Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spam emails


  • This topic is locked This topic is locked

#1
Odal

Odal

    Member

  • Member
  • PipPipPip
  • 130 posts
Hi, I am posting this for my brother, who is pretty computer illiterate. The symptoms are basically that the computer is really slow (this is probably more from old age than anything, in fact his display on the laptop died recently but the chip must still be working because it's fine hooked up to a monitor) and that people on his gmail address book are reporting getting spam emails from his address.

I had him change his email password a week or so ago, but apparently that didn't stop anything so I am posting his log. Thanks in advance.

Also, the laptop is my father's old work laptop that the company let him keep, so I am sure there are some virus scan/etc conflicts that are probably slowing down the computer. I just haven't gotten rid of that stuff for fear of bricking the computer (almost happened in the past after I accidentally took him off the domain and put him in a workgroup).

 


OTL logfile created on: 1/23/2011 4:11:07 PM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 346.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 0.19 Gb Free Space | 0.50% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 259.78 Gb Free Space | 55.78% Space Free | Partition Type: NTFS

Computer Name: BEN | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/23 16:10:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads\OTL.exe
PRC - [2010/12/10 02:37:17 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 02:37:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2010/01/07 13:38:08 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/10/21 19:24:37 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/01 00:10:57 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2007/10/25 09:24:54 | 000,414,064 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Client\SpySweeperUI.exe
PRC - [2007/10/25 09:24:52 | 000,709,488 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Client\CommAgent.exe
PRC - [2007/10/25 09:23:58 | 000,210,232 | ---- | M] () -- C:\Program Files\Webroot\Client\SSU.EXE
PRC - [2007/10/25 09:23:56 | 003,566,904 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Client\SPYSWEEPER.EXE
PRC - [2007/07/06 17:16:16 | 000,218,568 | ---- | M] (1E Ltd.) -- C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe
PRC - [2006/04/12 16:33:08 | 000,090,112 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
PRC - [2006/04/12 16:30:40 | 000,131,072 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
PRC - [2006/02/09 02:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/02/09 02:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
PRC - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/09/08 18:59:22 | 000,024,848 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2004/11/04 18:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/01/23 16:10:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/03/01 00:10:47 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/04/12 16:33:06 | 000,024,576 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgMsgBhk.dll
MOD - [2004/11/04 18:39:58 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/10/21 19:24:37 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/25 09:24:52 | 000,709,488 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Client\CommAgent.exe -- (WebrootCommAgentService)
SRV - [2007/10/25 09:23:56 | 003,566,904 | ---- | M] (Webroot Software, Inc.) [On_Demand | Running] -- C:\Program Files\Webroot\Client\spysweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/07/06 17:16:16 | 000,218,568 | ---- | M] (1E Ltd.) [Auto | Running] -- C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe -- (SMSWUagent)
SRV - [2007/06/07 17:45:04 | 000,664,488 | ---- | M] (1E Ltd.) [Auto | Stopped] -- C:\Program Files\1E\NightWatchman40\NightWatchman.exe -- (NightWatchman40)
SRV - [2006/08/25 11:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/04/12 16:33:08 | 000,090,112 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe -- (SgeCtl)
SRV - [2006/04/12 16:30:40 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe -- (SgeClient)
SRV - [2006/04/12 16:26:54 | 000,147,456 | ---- | M] (Utimaco Safeware AG) [Auto | Stopped] -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- (WksCfgSrv)
SRV - [2006/02/09 02:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/02/09 02:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)
SRV - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/03/31 11:27:00 | 000,061,440 | ---- | M] (Utimaco Safeware AG) [On_Demand | Stopped] -- C:\WINDOWS\system32\SgLogPlayer.exe -- (SgLogPlayer)


========== Driver Services (SafeList) ==========

DRV - [2009/12/08 08:29:16 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/05 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/20 12:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/11/15 15:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2007/10/25 09:23:58 | 000,020,280 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0BB9.SYS -- (SSFS0BB9)
DRV - [2007/10/25 09:23:56 | 000,163,640 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2007/10/25 09:23:56 | 000,021,816 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/05/10 14:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/25 13:43:15 | 000,003,445 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\U3SHLPDR.SYS -- (U3SHLPDR)
DRV - [2006/04/12 16:34:42 | 000,061,466 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SGEFLT.SYS -- (SgeFlt)
DRV - [2006/04/12 16:32:24 | 000,018,464 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AES256.SYS -- (AES-256)
DRV - [2006/04/12 16:32:22 | 000,018,464 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AES128.SYS -- (AES-128)
DRV - [2006/02/09 02:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/02/09 02:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/09 02:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2006/02/03 11:37:33 | 000,049,536 | R--- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2005/11/04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/08/18 19:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/07/22 11:17:42 | 000,051,392 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ATNT40K.SYS -- (ATNT40K)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/03/04 14:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/11/04 18:26:42 | 000,186,016 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/05/15 20:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/04 21:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE)
DRV - [2003/07/28 23:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003/07/24 13:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/10 01:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mail.google.c.../?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {6C907578-7568-408B-9AC2-0F3E4D676A50}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009

FF - HKLM\software\mozilla\Firefox\extensions\\{6C907578-7568-408B-9AC2-0F3E4D676A50}: C:\Documents and Settings\Ben.LATLCNU5121JPM\Local Settings\Application Data\{6C907578-7568-408B-9AC2-0F3E4D676A50} [2009/10/21 19:00:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 17:49:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 17:49:21 | 000,000,000 | ---D | M]

[2010/06/01 22:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Extensions
[2010/06/01 22:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Extensions\[email protected]
[2011/01/22 23:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions
[2010/05/27 15:52:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/16 14:53:47 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2011/01/16 14:53:29 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/10/24 19:57:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/16 14:53:21 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\[email protected]
[2010/10/08 16:06:52 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\[email protected]
[2008/11/29 10:30:03 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\searchplugins\pantera.xml
[2011/01/22 23:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 16:27:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/17 23:58:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/10/21 19:00:54 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\BEN.LATLCNU5121JPM\LOCAL SETTINGS\APPLICATION DATA\{6C907578-7568-408B-9AC2-0F3E4D676A50}
[2009/10/24 19:36:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/04/28 19:38:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WebrootClientUI] C:\Program Files\Webroot\Client\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: credit360.com ([ing] http in Trusted sites)
O15 - HKCU\..Trusted Domains: credit360.com ([ing] https in Trusted sites)
O15 - HKCU\..Trusted Domains: iam.intranet ([]* in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1196083048666 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} http://antivirus/webinst.cab (WebBasedClientInstall Class)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.beta.inst...ad/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} http://app81nyc1d/Re...OpType=PrintCab (RSClientPrint Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (iesvfo.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CSGina.dll) - C:\WINDOWS\System32\CSGina.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NotLog: DllName - SGLogEx.dll - C:\WINDOWS\System32\SGLogEx.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\SGLogNotification: DllName - SGLogNotification.dll - C:\WINDOWS\System32\SGLogNotification.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNtf.DLL - C:\WINDOWS\System32\WRLogonNtf.DLL (Webroot Software, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/25 11:16:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{28d36505-c705-11de-b208-001279c13015}\Shell - "" = AutoRun
O33 - MountPoints2\{28d36505-c705-11de-b208-001279c13015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28d36505-c705-11de-b208-001279c13015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/29 00:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads
[2008/03/11 19:22:02 | 035,483,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\zunesetuppkg-x86.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/23 15:19:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/23 15:19:11 | 000,000,468 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2011/01/23 15:17:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/23 00:29:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/22 01:35:53 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\To download.doc
[2011/01/21 23:45:24 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\best metal albums of decade.doc
[2011/01/20 22:19:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Upcoming shows.doc
[2011/01/19 21:21:54 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Tears, idle tears.doc
[2011/01/18 20:22:51 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\woe.doc
[2011/01/15 18:13:37 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\best state universities.doc
[2011/01/09 14:28:08 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\where are the most metal shows.doc
[2011/01/02 23:11:13 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\nw supp essay.doc
[2010/12/30 01:13:50 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Why nw.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/21 23:45:23 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\best metal albums of decade.doc
[2011/01/19 20:18:08 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Tears, idle tears.doc
[2011/01/18 18:13:33 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\woe.doc
[2011/01/15 19:14:05 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Upcoming shows.doc
[2011/01/15 17:35:36 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\best state universities.doc
[2011/01/09 02:43:31 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\where are the most metal shows.doc
[2011/01/02 23:11:12 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\nw supp essay.doc
[2010/12/30 01:13:49 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Why nw.doc
[2009/10/22 22:25:12 | 000,016,184 | ---- | C] () -- C:\Program Files\Common Files\maseb.bat
[2009/10/22 22:25:09 | 000,019,749 | ---- | C] () -- C:\Program Files\Common Files\ukekij.inf
[2009/10/22 22:10:16 | 000,017,319 | ---- | C] () -- C:\Program Files\Common Files\otavydez.scr
[2009/10/22 22:10:12 | 000,014,560 | ---- | C] () -- C:\Program Files\Common Files\dicymiwu.dll
[2009/10/22 21:07:54 | 000,010,246 | ---- | C] () -- C:\Program Files\Common Files\ruguqoxivu.exe
[2009/10/21 19:03:42 | 000,017,348 | ---- | C] () -- C:\Program Files\Common Files\fokovubi.com
[2009/10/21 19:03:41 | 000,011,336 | ---- | C] () -- C:\Program Files\Common Files\efofafo.lib
[2009/10/21 19:03:40 | 000,012,455 | ---- | C] () -- C:\Program Files\Common Files\mucu._sy
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/10 22:32:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/01 08:31:15 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/01 08:00:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\$_hpcst$.hpc
[2008/06/13 20:37:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/05/23 14:34:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ypwp87a.dll
[2008/03/15 13:47:29 | 000,433,152 | ---- | C] () -- C:\Program Files\epson10048.exe
[2008/03/15 13:06:44 | 003,929,088 | ---- | C] () -- C:\Program Files\epson10192.exe
[2007/11/26 20:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/11/26 08:25:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/08/23 17:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/22 14:15:44 | 000,000,273 | ---- | C] () -- C:\WINDOWS\{9FF7DAE0-1030-43C5-AE2E-D2815D206E85}_WiseFW.ini
[2006/09/12 18:22:41 | 000,000,468 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/03 13:11:52 | 000,001,222 | ---- | C] () -- C:\WINDOWS\INTRACTN.INI
[2006/04/25 18:07:37 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/25 16:27:09 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2006/04/25 15:35:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/25 13:43:15 | 000,003,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3SHLPDR.SYS
[2006/04/25 07:08:10 | 000,004,354 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/22 18:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/11/04 10:21:48 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/07/22 11:17:42 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/03/31 11:27:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGCleanLocalGPO.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/21 09:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/21 09:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/21 09:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/21 09:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/21 09:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/21 09:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2007/08/22 14:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E
[2010/05/27 18:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/04/14 18:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/08/22 21:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/24 14:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/24 20:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/12 15:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 20:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Amazon
[2010/09/12 16:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\BonkEnc
[2010/07/22 16:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Caphyon
[2008/12/28 22:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\GarageGames
[2008/08/01 07:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\InterVideo
[2010/12/05 13:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Lala Music Mover
[2010/07/15 20:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mp3tag
[2008/08/01 11:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\RTPlayer
[2010/06/01 22:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Songbird2
[2010/10/08 18:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Tunebite
[2009/06/17 13:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/05/05 21:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Uniblue
[2009/12/05 00:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\zenses
[2010/05/27 23:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Zuse

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Odal

Odal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Also, he would appreciate if you could help him get a sleep option for the computer, because right now there are only log off and shut down options.
  • 0

#3
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.


Hi, I'm Dakeyras and I am going to try to assist you with your brothers machine. :D

Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Hard-Drive Free Space Advice:

This is very probably one of causes of the current issues with your brothers' machine.

Drive C: | 37.26 Gb Total Space | 0.19 Gb Free Space | 0.50% Space Free | Partition Type: NTFS

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion.

I advise the uninstallation of some software that is not required and move any files/documents and pictures etc to say Drive E or a form of removable media. This is just my friendly advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic and the machine may actually cease to boot-up at all.

So address the above first then I am going to ask for a different scans(leave OTL on the desktop for the time being) and we will go from there.

Scan with GMER:

Please download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Posted Image

Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.


Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is your brother's computer performing now, any further symptoms and or problems encountered?
  • Gmer Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#4
Odal

Odal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Hi, his system definitely feels a little faster from clearing up some space. Still slightly concerned about the email hijacking--if you don't find any backdoors/etc, would you just recommend changing password again? I knew that he has had MANY virus problems in the past so I just assumed it was that.

 

info.txt logfile of random's system information tool 1.08 2011-02-01 22:10:02

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe SVG Viewer-->MsiExec.exe /I{B1DECD4A-FAF6-491F-9733-86B03BF63D99}
Agere Systems AC'97 Modem-->agrsmdel
Amazon MP3 Downloader 1.0.10-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Mobile Device Support-->MsiExec.exe /I{308B6AEA-DE50-4666-996D-0FA461719D6B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69E3422-A3AB-42CE-8817-6C970328A1CD}\Setup.exe" -l0x9
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cisco Systems VPN Client 4.8.00.0440-->MsiExec.exe /X{24C67B54-0718-445E-B663-3138D9246BD1}
Clarion Fonts-->MsiExec.exe /I{FCE22800-F753-4143-BC9C-A9913E35F8B8}
Command Prompt Here PowerToy-->rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\INF\DosHere.inf
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CorasWorks Client Controls Winter 2005-->MsiExec.exe /I{5022F7EC-FF13-424E-8215-4D5E121D5F26}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DNS Suffix Change 1.0-->MsiExec.exe /I{6E90AE26-2DD4-4101-9BFD-A30BAC1ECE02}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ExplorerXP (remove only)-->C:\Program Files\ExplorerXP\Uninst.exe
FolderMatch v3.5.6-->"C:\Program Files\FolderMatch\unins000.exe"
Help Desk Menu-->MsiExec.exe /I{3585DACE-045D-49DC-9AB0-51AEF724ABD8}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
IECredit360Trusted_1.0_b01-->MsiExec.exe /I{6871824F-23A9-4ADD-B087-7F96A00F2DD3}
IEIIMIntranet-->MsiExec.exe /I{EB6757FD-CAB5-41B1-B168-11362D520423}
Internet Explorer Background Printing 1.0-->MsiExec.exe /I{38C68A1A-C13E-4A1A-A134-B62E41F35B64}
iTunes-->MsiExec.exe /I{881F5DE8-9367-4B81-A325-E91BBC6472F9}
Java™ 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Last.fm 1.5.4.27091-->"C:\Program Files\Last.fm\unins000.exe"
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MacromediaShockwave_8.5.1_b01-->MsiExec.exe /X{930439A1-B49E-4A54-A499-31BDC1A91DE5}
MacrovisionExploitFix 4.3.86-->MsiExec.exe /I{B3A5659B-21CA-4BB8-A3EB-61C60C8886B1}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Meeting Manager for Internet Explorer-->MsiExec.exe /I{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}
MetaFrame Presentation Server Client-->MsiExec.exe /I{E92B7A19-5FD5-4AEE-9FEF-7AD5DD3A675E}
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office H Drive-->MsiExec.exe /I{BFEAE4C8-4FC8-4445-B203-0B73F2E317AD}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Snapshot Viewer -->MsiExec.exe /I{822C436E-46B2-4E12-8393-BE0C5A55CF9C}
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft User-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWudf01009$\spuninst\spuninst.exe"
Microsoft Visual C# 2008 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition - ENU\setup.exe
Microsoft Visual C# 2008 Express Edition - ENU-->MsiExec.exe /X{2D07422C-CA35-375A-A3A8-3631AB85BFE5}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Microsoft XNA Framework Redistributable 3.0 (CTP)-->MsiExec.exe /I{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}
Microsoft XNA Game Studio 3.0 (CTP) (ARP entry)-->MsiExec.exe /I{E1D78366-91DA-4AD0-B417-28155743CC22}
Microsoft XNA Game Studio 3.0 (CTP) (Redists)-->MsiExec.exe /I{0DC16794-7E69-4534-82FA-9DD0500FF338}
Microsoft XNA Game Studio 3.0 (CTP) (shared components)-->MsiExec.exe /I{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}
Microsoft XNA Game Studio 3.0 (CTP) (vcsexpress)-->MsiExec.exe /I{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}
Microsoft XNA Game Studio 3.0 (CTP) (xnaliveproxy)-->MsiExec.exe /I{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}
Microsoft XNA Game Studio 3.0 (CTP) Documentation-->MsiExec.exe /I{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}
Microsoft XNA Game Studio 3.0 (CTP)-->c:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\Setup\Bootstrapper.exe
Mini Python Pack 1.5.1-->C:\WINDOWS\rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\minipy15.inf
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.46a-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Documents User Setting-->MsiExec.exe /I{B70133B8-0BF9-4D9A-94D5-0FD7C312CBB6}
NightWatchman40-->MsiExec.exe /I{DC4FED99-0E32-43DF-A6B6-F33FD060845C}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PixiePack Codec Pack-->MsiExec.exe /I{582610B8-E496-4813-993C-4B027173FE38}
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
QuickTime-->MsiExec.exe /X{160803D2-512E-426C-A6D8-F7E1867801E2}
RealPlayer Enterprise-->MsiExec.exe /I{AB82ABF3-1081-4F73-BF09-674503985217}
RFClient8.0-->MsiExec.exe /I{8803A4BA-556C-43BA-9662-441F6AD683FC}
RSPrintClient_1.0_b01-->MsiExec.exe /I{75698CF9-0FDC-42FA-8355-A3875D61299B}
Safe Guard Easy Kernel Backup-->MsiExec.exe /I{4470E21B-0BCB-4F76-BAEF-4D248C1A0412}
SafeGuardÆ Easy 4.20.1-->MsiExec.exe /I{6C0F9CF5-C0A3-4C65-A17A-878FE1C821B3}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
SMSWakeUp50 Agent-->MsiExec.exe /X{9FF7DAE0-1030-43C5-AE2E-D2815D206E85}
Sybase Client-->MsiExec.exe /I{D175D680-18CC-4DF8-AD21-FA6FAE862C98}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Synergy Slow Network Setting 1.0.0-->MsiExec.exe /I{0A380B54-01B1-4F55-AFFB-E0EDA06A1261}
Synergy Wallpaper Update-->MsiExec.exe /I{45B0DDB2-2077-4938-BE24-75FA7794F096}
Tunebite-->MsiExec.exe /I{60203ED6-C728-43DD-BCAB-EB31CD4F1540}
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Unlocker 1.8.6-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Utimaco Login Fix-->MsiExec.exe /I{34FAA56B-9CAD-4A9F-BAD7-7BBFA3AF4681}
VERITAS Enterprise Vault User Extensions 6.0-->MsiExec.exe /I{EE0944B8-C3D0-4FCB-9AF0-989EAC165749}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinDVD-->MsiExec.exe /I{FF16C809-1DCE-4FEE-BBFF-30FFD9B7377A}
Zenses2 Beta2-->"C:\Program Files\Zenses2\Uninstall.exe"
Zune Language Pack (DE)-->MsiExec.exe /X{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune Language Pack (IT)-->MsiExec.exe /X{40EC6323-497B-44DA-8A88-74578622D9B3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{888FFC82-688D-46AB-A776-B417885432B6}
Zuse version 1.9.7.1-->"C:\Program Files\Zune\unins000.exe"

======Security center information======

AV: WebrootÆ Client Security (disabled)
AV: AntiVir Desktop (disabled) (outdated)

======System event log======

Computer Name: BEN
Event Code: 18
Message: TIMEOUT<explorer.exe> C:\... Mover\LalaMover.exe

Record Number: 32462
Source Name: avgntflt
Time Written: 20091208123147.000000-300
Event Type: warning
User:

Computer Name: BEN
Event Code: 18
Message: TIMEOUT<explorer.exe> C:\... Mover\LalaMover.exe

Record Number: 32461
Source Name: avgntflt
Time Written: 20091208123117.000000-300
Event Type: warning
User:

Computer Name: BEN
Event Code: 18
Message: TIMEOUT<explorer.exe> C:\... Mover\LalaMover.exe

Record Number: 32460
Source Name: avgntflt
Time Written: 20091208123047.000000-300
Event Type: warning
User:

Computer Name: BEN
Event Code: 18
Message: TIMEOUT<explorer.exe> C:\... Mover\LalaMover.exe

Record Number: 32459
Source Name: avgntflt
Time Written: 20091208123017.000000-300
Event Type: warning
User:

Computer Name: BEN
Event Code: 18
Message: TIMEOUT<explorer.exe> C:\... Mover\LalaMover.exe

Record Number: 32458
Source Name: avgntflt
Time Written: 20091208122947.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: BEN
Event Code: 5
Message: WARNING: Evaluation Software

You are using an unregistered version of NightWatchman40

To purchase the full product please go to our website:-

http://www.1e.com/NightWatchman40

Record Number: 10705
Source Name: NightWatchman40
Time Written: 20090415194604.000000-240
Event Type: warning
User:

Computer Name: BEN
Event Code: 1517
Message: Windows saved user BEN\Ben registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 10699
Source Name: Userenv
Time Written: 20090415194417.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BEN
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 10698
Source Name: Userenv
Time Written: 20090415194416.000000-240
Event Type: warning
User: BEN\Ben

Computer Name: BEN
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.
Record Number: 10683
Source Name: EventSystem
Time Written: 20090415175802.000000-240
Event Type: warning
User:

Computer Name: BEN
Event Code: 5
Message: WARNING: Evaluation Software

You are using an unregistered version of NightWatchman40

To purchase the full product please go to our website:-

http://www.1e.com/NightWatchman40

Record Number: 10675
Source Name: NightWatchman40
Time Written: 20090415175554.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Program Files\sybase\OCS-12_0\dll;C:\Program Files\sybase\OCS-12_0\bin;C:\Program Files\sybase\OLEDB-2_1;C:\Program Files\Utimaco\SafeGuard Easy;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"INCLUDE"=C:\Program Files\sybase\OCS-12_0\include\
"LIB"=C:\Program Files\sybase\OCS-12_0\lib\
"SYBASE"=C:\Program Files\sybase\
"SYBASE_OCS"=OCS-12_0
"XNAGSShared"=c:\Program Files\Common Files\Microsoft Shared\XNA\
"XNAGSv3"=c:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

 


Logfile of random's system information tool 1.08 (written by random/random)
Run by Ben at 2011-02-01 22:09:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 767 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:09:57 PM, on 2/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Client\commagent.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Webroot\Client\spysweeper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Webroot\Client\SpySweeperUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Webroot\Client\SSU.EXE
C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Ben.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WebrootClientUI] "C:\Program Files\Webroot\Client\SpySweeperUI.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us.iam.intranet
O15 - Trusted Zone: http://ing.credit360.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1196083048666
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus/webinst.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.beta.inst...ad/iaplayer.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://app81nyc1d/Re...OpType=PrintCab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = iam.intranet,ifsam.com,us.americas.intranet
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = iam.intranet,ifsam.com,us.americas.intranet
O20 - AppInit_DLLs: iesvfo.dll
O20 - Winlogon Notify: NotLog - SGLogEx.dll (file missing)
O20 - Winlogon Notify: SGLogNotification - SGLogNotification.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NightWatchman40 - 1E Ltd. - C:\Program Files\1E\NightWatchman40\NightWatchman.exe
O23 - Service: SafeGuard Easy Client (SgeClient) - Unknown owner - C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: SMSWUagent - 1E Ltd. - C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Client\commagent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Client\spysweeper.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

--
End of file - 8433 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-04 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-04 688218]
"WebrootClientUI"=C:\Program Files\Webroot\Client\SpySweeperUI.exe [2007-10-25 414064]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-03-01 15872]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-12-13 421160]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdWizard]
C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe [2006-04-12 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-04 461584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RightFAX Print-to-Fax Driver]
C:\Program Files\RightFax\FaxCtrl.exe [2001-07-31 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SgeEcView]
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe [2006-04-12 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe [2008-04-13 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
C:\PROGRA~1\Citrix\ICACLI~1\pnagent.exe [2005-09-08 233744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="iesvfo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NotLog]
C:\WINDOWS\system32\SGLogEx.dll [2002-01-22 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SGLogNotification]
C:\WINDOWS\system32\SGLogNotification.dll [2005-03-31 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNtf.DLL [2007-10-25 219448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
rsci3drv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=ING - Unauthorized Access Is Prohibited
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMConfigurePrograms"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaTrans.exe"="C:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaTrans.exe:LocalSubNet:Enabled:XNA Game Studio 3.0 Transport"
"C:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaLiveProxy.exe"="C:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows - LIVE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe"="C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe:*:Enabled:SMSWakeUp Agent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-02-01 22:09:44 ----D---- C:\Program Files\trend micro
2011-02-01 22:09:42 ----D---- C:\rsit
2011-01-12 02:11:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$

======List of files/folders modified in the last 1 months======

2011-02-01 22:09:52 ----D---- C:\Temp
2011-02-01 22:09:44 ----RD---- C:\Program Files
2011-02-01 22:09:21 ----D---- C:\WINDOWS\Prefetch
2011-02-01 21:31:10 ----D---- C:\WINDOWS\temp
2011-02-01 21:16:06 ----D---- C:\WINDOWS\Debug
2011-02-01 21:16:06 ----D---- C:\WINDOWS
2011-02-01 21:15:22 ----D---- C:\Program Files\CCleaner
2011-02-01 20:05:30 ----SHD---- C:\WINDOWS\Installer
2011-02-01 20:04:55 ----SHD---- C:\Config.Msi
2011-02-01 20:03:46 ----D---- C:\Program Files\a-squared Free
2011-02-01 19:30:29 ----D---- C:\WINDOWS\system32
2011-02-01 09:32:11 ----A---- C:\WINDOWS\smscfg.ini
2011-02-01 09:30:36 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-01 02:05:37 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-01-12 02:12:42 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-12 02:12:03 ----HD---- C:\WINDOWS\inf
2011-01-12 02:11:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-12 00:34:27 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AES-128;AES-128; C:\WINDOWS\SYSTEM32\DRIVERS\AES128.SYS [2006-04-12 18464]
R0 AES-256;AES-256; C:\WINDOWS\SYSTEM32\DRIVERS\AES256.SYS [2006-04-12 18464]
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
R0 SgeFlt;SgeFlt; C:\WINDOWS\SYSTEM32\DRIVERS\SGEFLT.SYS [2006-04-12 61466]
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9; C:\WINDOWS\SYSTEM32\Drivers\SSFS0BB9.SYS [2007-10-25 20280]
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver; C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS [2007-10-25 21816]
R0 SSIDRV;Spy Sweeper Interdiction Driver; C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS [2007-10-25 163640]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 ATNT40K;ActiveTouch NT Appsharing Driver; C:\WINDOWS\SYSTEM32\DRIVERS\ATNT40K.SYS [2005-07-22 51392]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\c:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
R2 U3SHLPDR;U3SHLPDR; \??\C:\WINDOWS\System32\Drivers\U3SHLPDR.SYS []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2010-01-07 40832]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-11-08 127744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-28 182101]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-08-18 110080]
R3 Eplpdx02;Eplpdx02; \??\C:\WINDOWS\system32\Drivers\EPLPDX02.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-12-23 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys [2006-02-09 8992]
R3 kbstuff;SMS Virtual Keyboard; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2006-02-09 11744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-13 259840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-04 186016]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2003-08-04 322560]
S0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
S3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 5689]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 pxtdqpow;pxtdqpow; \??\C:\Temp\pxtdqpow.sys []
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2004-08-06 17920]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2006-02-03 49536]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 CVPND;Cisco Systems, Inc. VPN Service; c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2005-11-04 1516584]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SgeClient;SafeGuard Easy Client; C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe [2006-04-12 131072]
R2 SgeCtl;SafeGuard Easy Control; C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe [2006-04-12 90112]
R2 SMSWUagent;SMSWUagent; C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe [2007-07-06 218568]
R2 WebrootCommAgentService;Webroot CommAgent Service; C:\Program Files\Webroot\Client\commagent.exe [2007-10-25 709488]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Wuser32;SMS Remote Control Agent; C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe [2006-02-09 248544]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2010-01-07 58592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
R3 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Client\spysweeper.exe [2007-10-25 3566904]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-05-15 397312]
S2 NightWatchman40;NightWatchman40; C:\Program Files\1E\NightWatchman40\NightWatchman.exe [2007-06-07 664488]
S2 WksCfgSrv;SafeGuard Easy Workstation Server; C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe [2006-04-12 147456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SgLogPlayer;SafeGuard SGLOG Player; C:\WINDOWS\system32\SgLogPlayer.exe [2005-03-31 61440]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

 


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-01 22:06:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2040AH_PL rev.006C
Running: nj007hqn.exe; Driver: C:\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT 83F57240 ZwAllocateVirtualMemory
SSDT F7BCDE26 ZwCreateKey
SSDT 83F88320 ZwCreateProcess
SSDT 83F5A188 ZwCreateProcessEx
SSDT F7BCDE1C ZwCreateThread
SSDT F7BCDE2B ZwDeleteKey
SSDT F7BCDE35 ZwDeleteValueKey
SSDT F7BCDE3A ZwLoadKey
SSDT F7BCDE08 ZwOpenProcess
SSDT F7BCDE0D ZwOpenThread
SSDT 83F572B8 ZwQueueApcThread
SSDT 83F57150 ZwReadVirtualMemory
SSDT 83FDF600 ZwRenameKey
SSDT F7BCDE44 ZwReplaceKey
SSDT F7BCDE3F ZwRestoreKey
SSDT 83F573A8 ZwSetContextThread
SSDT 83FDE600 ZwSetInformationKey
SSDT 83FA6468 ZwSetInformationProcess
SSDT 83F57420 ZwSetInformationThread
SSDT F7BCDE30 ZwSetValueKey
SSDT 83F57588 ZwSuspendProcess
SSDT 83F57330 ZwSuspendThread
SSDT F7BCDE17 ZwTerminateProcess
SSDT 83F57498 ZwTerminateThread
SSDT 83F571C8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\o2mmb.sys entry point in "init" section [0xF6245320]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[2204] SHELL32.dll!SHFileOperationW 7CA708E4 5 Bytes JMP 023A1102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Webroot\Client\SSU.EXE[2652] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00016B10 C:\Program Files\Webroot\Client\SSU.EXE
.text C:\Program Files\Webroot\Client\SSU.EXE[2652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000129B0 C:\Program Files\Webroot\Client\SSU.EXE
.text C:\Program Files\Webroot\Client\SSU.EXE[2652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00012AB0 C:\Program Files\Webroot\Client\SSU.EXE
.text C:\Program Files\Webroot\Client\SSU.EXE[2652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 000129B0 C:\Program Files\Webroot\Client\SSU.EXE
.text C:\Program Files\Webroot\Client\SSU.EXE[2652] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00012A60 C:\Program Files\Webroot\Client\SSU.EXE
.text C:\Program Files\Webroot\Client\SSU.EXE[2652] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00012A90 C:\Program Files\Webroot\Client\SSU.EXE
.text C:\Program Files\Webroot\Client\spysweeper.exe[2828] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0045024D C:\Program Files\Webroot\Client\spysweeper.exe (Spy Sweeper Engine/Webroot Software, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))

Device \Driver\Tcpip \Device\Ip 82B8B8D0

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp 82B8B8D0

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SGEFLT.SYS (PnP Disk Filter Driver/Utimaco Safeware AG)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SGEFLT.SYS (PnP Disk Filter Driver/Utimaco Safeware AG)

Device \Driver\Tcpip \Device\Udp 82B8B8D0
Device \Driver\Tcpip \Device\RawIp 82B8B8D0
Device \Driver\Tcpip \Device\IPMULTICAST 82B8B8D0

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----
  • 0

#5
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

Hi, his system definitely feels a little faster from clearing up some space

Aye a definite marked improvement indeed:-

System drive C: has 5 GB (14%) free of 38 GB

Plus during the course of the Malware removal proccess we should be able to free up some more free space.

Still slightly concerned about the email hijacking--if you don't find any backdoors/etc, would you just recommend changing password again? I knew that he has had MANY virus problems in the past so I just assumed it was that.

It would be prudent indeed to change the password again for the GMail account and actually change the Secret Question and answer for that also. For the time being do not and ask your brother not to access his account until I advise otherwise, thank you.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

LiveUpdate 3.1 (Symantec Corporation)
NightWatchman40 <-- Appears the trial period has expired so might as well go.
Uniblue RegistryBooster 2 <-- Registry cleaners very rarely do any good and have the potential to leave a machine unbootible.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Run WebRoot CleanUp:

Please download SSECleanup.zip and save it to the Desktop. Now extract the zip file to the Desktop.

Double-click on SSECleanup.exe and follow the prompts, reboot the machine if prompted.

Note: If any problems encountered, merely inform myself in your next reply and post the contents of SSECleanup.02-03-11.DD.DD.DD.txt log. If all went well I do not need to review the log.

Next:

OK before we proceed any further and apart from the malware I have thus identified so far I would like to check the MBR(Master Boot Record) of your brother's machine as GMER is reporting it may be compromised.

Scan with MBRCheck:

Please download MBRCheck.exe and save to your desktop.

Alternative Download is here.

  • Double-click on MBRCheck.exe to launch the application.
  • A window similar to this should open on your desktop:-
Posted Image

  • If you are prompted with options, enter N at the prompt and press Enter .
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run).
  • Please post the contents of the log in your next reply.
Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
  • 0

#6
Odal

Odal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Hi,

I removed the 3 programs. LiveUpdate had some problems uninstalling because it couldn't quit the components during the uninstall process, so I had to go into task manager and end the LUCOMS... .exe process while it was trying to uninstall for it to work.

No problems with Webroot Cleanup

MBR reports problems. However, this may be something to do with the drive encryption. Like I said, it was a former company computer so I believe they had installed some of that HD security stuff. Just a thought, don't know if that has anything to do with the boot record.

TDSS killer didn't find anything.

 

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 193):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7AAE000 \WINDOWS\system32\KDCOM.DLL
0xF79BE000 \WINDOWS\system32\BOOTVID.dll
0xF755F000 ACPI.sys
0xF7AB0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF754E000 pci.sys
0xF75AE000 isapnp.sys
0xF75BE000 SSHRMD.SYS
0xF75CE000 SSFS0BB9.SYS
0xF74F5000 \WINDOWS\SYSTEM32\Drivers\NDIS.SYS
0xF782E000 \WINDOWS\SYSTEM32\Drivers\TDI.SYS
0xF79C2000 compbatt.sys
0xF79C6000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B76000 pciide.sys
0xF7836000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AB2000 aliide.sys
0xF7AB4000 cmdide.sys
0xF7AB6000 toside.sys
0xF7AB8000 viaide.sys
0xF7ABA000 intelide.sys
0xF74D7000 pcmcia.sys
0xF75DE000 MountMgr.sys
0xF74B8000 ftdisk.sys
0xF7ABC000 dmload.sys
0xF7492000 dmio.sys
0xF783E000 PartMgr.sys
0xF79CA000 ACPIEC.sys
0xF7B77000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF75EE000 VolSnap.sys
0xF79CE000 cpqarray.sys
0xF747A000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7462000 atapi.sys
0xF79D2000 aha154x.sys
0xF7846000 sparrow.sys
0xF79D6000 symc810.sys
0xF75FE000 aic78xx.sys
0xF79DA000 dac960nt.sys
0xF760E000 ql10wnt.sys
0xF79DE000 amsint.sys
0xF784E000 asc.sys
0xF79E2000 asc3550.sys
0xF7856000 mraid35x.sys
0xF785E000 i2omp.sys
0xF79E6000 ini910u.sys
0xF761E000 ql1240.sys
0xF762E000 aic78u2.sys
0xF7866000 symc8xx.sys
0xF786E000 sym_hi.sys
0xF7876000 sym_u3.sys
0xF787E000 ABP480N5.SYS
0xF7886000 asc3350p.sys
0xF7ABE000 cd20xrnt.sys
0xF763E000 ultra.sys
0xF7449000 adpu160m.sys
0xF788E000 dpti2o.sys
0xF764E000 ql1080.sys
0xF765E000 ql1280.sys
0xF766E000 ql12160.sys
0xF7896000 perc2.sys
0xF7AC0000 perc2hib.sys
0xF789E000 hpn.sys
0xF79EA000 cbidf2k.sys
0xF741D000 dac2w2k.sys
0xF78A6000 Flpydisk.sys
0xF78AE000 AES128.SYS
0xF78B6000 AES256.SYS
0xF767E000 disk.sys
0xF768E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73FD000 fltmgr.sys
0xF73EB000 sr.sys
0xF769E000 SGEFLT.SYS
0xF73D4000 KSecDD.sys
0xF73BD000 WudfPf.sys
0xF7330000 Ntfs.sys
0xF76AE000 sisagp.sys
0xF76BE000 viaagp.sys
0xF7316000 Mup.sys
0xF76CE000 alim1541.sys
0xF76DE000 amdagp.sys
0xF76EE000 agpCPQ.sys
0xF7CF1000 \SystemRoot\system32\DRIVERS\idisw2km.sys
0xF5ACB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7B34000 \SystemRoot\system32\DRIVERS\kbstuff5.sys
0xF7986000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79AE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77FE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF78DE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5AA7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5A58000 \SystemRoot\System32\DRIVERS\ar5211.sys
0xF5A2B000 \SystemRoot\system32\drivers\o2mmb.sys
0xF5A01000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF72C6000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7AAA000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF797E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF59ED000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7296000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF59BF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B38000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF780E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF72A6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF72D6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF599C000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5EAA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF595C000 \SystemRoot\system32\drivers\smwdm.sys
0xF5938000 \SystemRoot\system32\drivers\portcls.sys
0xF72E6000 \SystemRoot\system32\drivers\drmk.sys
0xF5918000 \SystemRoot\system32\drivers\aeaudio.sys
0xF5813000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF78F6000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5AEB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF5AE3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF57F8000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xF794E000 \SystemRoot\system32\drivers\tbhsd.sys
0xF7BA3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF5E6A000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7306000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF722A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF57E1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF72F6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF57D0000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7276000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF5EA2000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7946000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF57A0000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF771E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B42000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5742000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A76000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF772E000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xF773E000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF56A9000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF774E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF775E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF5AEF000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B5C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BF2000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B60000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79B6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF796E000 \SystemRoot\System32\drivers\vga.sys
0xF7B64000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B68000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF798E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78D6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7212000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF55AE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5555000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF552D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5507000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF54E5000 \SystemRoot\System32\drivers\afd.sys
0xF77AE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF5E92000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF54BA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF544A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77CE000 \SystemRoot\System32\Drivers\Fips.SYS
0xF53C4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF53A8000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B70000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF5E9A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF77BE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF5DFB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF791E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7232000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF5E0B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF569D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF5691000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF5390000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AD4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5AFB000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79A6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BFE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF4DEC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF4C96000 \SystemRoot\system32\DRIVERS\irda.sys
0xF4CC8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF4B01000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF4A24000 \SystemRoot\system32\drivers\wdmaud.sys
0xF4B96000 \SystemRoot\system32\drivers\sysaudio.sys
0xF4A69000 \SystemRoot\SYSTEM32\DRIVERS\ATNT40K.SYS
0xF4679000 \??\c:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xF5318000 \SystemRoot\system32\drivers\npf.sys
0xF4EF8000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xF4531000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7BBF000 \??\C:\WINDOWS\System32\Drivers\U3SHLPDR.SYS
0xF3CB4000 \SystemRoot\System32\Drivers\HTTP.sys
0xF3BA2000 \??\C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
0xF3360000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
684 C:\WINDOWS\system32\smss.exe
1124 csrss.exe
1148 C:\WINDOWS\system32\winlogon.exe
1192 C:\WINDOWS\system32\services.exe
1204 C:\WINDOWS\system32\lsass.exe
1400 C:\WINDOWS\system32\svchost.exe
1488 svchost.exe
1532 C:\WINDOWS\system32\svchost.exe
1584 C:\WINDOWS\system32\svchost.exe
1688 svchost.exe
1800 svchost.exe
328 C:\WINDOWS\system32\spoolsv.exe
372 C:\Program Files\Avira\AntiVir Desktop\sched.exe
428 svchost.exe
728 C:\Program Files\Citrix\ICA Client\ssonsvr.exe
760 C:\WINDOWS\explorer.exe
1012 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1032 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1168 C:\Program Files\Bonjour\mDNSResponder.exe
1392 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1744 C:\Program Files\Java\jre6\bin\jqs.exe
1884 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1976 C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
564 C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
700 C:\WINDOWS\system32\svchost.exe
1444 C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
1608 C:\WINDOWS\system32\ZuneBusEnum.exe
1916 C:\WINDOWS\system32\CCM\CcmExec.exe
2096 C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe
2224 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2256 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2288 C:\Program Files\Unlocker\UnlockerAssistant.exe
2340 C:\WINDOWS\system32\wuauclt.exe
2336 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2424 C:\Program Files\Zune\ZuneLauncher.exe
2860 C:\Program Files\iTunes\iTunesHelper.exe
2956 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3796 alg.exe
4080 wmiprvse.exe
116 C:\Program Files\iPod\bin\iPodService.exe
3588 wmiprvse.exe
2804 C:\Program Files\Mozilla Firefox\firefox.exe
2836 C:\Program Files\Mozilla Firefox\plugin-container.exe
3964 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
3228 C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHT2040AHPL, Rev: 006C
PhysicalDrive1 Model Number: SeagateFreeAgentDesktop, Rev: 100F

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 787C0660D703D0C7FB7F6F73C9DB5432F4639EB0
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 


2011/02/03 17:48:49.0953 4040 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/03 17:48:50.0053 4040 ================================================================================
2011/02/03 17:48:50.0053 4040 SystemInfo:
2011/02/03 17:48:50.0053 4040
2011/02/03 17:48:50.0053 4040 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/03 17:48:50.0053 4040 Product type: Workstation
2011/02/03 17:48:50.0053 4040 ComputerName: BEN
2011/02/03 17:48:50.0053 4040 UserName: Ben
2011/02/03 17:48:50.0053 4040 Windows directory: C:\WINDOWS
2011/02/03 17:48:50.0053 4040 System windows directory: C:\WINDOWS
2011/02/03 17:48:50.0053 4040 Processor architecture: Intel x86
2011/02/03 17:48:50.0053 4040 Number of processors: 1
2011/02/03 17:48:50.0053 4040 Page size: 0x1000
2011/02/03 17:48:50.0053 4040 Boot type: Normal boot
2011/02/03 17:48:50.0053 4040 ================================================================================
2011/02/03 17:48:50.0554 4040 Initialize success
2011/02/03 17:49:02.0601 2440 ================================================================================
2011/02/03 17:49:02.0601 2440 Scan started
2011/02/03 17:49:02.0601 2440 Mode: Manual;
2011/02/03 17:49:02.0601 2440 ================================================================================
2011/02/03 17:49:17.0122 2440 ================================================================================
2011/02/03 17:49:17.0122 2440 Scan finished
2011/02/03 17:49:17.0122 2440 ================================================================================
2011/02/03 17:49:36.0089 0716 Deinitialize success
  • 0

#7
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

I removed the 3 programs. LiveUpdate had some problems uninstalling because it couldn't quit the components during the uninstall process, so I had to go into task manager and end the LUCOMS... .exe process while it was trying to uninstall for it to work.

Ok fair play, there may have been(still) more remnants of Symantec/Norton in-place...We can check this out in due course.

No problems with Webroot Cleanup

Good.

MBR reports problems. However, this may be something to do with the drive encryption. Like I said, it was a former company computer so I believe they had installed some of that HD security stuff. Just a thought, don't know if that has anything to do with the boot record.

Aye could very well be so...However to err on the side of caution before we proceed any further again I would like to double check the MBR on your brothers machine as follows.

Re-scan with MBRCheck:

  • Double-click on MBRCheck.exe to run the application again.
  • After it scans type Y and hit Enter for more options
  • (refer to the Screen-Shot below)
Posted Image

  • Now type 1 and hit Enter to select 'dump the mbr to file'
  • Type 0 and hit Enter to dump the mbr of physical disk 0
  • Enter a filename for the dump then press Enter
  • Now type -1 and hit Enter to quit then hit Enter again to exit mbrcheck.
  • Upload the contents of this saved file as a attachment in your next reply please.
How to attach a file for posting:-

Add Reply >> Under Attachments >> Click on Browse... >> Navigate to the file you have just saved to the Desktop >> Attach This File >> Add Reply
  • 0

#8
Odal

Odal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Hi, here's the file. Thanks
  • 0

#9
Odal

Odal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
It's not uploading, says it doesn't support the type of file. Here's it on localhostr instead.

http://localhostr.co...cFeQJ/dump0.bin
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

The MBR on your brothers machine is clean though indeed a strange one. Anyway I am of the mind if something is not broke do not fix it.

OK please post a new OTL or RSIT log, either is fine and we will go from there, thank you.
  • 0

Advertisements


#11
Odal

Odal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
OTL logfile created on: 2/7/2011 5:24:43 PM - Run 2
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 124.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 5.07 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 465.76 Gb Total Space | 262.56 Gb Free Space | 56.37% Space Free | Partition Type: NTFS

Computer Name: BEN | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/23 16:10:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads\OTL.exe
PRC - [2010/12/13 17:16:14 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/12/10 02:37:17 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 02:37:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2010/10/16 00:57:30 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2010/01/07 13:38:08 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/01 00:10:57 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2007/07/06 17:16:16 | 000,218,568 | ---- | M] (1E Ltd.) -- C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe
PRC - [2006/04/12 16:33:08 | 000,090,112 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
PRC - [2006/04/12 16:30:40 | 000,131,072 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
PRC - [2006/02/09 02:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/02/09 02:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
PRC - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/09/08 18:59:22 | 000,024,848 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2004/11/04 18:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/01/23 16:10:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/03/01 00:10:47 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/04/12 16:33:06 | 000,024,576 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgMsgBhk.dll
MOD - [2004/11/04 18:39:58 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/07/06 17:16:16 | 000,218,568 | ---- | M] (1E Ltd.) [Auto | Running] -- C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe -- (SMSWUagent)
SRV - [2006/04/12 16:33:08 | 000,090,112 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe -- (SgeCtl)
SRV - [2006/04/12 16:30:40 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe -- (SgeClient)
SRV - [2006/04/12 16:26:54 | 000,147,456 | ---- | M] (Utimaco Safeware AG) [Auto | Stopped] -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- (WksCfgSrv)
SRV - [2006/02/09 02:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/02/09 02:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)
SRV - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/03/31 11:27:00 | 000,061,440 | ---- | M] (Utimaco Safeware AG) [On_Demand | Stopped] -- C:\WINDOWS\system32\SgLogPlayer.exe -- (SgLogPlayer)


========== Driver Services (SafeList) ==========

DRV - [2009/12/08 08:29:16 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/05 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/20 12:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/11/15 15:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/05/10 14:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/25 13:43:15 | 000,003,445 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\U3SHLPDR.SYS -- (U3SHLPDR)
DRV - [2006/04/12 16:34:42 | 000,061,466 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SGEFLT.SYS -- (SgeFlt)
DRV - [2006/04/12 16:32:24 | 000,018,464 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AES256.SYS -- (AES-256)
DRV - [2006/04/12 16:32:22 | 000,018,464 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AES128.SYS -- (AES-128)
DRV - [2006/02/09 02:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/02/09 02:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/09 02:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2006/02/03 11:37:33 | 000,049,536 | R--- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2005/11/04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/08/18 19:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/07/22 11:17:42 | 000,051,392 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ATNT40K.SYS -- (ATNT40K)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/03/04 14:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/11/04 18:26:42 | 000,186,016 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/05/15 20:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/04 21:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE)
DRV - [2003/07/28 23:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003/07/24 13:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/10 01:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mail.google.c.../?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {6C907578-7568-408B-9AC2-0F3E4D676A50}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009

FF - HKLM\software\mozilla\Firefox\extensions\\{6C907578-7568-408B-9AC2-0F3E4D676A50}: C:\Documents and Settings\Ben.LATLCNU5121JPM\Local Settings\Application Data\{6C907578-7568-408B-9AC2-0F3E4D676A50} [2009/10/21 19:00:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 17:49:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 17:49:21 | 000,000,000 | ---D | M]

[2010/06/01 22:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Extensions
[2010/06/01 22:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Extensions\[email protected]
[2011/02/06 23:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions
[2010/05/27 15:52:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/16 14:53:47 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2011/01/16 14:53:29 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/10/24 19:57:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/16 14:53:21 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\[email protected]
[2010/10/08 16:06:52 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\extensions\[email protected]
[2008/11/29 10:30:03 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mozilla\Firefox\Profiles\tntmut2t.default\searchplugins\pantera.xml
[2011/02/06 23:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 16:27:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/17 23:58:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/10/21 19:00:54 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\BEN.LATLCNU5121JPM\LOCAL SETTINGS\APPLICATION DATA\{6C907578-7568-408B-9AC2-0F3E4D676A50}
[2009/10/24 19:36:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/04/28 19:38:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WebrootClientUI] File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: credit360.com ([ing] http in Trusted sites)
O15 - HKCU\..Trusted Domains: credit360.com ([ing] https in Trusted sites)
O15 - HKCU\..Trusted Domains: iam.intranet ([]* in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1196083048666 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} http://antivirus/webinst.cab (WebBasedClientInstall Class)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.beta.inst...ad/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} http://app81nyc1d/Re...OpType=PrintCab (RSClientPrint Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (iesvfo.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CSGina.dll) - C:\WINDOWS\System32\CSGina.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NotLog: DllName - SGLogEx.dll - C:\WINDOWS\System32\SGLogEx.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\SGLogNotification: DllName - SGLogNotification.dll - C:\WINDOWS\System32\SGLogNotification.dll (Utimaco Safeware AG)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/25 11:16:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{28d36505-c705-11de-b208-001279c13015}\Shell - "" = AutoRun
O33 - MountPoints2\{28d36505-c705-11de-b208-001279c13015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28d36505-c705-11de-b208-001279c13015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/01 22:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/02/01 22:09:42 | 000,000,000 | ---D | C] -- C:\rsit
[2011/02/01 21:16:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Recent
[2008/03/11 19:22:02 | 035,483,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\zunesetuppkg-x86.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\*.tmp files -> C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/07 17:23:55 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2011/02/07 16:00:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/07 15:58:22 | 000,000,468 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2011/02/07 15:57:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/07 00:33:17 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\thomas hardy.doc
[2011/02/06 19:21:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/06 01:00:33 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\To download.doc
[2011/02/05 01:29:02 | 000,013,918 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\METALFEB.rtf
[2011/02/04 23:54:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Desktop\dump0.bin
[2011/02/02 01:41:56 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\ae housman.doc
[2011/02/01 21:15:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/01 19:26:59 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2011/01/30 00:34:14 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\best metal albums of decade.doc
[2011/01/29 23:08:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\~$st metal albums of decade.doc
[2011/01/27 23:25:46 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\the plebeians go on strike.doc
[2011/01/26 22:21:49 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\dover [bleep].doc
[2011/01/20 22:19:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Upcoming shows.doc
[2011/01/19 21:21:54 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Tears, idle tears.doc
[2011/01/18 20:22:51 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\woe.doc
[2011/01/15 18:13:37 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\best state universities.doc
[2011/01/09 14:28:08 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\where are the most metal shows.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\*.tmp files -> C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/07 17:23:55 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2011/02/05 01:27:10 | 000,013,918 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\METALFEB.rtf
[2011/02/04 23:54:16 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Desktop\dump0.bin
[2011/02/02 00:48:22 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\ae housman.doc
[2011/02/01 21:15:30 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/02/01 19:26:59 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/02/01 00:10:30 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\thomas hardy.doc
[2011/01/29 23:08:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\~$st metal albums of decade.doc
[2011/01/27 23:25:45 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\the plebeians go on strike.doc
[2011/01/26 17:39:11 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\dover [bleep].doc
[2011/01/21 23:45:23 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\best metal albums of decade.doc
[2011/01/19 20:18:08 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Tears, idle tears.doc
[2011/01/18 18:13:33 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\woe.doc
[2011/01/15 19:14:05 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Upcoming shows.doc
[2011/01/15 17:35:36 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\best state universities.doc
[2011/01/09 02:43:31 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\where are the most metal shows.doc
[2009/10/22 22:25:12 | 000,016,184 | ---- | C] () -- C:\Program Files\Common Files\maseb.bat
[2009/10/22 22:25:09 | 000,019,749 | ---- | C] () -- C:\Program Files\Common Files\ukekij.inf
[2009/10/22 22:10:16 | 000,017,319 | ---- | C] () -- C:\Program Files\Common Files\otavydez.scr
[2009/10/22 22:10:12 | 000,014,560 | ---- | C] () -- C:\Program Files\Common Files\dicymiwu.dll
[2009/10/22 21:07:54 | 000,010,246 | ---- | C] () -- C:\Program Files\Common Files\ruguqoxivu.exe
[2009/10/21 19:03:42 | 000,017,348 | ---- | C] () -- C:\Program Files\Common Files\fokovubi.com
[2009/10/21 19:03:41 | 000,011,336 | ---- | C] () -- C:\Program Files\Common Files\efofafo.lib
[2009/10/21 19:03:40 | 000,012,455 | ---- | C] () -- C:\Program Files\Common Files\mucu._sy
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/10 22:32:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/01 08:31:15 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/01 08:00:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\$_hpcst$.hpc
[2008/06/13 20:37:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/05/23 14:34:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ypwp87a.dll
[2008/03/15 13:47:29 | 000,433,152 | ---- | C] () -- C:\Program Files\epson10048.exe
[2008/03/15 13:06:44 | 003,929,088 | ---- | C] () -- C:\Program Files\epson10192.exe
[2007/11/26 20:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/11/26 08:25:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/08/23 17:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/22 14:15:44 | 000,000,273 | ---- | C] () -- C:\WINDOWS\{9FF7DAE0-1030-43C5-AE2E-D2815D206E85}_WiseFW.ini
[2006/09/12 18:22:41 | 000,000,468 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/03 13:11:52 | 000,001,222 | ---- | C] () -- C:\WINDOWS\INTRACTN.INI
[2006/04/25 18:07:37 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/25 16:27:09 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2006/04/25 15:35:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/25 13:43:15 | 000,003,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3SHLPDR.SYS
[2006/04/25 07:08:10 | 000,004,354 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/22 18:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/11/04 10:21:48 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/07/22 11:17:42 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/03/31 11:27:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGCleanLocalGPO.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/21 09:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/21 09:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/21 09:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/21 09:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/21 09:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/21 09:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2007/08/22 14:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E
[2010/05/27 18:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/04/14 18:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/08/22 21:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/24 14:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/24 20:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/12 15:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 20:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Amazon
[2010/09/12 16:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\BonkEnc
[2010/07/22 16:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Caphyon
[2008/12/28 22:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\GarageGames
[2008/08/01 07:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\InterVideo
[2010/12/05 13:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Lala Music Mover
[2010/07/15 20:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Mp3tag
[2008/08/01 11:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\RTPlayer
[2010/06/01 22:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Songbird2
[2010/10/08 18:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Tunebite
[2009/06/17 13:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/05/05 21:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Uniblue
[2009/12/05 00:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\zenses
[2010/05/27 23:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Zuse

========== Purity Check ==========



< End of report >
  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\otl-backup

and click on OK.

Note: If you have uninstalled Erunt, please inform myself before proceeding any further.

Norton/Symantec RT:

Please download the Norton Removal Tool and Save it to the Desktop.

  • Close all programs and double-click the Norton_Removal_Tool.exe then click Run
  • Follow the on-screen instructions.
  • Restart the computer if asked.
  • Then delete Norton_Removal_Tool.exe from the desktop.
Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WebrootClientUI] File not found
O15 - HKCU\..Trusted Domains: credit360.com ([ing] http in Trusted sites)
O15 - HKCU\..Trusted Domains: credit360.com ([ing] https in Trusted sites)
O15 - HKCU\..Trusted Domains: iam.intranet ([]* in Local intranet)
2009/10/22 22:25:12 | 000,016,184 | ---- | C] () -- C:\Program Files\Common Files\maseb.bat
[2009/10/22 22:25:09 | 000,019,749 | ---- | C] () -- C:\Program Files\Common Files\ukekij.inf
[2009/10/22 22:10:16 | 000,017,319 | ---- | C] () -- C:\Program Files\Common Files\otavydez.scr
[2009/10/22 22:10:12 | 000,014,560 | ---- | C] () -- C:\Program Files\Common Files\dicymiwu.dll
[2009/10/22 21:07:54 | 000,010,246 | ---- | C] () -- C:\Program Files\Common Files\ruguqoxivu.exe
[2009/10/21 19:03:42 | 000,017,348 | ---- | C] () -- C:\Program Files\Common Files\fokovubi.com
[2009/10/21 19:03:41 | 000,011,336 | ---- | C] () -- C:\Program Files\Common Files\efofafo.lib
[2009/10/21 19:03:40 | 000,012,455 | ---- | C] () -- C:\Program Files\Common Files\mucu._sy
2009/05/05 21:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben.LATLCNU5121JPM\Application Data\Uniblue
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\*.tmp files -> C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdWizard]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RightFAX Print-to-Fax Driver]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SgeEcView]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]

:Commands
[CreateRestorePoint]
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your brother's computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Scipt,
  • Malwarebytes Anti-Malware Log.

  • 0

#13
Odal

Odal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
I actually want to keep unlocker--just don't put that one line in the custom fix?
  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

I actually want to keep unlocker--just don't put that one line in the custom fix?

Aye by all means omit the entry from the script if you so wish...Only reason I included it was to free up some system resources, though with hindsight it will probably not make that much difference anyway. :D
  • 0

#15
Odal

Odal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Computer seems to be running faster at least starting up and getting the desktop open. It's still slow as a hog doing anything though (I think that I am not much older than the laptop). If we are about done with the malware, would you please help me with the sleep/hibernate problem? The only options at all are log off, shut down, and restart. It wasn't always like this but it seems like it could be a group policy thing.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5717

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/8/2011 9:53:01 PM
mbam-log-2011-02-08 (21-53-01).txt

Scan type: Quick scan
Objects scanned: 175310
Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\RegistryMonitor2 (Malware.Trace) -> Value: RegistryMonitor2 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WebrootClientUI deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\credit360.com\ing\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\credit360.com\ing\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iam.intranet\ deleted successfully.
C:\Program Files\Common Files\ukekij.inf moved successfully.
C:\Program Files\Common Files\otavydez.scr moved successfully.
C:\Program Files\Common Files\dicymiwu.dll moved successfully.
C:\Program Files\Common Files\ruguqoxivu.exe moved successfully.
C:\Program Files\Common Files\fokovubi.com moved successfully.
C:\Program Files\Common Files\efofafo.lib moved successfully.
C:\Program Files\Common Files\mucu._sy moved successfully.
C:\WINDOWS\003288_.tmp deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCall.457C3773_97C1_4C9D_A5FE_26FB81D5523A.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCall.6249D4D4_C78D_11D5_B777_00105ACCAF1C.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCall.63E82B80_048C_11D4_B357_0050DA4F5702.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCall.B0094272_1C09_4C97_9975_23F9A4F287BE.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCall.C2DA9293_BC6A_11D4_B62F_00105ACCAF1C.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCall.C61AC88B_2B6B_40CA_8B50_8C371790B964.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCall.DDC9D041_01CA_426E_B0B1_C2EE76DEC2BA.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla.457C3773_97C1_4C9D_A5FE_26FB81D5523A.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla.6249D4D4_C78D_11D5_B777_00105ACCAF1C.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla.63E82B80_048C_11D4_B357_0050DA4F5702.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla.B0094272_1C09_4C97_9975_23F9A4F287BE.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla.C61AC88B_2B6B_40CA_8B50_8C371790B964.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla.DDC9D041_01CA_426E_B0B1_C2EE76DEC2BA.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla1.0A320573_80DF_4D7C_8D8D_7198AF0AAC43.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla1.6249D4D4_C78D_11D5_B777_00105ACCAF1C.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla1.C2DA9293_BC6A_11D4_B62F_00105ACCAF1C.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla1.C61AC88B_2B6B_40CA_8B50_8C371790B964.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla2.6249D4D4_C78D_11D5_B777_00105ACCAF1C.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseCustomCalla3.6249D4D4_C78D_11D5_B777_00105ACCAF1C.dll deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\6C0F9CF5C0A34C65A17A878FE1C821B3.TMP folder deleted successfully.
C:\WINDOWS\DUMP66eb.tmp deleted successfully.
C:\WINDOWS\DUMP784a.tmp deleted successfully.
C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\~WRL0069.tmp deleted successfully.
C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\~WRL1692.tmp deleted successfully.
C:\WINDOWS\System32\drivers\OLD64.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\Downloads\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\7ZG.EXE-04CCF0C9.pf moved successfully.
C:\WINDOWS\prefetch\ACRORD32INFO.EXE-242CE4AA.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-2D1B11BF.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
C:\WINDOWS\prefetch\ALUSCH~1.EXE-2F18F9DC.pf moved successfully.
C:\WINDOWS\prefetch\APPLEMOBILEDEVICEHELPER.EXE-1C98CF29.pf moved successfully.
C:\WINDOWS\prefetch\ATI2EVXX.EXE-19D16EB9.pf moved successfully.
C:\WINDOWS\prefetch\AVCENTER.EXE-1A970FA0.pf moved successfully.
C:\WINDOWS\prefetch\AVGNT.EXE-200FEF40.pf moved successfully.
C:\WINDOWS\prefetch\AVNOTIFY.EXE-05ED5FD8.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf moved successfully.
C:\WINDOWS\prefetch\COMMAGENT.EXE-2D7E1752.pf moved successfully.
C:\WINDOWS\prefetch\CRASHREPORTER.EXE-29951F6F.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.
C:\WINDOWS\prefetch\DISTNOTED.EXE-347E9427.pf moved successfully.
C:\WINDOWS\prefetch\DLLHOST.EXE-205D880D.pf moved successfully.
C:\WINDOWS\prefetch\DUMPREP.EXE-1B46F901.pf moved successfully.
C:\WINDOWS\prefetch\DWWIN.EXE-30875ADC.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT-SETUP.EXE-0BBD5987.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-10F447C7.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf moved successfully.
C:\WINDOWS\prefetch\IPODSCROBBLER.EXE-28CD1217.pf moved successfully.
C:\WINDOWS\prefetch\IPODSERVICE.EXE-3192DE38.pf moved successfully.
C:\WINDOWS\prefetch\IPSECDIALER.EXE-2DE32DB2.pf moved successfully.
C:\WINDOWS\prefetch\IS-IB96K.TMP-368AFEA6.pf moved successfully.
C:\WINDOWS\prefetch\ITUNES.EXE-1A268432.pf moved successfully.
C:\WINDOWS\prefetch\ITUNESHELPER.EXE-15823303.pf moved successfully.
C:\WINDOWS\prefetch\JAUCHECK.EXE-0CBF467B.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-2DC32ABC.pf moved successfully.
C:\WINDOWS\prefetch\JAVAWS.EXE-021AC9A9.pf moved successfully.
C:\WINDOWS\prefetch\JQSNOTIFY.EXE-24AE4A36.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0F4A509D.pf moved successfully.
C:\WINDOWS\prefetch\KILLRBPROCESS.EXE-295A22D3.pf moved successfully.
C:\WINDOWS\prefetch\LASTFM.EXE-2583AAAA.pf moved successfully.
C:\WINDOWS\prefetch\layout.ini moved successfully.
C:\WINDOWS\prefetch\LSETUP.EXE-32559C46.pf moved successfully.
C:\WINDOWS\prefetch\LUCOMS~1.EXE-02DB5950.pf moved successfully.
C:\WINDOWS\prefetch\LUINIT.EXE-393EDB62.pf moved successfully.
C:\WINDOWS\prefetch\MBAM.EXE-0BEE0439.pf moved successfully.
C:\WINDOWS\prefetch\MBRCHECK.EXE-0B168465.pf moved successfully.
C:\WINDOWS\prefetch\MOBSYNC.EXE-173EDCEF.pf moved successfully.
C:\WINDOWS\prefetch\MPNOTIFY.EXE-3631A846.pf moved successfully.
C:\WINDOWS\prefetch\MSHTA.EXE-331DF029.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.
C:\WINDOWS\prefetch\NET.EXE-01A53C2F.pf moved successfully.
C:\WINDOWS\prefetch\NET1.EXE-029B9DB4.pf moved successfully.
C:\WINDOWS\prefetch\NORTON_REMOVAL_TOOL.EXE-1BF0B4A1.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-189578DA.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-11B62334.pf moved successfully.
C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf moved successfully.
C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf moved successfully.
C:\WINDOWS\prefetch\READER_SL.EXE-2B4EA1CB.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-11CCA997.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-13B0C53C.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-15830F12.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2572AFC4.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2C7B5C4A.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2CD85FD3.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3B22A993.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
C:\WINDOWS\prefetch\SMSCLIUI.EXE-25080054.pf moved successfully.
C:\WINDOWS\prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf moved successfully.
C:\WINDOWS\prefetch\SPYSWEEPER.EXE-22CE9126.pf moved successfully.
C:\WINDOWS\prefetch\SPYSWEEPERUI.EXE-0EEF3F8D.pf moved successfully.
C:\WINDOWS\prefetch\SSECLEANUP.EXE-17526C31.pf moved successfully.
C:\WINDOWS\prefetch\SSONCOM.EXE-37122A4F.pf moved successfully.
C:\WINDOWS\prefetch\SSONSVR.EXE-217BB9B3.pf moved successfully.
C:\WINDOWS\prefetch\SSU.EXE-2D864FFB.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf moved successfully.
C:\WINDOWS\prefetch\SYMNRT.EXE-10A66D01.pf moved successfully.
C:\WINDOWS\prefetch\SYNTPENH.EXE-315D3ABC.pf moved successfully.
C:\WINDOWS\prefetch\SYNTPLPR.EXE-28BB9F3B.pf moved successfully.
C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf moved successfully.
C:\WINDOWS\prefetch\TDSSKILLER.EXE-270FC2BD.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-0601FAB2.pf moved successfully.
C:\WINDOWS\prefetch\UNLOCKERASSISTANT.EXE-23C96476.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-08DE9D14.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-0E542016.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-15BDF64C.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-1C516424.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-1F4C4A68.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-2577D203.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-279A48FF.pf moved successfully.
C:\WINDOWS\prefetch\USERINIT.EXE-30B18140.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
C:\WINDOWS\prefetch\VPNGUI.EXE-168321AE.pf moved successfully.
C:\WINDOWS\prefetch\WGATRAY.EXE-0ED38BED.pf moved successfully.
C:\WINDOWS\prefetch\WINWORD.EXE-37F6AE09.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
C:\WINDOWS\prefetch\ZUNE.EXE-0C22EF7A.pf moved successfully.
C:\WINDOWS\prefetch\ZUNELAUNCHER.EXE-1536A460.pf moved successfully.
C:\WINDOWS\prefetch\_IU14D2N.TMP-1A27EABF.pf moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdWizard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RightFAX Print-to-Fax Driver\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SgeEcView\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 5978 bytes

User: All Users

User: Ben.LATLCNU5121JPM
->Flash cache emptied: 55923 bytes

User: bruira
->Flash cache emptied: 48003 bytes

User: Default User
->Flash cache emptied: 348 bytes

User: ING

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61923976 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Ben.LATLCNU5121JPM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98706 bytes
->Java cache emptied: 140 bytes
->FireFox cache emptied: 120739171 bytes
->Flash cache emptied: 0 bytes

User: bruira
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 2010465 bytes
->FireFox cache emptied: 40881466 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: ING

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 88751518 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 185834922 bytes

Total Files Cleaned = 477.00 mb


OTL by OldTimer - Version 3.2.20.4 log created on 02082011_211622

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP