/Crypt.XPACK.Gen' in the file C:\System Volume Information\_restore{435EC9D0-B8D6-4C2A-9C41-476DBD741478}\RP3\A0002225.exe

Log: 'Application' Date/Time: 16/10/2010 5:16:04 AM
Type: warning Category: 2
Event: 4113 Source: Avira AntiVir
AntiVir has detected 'TR/Crypt.XPACK.Gen' in the file C:\System Volume Information\_restore{435EC9D0-B8D6-4C2A-9C41-476DBD741478}\RP3\A0002225.exe

Log: 'Application' Date/Time: 16/10/2010 5:04:04 AM
Type: warning Category: 2
Event: 4113 Source: Avira AntiVir
AntiVir has detected 'TR/Crypt.XPACK.Gen' in the file C:\System Volume Information\_restore{435EC9D0-B8D6-4C2A-9C41-476DBD741478}\RP3\A0002225.exe

Log: 'Application' Date/Time: 16/10/2010 1:54:22 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user DD3000\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/10/2010 10:26:57 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/10/2010 10:16:54 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The HID Input Service service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 16/10/2010 3:12:43 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The HID Input Service service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/10/2010 10:15:30 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<firefox.exe> C:\...ult\sessionstore-1.js

Log: 'System' Date/Time: 16/10/2010 10:15:04 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\...7\Data\1267666877.ini

Log: 'System' Date/Time: 16/10/2010 10:14:38 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\...7\Data\1267666877.ini

Log: 'System' Date/Time: 16/10/2010 10:13:53 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<avwsc.exe> C:\...iVir Desktop\rctext.dll

Log: 'System' Date/Time: 16/10/2010 10:13:28 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<avwsc.exe> C:\...iVir Desktop\rctext.dll

Log: 'System' Date/Time: 16/10/2010 10:13:03 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<avwsc.exe> C:\...iVir Desktop\cfglib.dll

Log: 'System' Date/Time: 16/10/2010 10:12:37 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<avwsc.exe> C:\...ww_d495ac4e\msvcp90.dll

Log: 'System' Date/Time: 16/10/2010 10:12:11 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<avwsc.exe> C:\...w_15fc9313\mfc90enu.dll

Log: 'System' Date/Time: 16/10/2010 10:11:43 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\... Desktop\rcimage.dll


GMER will run but it takes the whole night scanning and still wont finish...here's a stopped scan log:
GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-16 10:09:49
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT BA905106 ZwCreateKey
SSDT BA9050FC ZwCreateThread
SSDT BA90510B ZwDeleteKey
SSDT BA905115 ZwDeleteValueKey
SSDT BA90511A ZwLoadKey
SSDT BA9050E8 ZwOpenProcess
SSDT BA9050ED ZwOpenThread
SSDT BA905124 ZwReplaceKey
SSDT BA90511F ZwRestoreKey
SSDT BA905110 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 25E 804E4A98 4 Bytes CALL 9B08DAED
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9E40F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3136] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3484] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- EOF - GMER 1.0.15 ----
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

Copy the next line:

sc config hid start= disabled


Start, Run, cmd, OK to bring up a new command window and then right click and Paste (or Edit, Paste) and then Enter.

Close the window.

Uninstall firefox. Remove the folders:

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox
C:\Program Files\Mozilla Firefox

The first one is probably hidden system file so:
* Close all programs so that you are at your desktop.
* Double-click on the My Computer icon.
* Select the Tools menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and exit My Computer.
* Now your computer is configured to show all hidden files.



Redownload and reinstall Firefox.
http://www.mozilla.com/en-US/

You appear to need UPHClean:

1. Download UPHClean. To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft...70-42470E2F3582 (http://www.microsoft...70-42470E2F3582)
You will be prompted to validate your copy of Windows.
2. As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.
3. In the User Profile Hive Cleanup Service installation wizard, click Next.
4. In the License Agreement page, read the license agreement, select I Agree, and then click Next.
5. In the Select Installation Folder page, click Next.
6. In the Confirm Installation page, click Next.
7. When UPHClean is installed, click Close.

Note UPHClean runs as a service in Windows and will start automatically every time that Windows starts.
8. To confirm that UPHClean is installed and running, click Start, and then click Run.
9. In Open box, type the following text, and then click OK:

services.msc

10. In Services, in the Name column, locate User Profile Hive Cleanup. In the Status column, confirm that the User Profile Hive Cleanup service is Started.


Look in the Event, System logs:
for this event:
Log: 'System' Date/Time: 16/10/2010 10:15:04 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\...7\Data\1267666877.ini

Does it give the full path for the thing? Maybe in Avira's own logs there is more info?

Avira is having trouble with its own files which is not a good sign. I think it has been damaged so uninstall it and download a new copy and reinstall or if you want a second opinion you could try the free avast! (after uninstalling avira) http://www.avast.com...avast-home.html




Once you've done all that, clear the event logs again, reboot and run the Event Viewer Tool again as before. Is it still slow? When do you see the slowest? At boot? Surfing? When mouse clicking or typing?

Ron
  • 0

#7
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
After deleting Firefox and reinstalling it I've noticed that I lost all my stored passwords and bookmarks...they are very important to me...i tried to undo delete by system restoring to this morning set up and now my firefox wont load...only IE...what happened? How can I get my old firefox back?
  • 0

#8
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Computer is slowier than ever ...Firefox wont load at all...its freezing and acting really weird like some other programs were running in the background
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
Afraid the bookmarks and passwords may be gone forever. That was a natural consequence of removing firefox and its folders and starting over. You can look in your Recycle Bin and if the two folders you removed are still there you can try restoring them.
  • 0

#10
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
If I could get the Firefox back on running I will try to get my bookmarks organized again...but Firefox is not loading anymore no matter how I try
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
A restored Firefox can't run without those folders so right click on the Recycle bin and select Open then if you see the folders rightclick on them and RESTORE. Then see if Firefox will run.
  • 0

#12
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Of course those folders were wiped off already...But why cant I get a new install of firefox to work??
  • 0

#13
alternate

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Dude...are you sure that you know what you're doing? I just got my Firefox back with all my bookmarks and passwords after I deleted and emptied my recycle bin...My PC is sluggish though...taking too long to load some programs....do you want me to start from the scratch again to see if I'm clean? Right now I have almost 10 programs to clean up the virus and dont know if its good to have them all on my desktop...My Antivir is still blocking several threats now...here's my last report of it:


Avira AntiVir Personal
Report file date: Saturday, October 16, 2010 16:23

Scanning for 2939810 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DD3000

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 19:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 01:44:08
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 01:44:10
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 01:44:15
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 01:44:18
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 01:44:18
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 01:44:18
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 01:44:19
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 01:44:19
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 01:44:19
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 01:44:19
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 01:44:20
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 01:44:20
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 01:44:20
VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 01:44:20
VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 01:44:20
VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 01:44:21
VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 01:44:21
VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 01:44:21
VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 01:44:21
VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 18:57:56
VBASE025.VDF : 7.10.12.217 2048 Bytes 10/14/2010 18:57:56
VBASE026.VDF : 7.10.12.218 2048 Bytes 10/14/2010 18:57:57
VBASE027.VDF : 7.10.12.219 2048 Bytes 10/14/2010 18:57:57
VBASE028.VDF : 7.10.12.220 2048 Bytes 10/14/2010 18:57:57
VBASE029.VDF : 7.10.12.221 2048 Bytes 10/14/2010 18:57:57
VBASE030.VDF : 7.10.12.222 2048 Bytes 10/14/2010 18:57:57
VBASE031.VDF : 7.10.12.230 66048 Bytes 10/16/2010 22:34:45
Engineversion : 8.2.4.82
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/14/2010 01:44:31
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/14/2010 01:44:31
AESCN.DLL : 8.1.6.1 127347 Bytes 10/14/2010 01:44:30
AESBX.DLL : 8.1.3.1 254324 Bytes 10/14/2010 01:44:31
AERDL.DLL : 8.1.9.2 635252 Bytes 10/14/2010 01:44:30
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/14/2010 01:44:29
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/14/2010 01:44:29
AEHEUR.DLL : 8.1.2.35 2961784 Bytes 10/15/2010 18:58:10
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/14/2010 01:44:27
AEGEN.DLL : 8.1.3.23 401779 Bytes 10/14/2010 01:44:27
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/14/2010 01:44:26
AECORE.DLL : 8.1.17.0 196982 Bytes 10/14/2010 01:44:26
AEBB.DLL : 8.1.1.0 53618 Bytes 10/14/2010 01:44:25
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 00:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, October 16, 2010 16:23

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '60' Module(s) have been scanned
Scan process 'wuauclt.exe' - '35' Module(s) have been scanned
Scan process 'iexplore.exe' - '131' Module(s) have been scanned
Scan process 'iPodService.exe' - '28' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '53' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '38' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '43' Module(s) have been scanned
Scan process 'avgnt.exe' - '50' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '40' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '66' Module(s) have been scanned
Scan process 'M-AudioTaskBarIcon.exe' - '26' Module(s) have been scanned
Scan process 'ctfmon.exe' - '24' Module(s) have been scanned
Scan process 'alg.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'RichVideo.exe' - '20' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'NLSSRV32.EXE' - '13' Module(s) have been scanned
Scan process 'NitroPDFDriverService.exe' - '18' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'jqs.exe' - '32' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '75' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '28' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '107' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'acs.exe' - '49' Module(s) have been scanned
Scan process 'spoolsv.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '158' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsass.exe' - '62' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '64' Module(s) have been scanned
Scan process 'csrss.exe' - '13' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1766' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\System Volume Information\_restore{435EC9D0-B8D6-4C2A-9C41-476DBD741478}\RP1\A0001061.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\System Volume Information\_restore{435EC9D0-B8D6-4C2A-9C41-476DBD741478}\RP3\A0002227.dll
[DETECTION] Is the TR/Ursnif.18.4 Trojan

Beginning disinfection:
C:\System Volume Information\_restore{435EC9D0-B8D6-4C2A-9C41-476DBD741478}\RP3\A0002227.dll
[DETECTION] Is the TR/Ursnif.18.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4629e4cd.qua'.
C:\System Volume Information\_restore{435EC9D0-B8D6-4C2A-9C41-476DBD741478}\RP1\A0001061.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5ebecb6b.qua'.


End of the scan: Saturday, October 16, 2010 17:15
Used time: 35:38 Minute(s)

The scan has been done completely.

9840 Scanned directories
256639 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
256637 Files not concerned
2458 Archives were scanned
0 Warnings
2 Notes
558977 Objects were scanned with rootkit scan
1 Hidden objects were found
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP