Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unknown process running 3003549074:183677576.exe

Started by arwier , Sep 25 2011 08:59 AM

  • This topic is locked This topic is locked

#1
arwier
Posted 25 September 2011 - 08:59 AM

arwier

    Member

  • Member
  • PipPip
  • 78 posts
system is a desktop with p4 2.8, 1.5gig mem can't run any af the malware removal tools in normal mode at one point it really messed up my video so it was real hard to read anything on screen but fixed that with erdunt restored previous reg ie will not run when I reboot with network connected says there are other users connected to this computer so I am not connected to network/internet with it anymore have tried all I could find in the removal guide including otl.exe, aswmbr.exe, rkill.exe, roguekiller.exe, sas_827a8547.com, viprerescue10540.exe . Most of this I have been able to do with some difficulty in safe mode but not safe mode with networking when I bring up task manager it shows a process running called 3003549074:183677576.exe and will not allow me to shut it down only time this is not running is in safe mode. I am using a different comp to get on the internet also I am able to run that computer in linux(gnew) from live cd if that would help any with diag or cleanup

here is the otl log I have from running it

OTL logfile created on: 9/21/2011 9:45:16 PM - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Art\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



1.50 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 82.92% Memory free

3.60 Gb Paging File | 3.54 Gb Available in Paging File | 98.33% Paging File free

Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.71 Gb Total Space | 6.52 Gb Free Space | 19.33% Space Free | Partition Type: NTFS

Drive D: | 6.00 Gb Total Space | 1.88 Gb Free Space | 31.27% Space Free | Partition Type: NTFS



Computer Name: ARTS | User Name: Art | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - [2011/09/18 17:35:51 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe





========== Modules (No Company Name) ==========





========== Win32 Services (SafeList) ==========



SRV - File not found [Unknown | Stopped] -- -- (PCCUJobMgr)

SRV - File not found [Auto | Stopped] -- -- (Norton PC Checkup Application Launcher)

SRV - File not found [On_Demand | Stopped] -- -- (HidServ)

SRV - [2011/08/06 00:52:46 | 000,060,040 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Stopped] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)

SRV - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)

SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2006/03/09 11:48:22 | 000,235,168 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2006/03/09 11:48:08 | 000,087,712 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2006/03/09 11:47:58 | 000,255,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)

SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)

SRV - [2005/02/28 16:56:32 | 000,218,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)

SRV - [2005/01/25 22:48:50 | 000,194,272 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)

SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

SRV - [2004/08/31 19:23:00 | 000,618,496 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2004/04/23 12:04:16 | 000,158,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)

SRV - [2004/03/23 15:48:04 | 000,197,856 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2003/06/24 18:23:10 | 000,066,784 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)





========== Driver Services (SafeList) ==========



DRV - [2011/08/06 00:52:38 | 000,184,072 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EuFdDisk.sys -- (EUFDDISK)

DRV - [2011/08/06 00:52:36 | 000,042,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)

DRV - [2011/08/06 00:52:30 | 000,016,008 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\eudskacs.sys -- (EUDSKACS)

DRV - [2011/08/06 00:52:28 | 000,038,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)

DRV - [2011/07/01 12:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)

DRV - [2010/12/29 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110105.003\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/12/29 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110105.003\NAVENG.SYS -- (NAVENG)

DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)

DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)

DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)

DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)

DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)

DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys -- (motccgpfl)

DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys -- (motccgp)

DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys -- (IPSec)

DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys -- (motport)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)

DRV - [2006/07/24 18:51:34 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)

DRV - [2005/01/25 22:48:52 | 000,305,288 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)

DRV - [2005/01/25 22:48:52 | 000,037,000 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrtpel.sys -- (SAVRTPEL)

DRV - [2004/08/31 19:23:01 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)

DRV - [2004/03/23 15:48:02 | 000,263,296 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2004/03/23 15:48:02 | 000,164,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2004/03/23 15:48:02 | 000,136,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO)

DRV - [2004/03/23 15:48:02 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2004/03/23 15:48:02 | 000,051,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2004/03/23 15:48:02 | 000,046,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2004/03/23 15:48:02 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2004/03/23 15:48:02 | 000,010,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2004/03/19 17:41:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)

DRV - [2004/03/19 17:41:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)

DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)

DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)

DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)

DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)

DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2001/07/24 21:21:10 | 000,334,248 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT891x1.sys -- (DCamUSBDXGTech) Fashion Cam 01 Dual-Mode DSC (Video Camera)

DRV - [2001/07/05 12:13:14 | 000,018,088 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT890X.SYS -- (GT890x)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========





IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



========== FireFox ==========





FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Art\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)





[2011/08/28 16:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Application Data\Mozilla\Extensions



========== Chrome ==========



CHR - Extension: No name found = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\



O1 HOSTS File: ([2011/09/16 12:11:25 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found

O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270494171107 (WUWebControl Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD92E848-ECFB-4F6D-BD2D-6D9DB5578BF2}: DhcpNameServer = 192.168.2.1 192.168.1.254

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{72e05208-6925-11e0-9545-000f1f7ac61c}\Shell - "" = AutoRun

O33 - MountPoints2\{72e05208-6925-11e0-9545-000f1f7ac61c}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{72e05208-6925-11e0-9545-000f1f7ac61c}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found



========== Files/Folders - Created Within 30 Days ==========



File not found -- C:\WINDOWS\System32\

[2011/09/21 21:03:34 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2011/09/21 21:03:34 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe

[2011/09/21 21:03:13 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE

[2011/09/21 07:42:43 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2011/09/19 07:14:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2011/09/19 07:12:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/09/18 17:35:48 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe

[2011/09/18 01:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\bitpim

[2011/09/18 01:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitPim

[2011/09/18 01:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim

[2011/09/16 04:08:02 | 000,000,000 | ---D | C] -- C:\295b6f360e3123054473

[2011/09/11 11:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\gtk-2.0

[2011/09/11 11:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\.thumbnails

[2011/09/11 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\gegl-0.0

[2011/09/11 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\.gimp-2.6

[2011/09/11 11:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP

[2011/09/11 11:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2011/09/11 11:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\Preclick

[2011/09/09 06:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo

[2011/09/05 10:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\Reflect

[2011/09/05 10:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrium

[2011/09/05 10:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Macrium

[2011/09/05 10:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium

[2011/09/05 10:12:07 | 000,000,000 | ---D | C] -- C:\temp_hkeo1mr3dck

[2011/09/05 10:12:07 | 000,000,000 | ---D | C] -- C:\temp_Backupper

[2011/09/05 09:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Open Source Backup

[2011/09/05 09:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\Open Source Backup

[2011/09/04 21:53:09 | 000,184,072 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys

[2011/09/04 21:53:08 | 000,038,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys

[2011/09/04 21:53:08 | 000,016,008 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys

[2011/09/04 21:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup 3.0

[2011/09/04 21:50:35 | 000,020,616 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe

[2011/09/04 21:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS

[2011/09/04 04:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Combat Engineer

[2011/09/04 04:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\Combat Engineer

[2011/09/04 04:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\#1 Free Minesweeper

[2011/09/04 04:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\SilverCreekCommonFiles

[2011/09/04 04:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\#1 Free Minesweeper

[2011/08/28 17:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\dvdcss

[2011/08/28 16:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN

[2011/08/28 16:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2011/08/28 16:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\DealRunner

[2011/08/28 16:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 9

[2011/08/28 16:51:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\Administrative Tools

[2011/08/28 16:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\FoxTab FLV Player

[2011/08/28 16:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\DVD Codecs

[2011/08/28 16:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Codecs

[2011/08/28 16:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\BlazeVideo

[2011/08/28 12:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Local Settings\Application Data\Tific

[2011/08/28 12:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\Tific

[2011/08/28 12:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2011/08/28 12:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2011/08/28 11:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Boost

[2005/07/25 15:31:30 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll

[2005/07/25 15:27:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll

[2005/07/25 15:26:58 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll

[2005/07/25 15:25:40 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgih.exe

[2005/07/25 15:25:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll

[2005/07/25 15:25:18 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcoms.exe

[2005/07/25 15:24:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll

[2005/07/25 15:24:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll

[2005/07/25 15:19:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



File not found -- C:\WINDOWS\System32\

[2011/09/21 21:28:16 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk

[2011/09/21 21:25:57 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2011/09/21 21:25:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2011/09/21 21:24:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2011/09/21 21:07:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3003549074

[2011/09/21 21:03:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat

[2011/09/21 20:40:33 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Art\NTUSER.bak

[2011/09/21 19:38:52 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\magicJack.lnk

[2011/09/21 17:08:36 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\OTL.PIF

[2011/09/21 07:42:49 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/09/21 07:27:58 | 000,000,981 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI

[2011/09/20 03:08:03 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job

[2011/09/19 18:26:59 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk

[2011/09/19 06:52:09 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI

[2011/09/18 17:35:51 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe

[2011/09/18 17:25:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/09/18 08:57:26 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}

[2011/09/18 04:54:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job

[2011/09/16 22:17:58 | 000,000,544 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Art.job

[2011/09/16 12:11:25 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS

[2011/09/11 12:32:55 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\Art\.recently-used.xbel

[2011/09/11 11:20:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk

[2011/09/05 10:51:33 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk

[2011/09/05 09:57:05 | 000,160,704 | ---- | M] () -- C:\WINDOWS\Open Source Backup Uninstaller.exe

[2011/09/04 22:00:51 | 000,276,992 | -HS- | M] () -- C:\EUMONBMP.SYS

[2011/09/04 21:53:06 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 3.0.lnk

[2011/09/04 04:13:16 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Combat Engineer.lnk

[2011/09/04 04:08:04 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Play Minesweeper.lnk

[2011/09/02 12:46:17 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Outlook.lnk

[2011/08/28 16:54:04 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2011/08/28 16:32:29 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\Art\Application Data\burnaware.ini

[2011/08/28 16:21:24 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\SysInfo.dll

[2011/08/28 11:49:44 | 000,000,139 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2011/08/24 07:24:06 | 000,491,520 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2011/08/24 07:24:06 | 000,088,652 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



========== Files Created - No Company Name ==========



[2011/09/21 21:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat

[2011/09/21 17:38:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3003549074

[2011/09/21 17:08:36 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\OTL.PIF

[2011/09/18 08:57:26 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}

[2011/09/11 12:32:55 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\Art\.recently-used.xbel

[2011/09/11 11:20:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk

[2011/09/05 10:28:19 | 000,002,375 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk

[2011/09/05 09:57:05 | 000,160,704 | ---- | C] () -- C:\WINDOWS\Open Source Backup Uninstaller.exe

[2011/09/04 22:00:51 | 000,276,992 | -HS- | C] () -- C:\EUMONBMP.SYS

[2011/09/04 21:53:07 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys

[2011/09/04 21:53:06 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 3.0.lnk

[2011/09/04 04:13:16 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Combat Engineer.lnk

[2011/09/04 04:08:04 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Play Minesweeper.lnk

[2011/09/02 12:45:40 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Outlook.lnk

[2011/08/28 16:54:04 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2011/08/28 16:21:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysInfo.dll

[2011/08/28 11:44:48 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Driver Robot.job

[2011/08/27 23:45:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\GkSui16.EXE

[2011/08/21 11:55:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/08/21 11:23:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll

[2011/08/21 11:23:40 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini

[2011/03/06 17:47:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI

[2011/03/06 17:39:16 | 000,041,016 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/03/06 17:38:36 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe

[2011/02/26 23:49:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GTCODEC.DLL

[2011/02/26 23:49:17 | 000,000,598 | ---- | C] () -- C:\WINDOWS\FashionCam01.ini

[2011/02/26 23:49:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\AVIMaker.INI

[2011/02/26 21:51:47 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat

[2011/01/23 14:40:32 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI

[2011/01/18 22:50:21 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\Art\Application Data\burnaware.ini

[2010/12/19 12:36:42 | 000,136,210 | ---- | C] () -- C:\WINDOWS\hpwins10.dat

[2010/12/19 12:36:08 | 000,010,376 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat

[2010/11/16 18:23:54 | 000,000,613 | ---- | C] () -- C:\WINDOWS\wizards.ini

[2010/10/18 23:56:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/12 00:15:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/03 08:23:59 | 000,000,300 | ---- | C] () -- C:\WINDOWS\sporting.ini

[2010/09/26 11:08:43 | 000,000,535 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2010/09/23 20:43:19 | 000,001,243 | ---- | C] () -- C:\WINDOWS\fpexplor.INI

[2010/09/23 20:39:25 | 000,000,459 | ---- | C] () -- C:\WINDOWS\frontpg.ini

[2010/09/21 17:08:01 | 000,006,172 | ---- | C] () -- C:\WINDOWS\hplj1300.ini

[2010/08/29 06:24:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2010/08/08 12:20:53 | 002,304,558 | ---- | C] () -- C:\WINDOWS\BrunetteShow.dat

[2010/08/08 12:17:18 | 000,000,571 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini

[2010/08/08 12:17:16 | 003,719,606 | ---- | C] () -- C:\WINDOWS\STRIPSHOW.dat

[2010/08/08 12:17:16 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe

[2010/06/12 20:44:29 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/06 10:20:15 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\fusioncache.dat

[2010/04/06 08:51:38 | 002,319,536 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll

[2010/04/06 08:51:17 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe

[2010/04/06 08:51:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe

[2010/04/06 06:38:48 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2010/04/06 04:01:12 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2010/04/05 21:58:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2010/04/05 14:25:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/04/05 07:23:39 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini

[2010/04/05 07:23:37 | 000,000,981 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2010/04/05 07:23:36 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT

[2008/05/26 22:18:18 | 000,184,832 | ---- | C] () -- C:\WINDOWS\System32\searchprotocolhost.exe

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/07/07 05:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll

[2004/08/31 19:30:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/08/31 19:26:32 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2004/08/31 19:23:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\symlcbrd.sys

[2004/08/31 19:22:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/08/31 19:17:45 | 000,000,139 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/08/31 19:06:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT

[2004/08/31 19:04:42 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT

[2004/08/31 19:04:42 | 000,088,652 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT

[2004/08/31 19:04:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/08/31 18:52:26 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/05/26 15:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE

[2004/03/20 13:22:58 | 000,611,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/03/20 13:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/03/20 12:58:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/03/20 12:55:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/03/19 17:41:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT

[2004/03/19 17:41:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT

[2004/03/19 17:40:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

[2004/03/19 17:39:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT

[2004/03/19 17:39:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN

[2004/03/19 17:38:18 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys

[2004/03/19 17:36:56 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT

[2004/03/19 17:35:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2002/09/03 08:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN

[2002/09/03 08:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT

[2001/07/31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL



========== LOP Check ==========



[2010/04/07 07:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi

[2010/09/25 23:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software

[2011/08/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost

[2011/08/07 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E222

[2010/04/25 18:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garden Planner

[2011/04/27 07:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2011/08/21 11:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX

[2011/09/05 10:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium

[2011/02/23 13:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack

[2011/04/28 06:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mC06511DpHpB06511

[2011/02/26 23:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2010/09/25 23:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited

[2011/03/07 21:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2011/08/03 19:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/04/17 13:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager

[2011/02/16 13:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/05/01 21:02:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Art\Application Data\.#

[2010/04/18 03:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\AGI

[2010/04/06 03:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Auslogics

[2011/06/10 01:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Ewen Chia's My Free Website Builder

[2010/05/01 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Garden Planner

[2011/04/03 17:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\GetRightToGo

[2011/09/11 11:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\gtk-2.0

[2011/09/11 11:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Image Zone Express

[2011/03/06 10:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\iolo

[2011/09/21 19:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\mjusbsp

[2010/04/06 04:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Neopets Toolbar

[2010/10/29 18:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\OpenOffice.org

[2010/10/10 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Opera

[2011/09/11 11:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Preclick

[2011/09/11 10:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Printer Info Cache

[2011/05/19 18:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\SumatraPDF

[2011/08/28 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Tific

[2010/08/11 12:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\VS Revo Group

[2010/04/07 07:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Webshots

[2011/04/12 22:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Desktop Search

[2011/07/28 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Search

[2011/09/20 03:08:03 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job

[2011/09/18 04:54:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job



========== Purity Check ==========







========== Alternate Data Streams ==========



@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3003549074:1836775756.exe

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:307AA992



< End of report >


thank you for any help you can give me
  • 0

Advertisements

#2
michaelg9
Posted 26 September 2011 - 12:33 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:unsure: . I'm Michael and I'm going to help you fix your computer :yes:

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

You're infected with ZeroAccess rootkit

Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall



Next:

All fixing tools you may have already downloaded may be touched by the rootkit, so please delete them all and start with fresh ones

Download Combofix from any of the links below but rename it to explorer.com before saving it to your Desktop.

Link 1
Link 2
Link 3


==================================

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\explorer.com" /killall

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.



Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    File not found -- C:\WINDOWS\System32\
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/09/21 21:07:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3003549074
    [2011/09/18 08:57:26 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
    [2010/05/01 21:02:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Art\Application Data\.#

    :Services

    :Reg

    :Files
    del "\\?\C:\WINDOWS\System32" /c

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under Extra Registry at the bottom, select "Use Safelist"
  • Click the Run Scan button. Post the two logs it produces in your next reply.



Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :)
  • 0

#3
arwier
Posted 26 September 2011 - 05:45 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
fist thank you for the rapid reply second before we continue I would like to ask a couple of questions for my peace of mind on how to proceed
1- if I do a format and restore from the restore partition on the hd would that be considered safe
2- the computer was disconnected from the network within 1 day of getting infected
3- I am using a router which has built in firewall as well as a modem which is napt enabled
4- the only passwords on the computer are for email
5- I am the the only user
6- I do have quicken on it for my checking acc bookkeeping only no online banking

those things considered what would you honestly suggest as the next step---clean or reformat

also what are the chances that my backup hd is corrupt

Edited by arwier, 26 September 2011 - 05:46 PM.

  • 0

#4
arwier
Posted 26 September 2011 - 08:45 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
ok here is what you asked for:Attached File  MBR.zip   613bytes   290 downloads

ComboFix 11-09-26.02 - Art 09/26/2011 20:16:54.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1196 [GMT -5:00]

Running from: c:\documents and settings\Art\Desktop\ComboFix.exe

Command switches used :: /killall

AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}

FW: Norton Internet Security *Enabled* {825036E0-9F94-4752-8789-8B92454AF49B}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse

c:\documents and settings\All Users\Application Data\mC06511DpHpB06511

c:\documents and settings\All Users\Application Data\mC06511DpHpB06511\mC06511DpHpB06511

c:\documents and settings\All Users\Application Data\mC06511DpHpB06511\mC06511DpHpB06511.exe

c:\documents and settings\All Users\Application Data\microsoft\media index\wmplibrary_v_0_12.lrd

c:\documents and settings\Art\Application Data\.#

c:\documents and settings\Art\Application Data\.#\MBX@58C@383FC0.###

c:\documents and settings\Art\Application Data\.#\MBX@BC0@383FC0.###

c:\documents and settings\Art\Application Data\.#\MBX@BDC@383FC0.###

c:\documents and settings\Art\Application Data\.#\MBX@E2C@383FC0.###

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\AlertView.exe.8de2ebce.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\AllertEula.exe.561b80e6.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\ClientApplicationFrameWork.exe.3ead1c54.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\DNGen.exe.8bb9a8a9.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\e-Speaking.exe.eb991bba.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\MSID8.tmp.f19ddaae.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\MSIE2.tmp.704001e7.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\rng.exe.ac4aa698.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\SL150.tmp.e4d71ed.ini

c:\documents and settings\Art\Local Settings\Application Data\ApplicationHistory\tps.exe.8b23323f.ini

c:\documents and settings\Art\Local Settings\Application Data\Microsoft\nvvsvc.exe

c:\documents and settings\Art\WINDOWS

C:\install.exe

c:\program files\messenger\msmsgsin.exe

c:\program files\Search Toolbar

c:\program files\Search Toolbar\SearchToolbar.dll

c:\windows\$NtUninstallKB27593$\2458191539\@

c:\windows\$NtUninstallKB27593$\2458191539\click.tlb

c:\windows\$NtUninstallKB27593$\2458191539\L\fbnzapxf

c:\windows\$NtUninstallKB27593$\2458191539\loader.tlb

c:\windows\$NtUninstallKB27593$\2458191539\U\@00000001

c:\windows\$NtUninstallKB27593$\2458191539\U\@000000c0

c:\windows\$NtUninstallKB27593$\2458191539\U\@000000cb

c:\windows\$NtUninstallKB27593$\2458191539\U\@000000cf

c:\windows\$NtUninstallKB27593$\2458191539\U\@80000000

c:\windows\$NtUninstallKB27593$\2458191539\U\@800000c0

c:\windows\$NtUninstallKB27593$\2458191539\U\@800000cb

c:\windows\$NtUninstallKB27593$\2458191539\U\@800000cf

c:\windows\$NtUninstallKB27593$\3406984657

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\system32\

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\_000010_.tmp.dll

c:\windows\system32\_000011_.tmp.dll

c:\windows\system32\_000012_.tmp.dll

c:\windows\system32\d3d9caps.dat

c:\windows\system32\encapi32.dll

c:\windows\system32\SysInfo.dll

c:\windows\TSOC.LOG

c:\windows\$NtUninstallKB27593$ . . . . Failed to delete

.

Infected copy of c:\windows\SYSTEM32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\system32\dllcache\wuauclt.exe

.

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe . . . is infected!!

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Symantec Shared\ccProxy.exe . . . is infected!!

c:\program files\Common Files\Symantec Shared\ccProxy.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe . . . is infected!!

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\EaseUS\Todo Backup\bin\Agent.exe . . . is infected!!

c:\program files\EaseUS\Todo Backup\bin\Agent.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Java\jre6\bin\jqs.exe . . . is infected!!

c:\program files\Java\jre6\bin\jqs.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe . . . is infected!!

c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Norton Internet Security\Norton AntiVirus\SAVScan.exe . . . is infected!!

c:\program files\Norton Internet Security\Norton AntiVirus\SAVScan.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\progra~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe . . . is infected!!

c:\progra~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Symantec Shared\SNDSrvc.exe . . . is infected!!

c:\program files\Common Files\Symantec Shared\SNDSrvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe . . . is infected!!

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe . . . is infected!!

c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\SearchIndexer.exe . . . is infected!!

c:\windows\system32\SearchIndexer.exe . . . was deleted!! You should re-install the program it pertains to

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_928506b3

.

.

((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))

.

.

2011-09-24 21:44 . 2011-09-24 21:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webshots

2011-09-24 21:12 . 2011-09-24 21:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org

2011-09-24 01:19 . 2011-09-24 01:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-09-22 04:29 . 2011-09-22 04:31 -------- d-----w- c:\program files\Jasc Software Inc

2011-09-22 03:06 . 2011-09-22 03:06 -------- d-----w- c:\documents and settings\Art\Application Data\SUPERAntiSpyware.com

2011-09-22 03:06 . 2011-09-22 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-09-22 02:03 . 2010-11-09 19:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-09-22 02:03 . 2010-11-09 19:56 27984 ----a-w- c:\windows\system32\sbbd.exe

2011-09-22 01:42 . 2004-02-10 16:50 155648 ----a-w- c:\windows\system32\igfxres.dll

2011-09-21 12:42 . 2011-09-21 12:42 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-09-19 12:14 . 2011-09-19 12:14 -------- d--h--w- c:\windows\PIF

2011-09-19 11:03 . 2011-09-19 11:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group

2011-09-19 10:47 . 2011-09-19 10:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

2011-09-19 10:46 . 2011-09-19 10:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search

2011-09-19 10:46 . 2011-09-19 10:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search

2011-09-18 06:26 . 2011-09-18 06:26 -------- d-----w- c:\program files\BitPim

2011-09-16 09:31 . 2011-09-16 09:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-16 09:08 . 2011-09-16 09:08 -------- d-----w- C:\295b6f360e3123054473

2011-09-11 16:22 . 2011-09-11 16:22 -------- d-----w- c:\documents and settings\Art\Application Data\gtk-2.0

2011-09-11 16:22 . 2011-09-11 16:22 -------- d-----w- c:\documents and settings\Art\.thumbnails

2011-09-11 16:21 . 2011-09-22 02:06 -------- d-----w- c:\documents and settings\Art\.gimp-2.6

2011-09-11 16:20 . 2011-09-11 16:20 -------- d-----w- c:\program files\GIMP-2.0

2011-09-11 16:03 . 2011-09-11 16:03 -------- d-----w- c:\documents and settings\Art\Application Data\Preclick

2011-09-09 11:05 . 2011-09-09 11:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo

2011-09-05 15:29 . 2011-09-05 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium

2011-09-05 15:28 . 2011-09-05 15:28 -------- d-----w- c:\program files\Macrium

2011-09-05 15:12 . 2011-09-05 15:12 -------- d-----w- C:\temp_hkeo1mr3dck

2011-09-05 15:12 . 2011-09-05 15:12 -------- d-----w- C:\temp_Backupper

2011-09-05 14:57 . 2011-09-05 14:57 160704 ----a-w- c:\windows\Open Source Backup Uninstaller.exe

2011-09-05 14:57 . 2011-09-05 14:57 -------- d-----w- c:\program files\Open Source Backup

2011-09-05 03:00 . 2011-09-05 03:00 276992 --sha-w- C:\EUMONBMP.SYS

2011-09-05 02:53 . 2011-08-06 05:52 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2011-09-05 02:53 . 2011-08-06 05:52 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2011-09-05 02:53 . 2011-08-06 05:52 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys

2011-09-05 02:53 . 2011-08-06 05:52 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2011-09-05 02:50 . 2011-08-06 05:52 20616 ----a-w- c:\windows\system32\fbnative.exe

2011-09-05 02:50 . 2011-09-05 02:50 -------- d-----w- c:\program files\EaseUS

2011-09-04 09:13 . 2011-09-04 09:13 -------- d-----w- c:\program files\Combat Engineer

2011-09-04 09:07 . 2011-09-04 09:07 -------- d-----w- c:\program files\SilverCreekCommonFiles

2011-09-04 09:07 . 2011-09-04 09:08 -------- d-----w- c:\program files\#1 Free Minesweeper

2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll

2011-08-28 22:33 . 2011-09-15 12:55 -------- d-----w- c:\documents and settings\Art\Application Data\dvdcss

2011-08-28 21:53 . 2011-08-28 21:53 -------- d-----w- c:\program files\VideoLAN

2011-08-28 21:53 . 2011-08-28 21:53 -------- d-----w- c:\program files\Shop to Win 9

2011-08-28 21:39 . 2011-08-28 21:39 -------- d-----w- c:\program files\DVD Codecs

2011-08-28 17:11 . 2011-08-28 17:12 -------- d-----w- c:\documents and settings\Art\Local Settings\Application Data\Tific

2011-08-28 17:11 . 2011-08-28 17:11 -------- d-----w- c:\documents and settings\Art\Application Data\Tific

2011-08-28 17:10 . 2011-09-18 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2011-08-28 16:34 . 2011-08-28 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Boost

2011-08-28 04:45 . 2000-03-15 00:07 57344 ----a-w- c:\windows\system32\GkSui16.EXE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2002-09-23 15:10 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29 . 2002-11-18 11:27 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2004-03-19 22:40 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-01 17:56 . 2011-07-01 17:56 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2011-07-01 17:55 . 2011-07-01 17:55 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys

2011-07-01 17:55 . 2011-07-01 17:55 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]

.

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

[HKEY_CLASSES_ROOT\agihelper.AGUtils]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

2009-11-07 06:07 297808 ----a-w- c:\windows\SYSTEM32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 04:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-06-26 421888]

"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-08-06 70792]

"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-08-06 744072]

"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\documents and settings\Art\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-4-7 157088]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HLBackupScheduler]

2010-12-08 09:24 5247624 ----a-w- c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]

2004-03-23 20:48 70800 ----a-w- c:\program files\Norton Internet Security\UrlLstCk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WZCSVC"=2 (0x2)

"VSS"=3 (0x3)

"UPS"=3 (0x3)

"srservice"=2 (0x2)

"mnmsrvc"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"ERSvc"=3 (0x3)

"Browser"=3 (0x3)

"WSearch"=2 (0x2)

"TrkWks"=2 (0x2)

"SwPrv"=3 (0x3)

"stisvc"=2 (0x2)

"seclogon"=2 (0x2)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"Dot3svc"=3 (0x3)

"CiSvc"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=

"c:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe"=

"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=

"c:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Documents and Settings\\Art\\Application Data\\mjusbsp\\magicJack.exe"=

"d:\\misc install\\PDFReader_Setup.exe"=

"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=

"c:\\Program Files\\Webshots\\3.1.5.7617\\Webshots.scr"=

"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 EUBAKUP;EUBAKUP;c:\windows\SYSTEM32\DRIVERS\eubakup.sys [9/4/2011 9:53 PM 38920]

R0 EUBKMON;EUBKMON;c:\windows\SYSTEM32\DRIVERS\EUBKMON.sys [9/4/2011 9:53 PM 42376]

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\SYSTEM32\DRIVERS\pssnap.sys [7/1/2011 12:55 PM 16024]

R1 EUDSKACS;EUDSKACS;c:\windows\SYSTEM32\DRIVERS\eudskacs.sys [9/4/2011 9:53 PM 16008]

R1 EUFDDISK;EUFDDISK;c:\windows\SYSTEM32\DRIVERS\EuFdDisk.sys [9/4/2011 9:53 PM 184072]

R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [9/21/2011 9:03 PM 98392]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/6/2010 8:51 AM 711352]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/6/2010 8:51 AM 711352]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]

S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]

S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe --> c:\program files\EaseUS\Todo Backup\bin\Agent.exe [?]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe /s --> c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [?]

S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe" /s "PCCUJobMgr" /m "c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll" /prefetch:1 --> c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [?]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 11:49 PM 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 11:49 PM 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 8:18 PM 23680]

S3 Revoflt;Revoflt;c:\windows\SYSTEM32\DRIVERS\revoflt.sys [8/8/2010 1:35 PM 27064]

S3 TrueSight;TrueSight;c:\documents and settings\Art\Desktop\TrueSight.sys [9/23/2011 7:50 PM 60800]

S3 WPFFontCache_v0400;Windows PreseaswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-09-26 21:20:57

-----------------------------

21:20:57.875 OS Version: Windows 5.1.2600 Service Pack 3

21:20:57.875 Number of processors: 1 586 0x209

21:20:57.875 ComputerName: ARTS UserName: Art

21:20:59.328 Initialize success

21:21:16.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

21:21:16.140 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3

21:21:16.140 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c

21:21:16.140 Disk 1 Vendor: ST36423A 3.05 Size: 6149MB BusType: 3

21:21:18.171 Disk 0 MBR read successfully

21:21:18.171 Disk 0 MBR scan

21:21:18.171 Disk 0 unknown MBR code

21:21:18.171 Disk 0 scanning sectors +78108030

21:21:18.250 Disk 0 scanning C:\WINDOWS\system32\drivers

21:21:29.718 Service scanning

21:21:30.687 Modules scanning

21:21:38.765 Disk 0 trace - called modules:

21:21:38.796 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

21:21:38.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a25dab8]

21:21:39.328 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a275b00]

21:21:39.328 Scan finished successfully

21:21:52.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Art\Desktop\MBR.dat"

21:21:52.453 The log file has been saved successfully to "C:\Documents and Settings\Art\Desktop\aswMBR.txt"


ntation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/1/2011 12:55 PM 220824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-23 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job

- c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2010-04-10 14:32]

.

2011-09-17 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Art.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2004-03-23 20:48]

.

2011-09-27 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-09-01 23:38]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1 192.168.1.254

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Hoyle Classic Games - b:\sierra\HOYLECG\Uninst.isu

AddRemove-Malwarebytes' Anti-Malware_is1 - b:\malwarebytes' anti-malware\unins000.exe

AddRemove-NortonPCCheckup - c:\program files\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.12.27\InstStub.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-26 20:33

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]

"Licence0"="04F0D21-79D8-7A25-D702-433F"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3836)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\IME\SPGRMR.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\tcpsvcs.exe

c:\progra~1\Webshots\315~1.761\Webshots.scr

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2011-09-26 20:40:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-27 01:40

.

Pre-Run: 5,089,968,128 bytes free

Post-Run: 5,368,127,488 bytes free

.

- - End Of File - - 01B99022895489CC75FFD77C7A34E1FC
___________________________________________________________________________________________________________________________________________________________________

OTL logfile created on: 9/26/2011 9:09:10 PM - Run 4

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Art\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



1.50 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 73.30% Memory free

3.60 Gb Paging File | 3.39 Gb Available in Paging File | 94.06% Paging File free

Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.71 Gb Total Space | 5.06 Gb Free Space | 15.00% Space Free | Partition Type: NTFS

Drive D: | 6.00 Gb Total Space | 1.88 Gb Free Space | 31.27% Space Free | Partition Type: NTFS



Computer Name: ARTS | User Name: Art | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - [2011/09/26 19:11:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe

PRC - [2011/08/06 00:52:46 | 000,744,072 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe

PRC - [2011/08/06 00:52:46 | 000,070,792 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe

PRC - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2009/12/08 13:38:16 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7617\Webshots.scr

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/03/09 11:47:52 | 000,071,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE





========== Modules (No Company Name) ==========



MOD - [2011/08/06 00:51:50 | 000,051,848 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll

MOD - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2006/12/10 22:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

MOD - [2006/12/10 22:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll

MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HPBHEALR.DLL





========== Win32 Services (SafeList) ==========



SRV - File not found [Disabled | Stopped] -- -- (WSearch)

SRV - File not found [Auto | Stopped] -- -- (SymWSC)

SRV - File not found [Auto | Stopped] -- -- (Symantec Core LC)

SRV - File not found [Auto | Stopped] -- -- (SNDSrvc)

SRV - File not found [Auto | Stopped] -- -- (SBService)

SRV - File not found [On_Demand | Stopped] -- -- (SAVScan)

SRV - File not found [Unknown | Stopped] -- -- (PCCUJobMgr)

SRV - File not found [Auto | Stopped] -- -- (Norton PC Checkup Application Launcher)

SRV - File not found [On_Demand | Stopped] -- -- (navapsvc)

SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)

SRV - File not found [On_Demand | Stopped] -- -- (HidServ)

SRV - File not found [Auto | Stopped] -- -- (EaseUS Agent)

SRV - File not found [Auto | Stopped] -- -- (ccSetMgr)

SRV - File not found [Auto | Stopped] -- -- (ccProxy)

SRV - File not found [Auto | Stopped] -- -- (ccEvtMgr)

SRV - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)

SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2006/03/09 11:48:08 | 000,087,712 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)

SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)





========== Driver Services (SafeList) ==========



DRV - [2011/09/23 19:52:02 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Art\Desktop\TrueSight.sys -- (TrueSight)

DRV - [2011/08/06 00:52:38 | 000,184,072 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EuFdDisk.sys -- (EUFDDISK)

DRV - [2011/08/06 00:52:36 | 000,042,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)

DRV - [2011/08/06 00:52:30 | 000,016,008 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eudskacs.sys -- (EUDSKACS)

DRV - [2011/08/06 00:52:28 | 000,038,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)

DRV - [2011/07/01 12:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)

DRV - [2010/12/29 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110105.003\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/12/29 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110105.003\NAVENG.SYS -- (NAVENG)

DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)

DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)

DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)

DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)

DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)

DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys -- (motccgpfl)

DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys -- (motccgp)

DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys -- (IPSec)

DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys -- (motport)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)

DRV - [2006/07/24 18:51:34 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)

DRV - [2005/01/25 22:48:52 | 000,305,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)

DRV - [2005/01/25 22:48:52 | 000,037,000 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrtpel.sys -- (SAVRTPEL)

DRV - [2004/08/31 19:23:01 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)

DRV - [2004/03/23 15:48:02 | 000,263,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2004/03/23 15:48:02 | 000,164,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2004/03/23 15:48:02 | 000,136,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO)

DRV - [2004/03/23 15:48:02 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2004/03/23 15:48:02 | 000,051,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2004/03/23 15:48:02 | 000,046,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2004/03/23 15:48:02 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2004/03/23 15:48:02 | 000,010,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2004/03/19 17:41:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)

DRV - [2004/03/19 17:41:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)

DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)

DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)

DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)

DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)

DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2001/07/24 21:21:10 | 000,334,248 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT891x1.sys -- (DCamUSBDXGTech) Fashion Cam 01 Dual-Mode DSC (Video Camera)

DRV - [2001/07/05 12:13:14 | 000,018,088 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT890X.SYS -- (GT890x)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



========== FireFox ==========





FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Art\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)





[2011/08/28 16:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Application Data\Mozilla\Extensions



========== Chrome ==========



CHR - Extension: No name found = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\



O1 HOSTS File: ([2011/09/26 20:32:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270494171107 (WUWebControl Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD92E848-ECFB-4F6D-BD2D-6D9DB5578BF2}: DhcpNameServer = 192.168.2.1 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2011/09/26 21:04:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/09/26 20:52:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/09/26 20:44:22 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe

[2011/09/26 20:04:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/09/26 20:04:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/09/26 20:04:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/09/26 20:04:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/09/26 20:03:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/26 19:16:47 | 004,228,780 | R--- | C] (Swearware) -- C:\Documents and Settings\Art\Desktop\ComboFix.exe

[2011/09/22 01:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Desktop\My Shared Folder

[2011/09/21 23:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jasc Software

[2011/09/21 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc

[2011/09/21 22:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\SUPERAntiSpyware.com

[2011/09/21 22:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/09/21 21:03:34 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2011/09/21 21:03:34 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe

[2011/09/21 20:42:38 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll

[2011/09/21 07:42:43 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2011/09/19 07:14:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2011/09/19 07:12:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/09/18 01:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\bitpim

[2011/09/18 01:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitPim

[2011/09/18 01:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim

[2011/09/16 04:31:48 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/09/16 04:08:02 | 000,000,000 | ---D | C] -- C:\295b6f360e3123054473

[2011/09/11 11:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\gtk-2.0

[2011/09/11 11:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\.thumbnails

[2011/09/11 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\gegl-0.0

[2011/09/11 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\.gimp-2.6

[2011/09/11 11:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP

[2011/09/11 11:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2011/09/11 11:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\Preclick

[2011/09/09 06:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo

[2011/09/05 10:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\Reflect

[2011/09/05 10:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrium

[2011/09/05 10:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Macrium

[2011/09/05 10:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium

[2011/09/05 10:12:07 | 000,000,000 | ---D | C] -- C:\temp_hkeo1mr3dck

[2011/09/05 10:12:07 | 000,000,000 | ---D | C] -- C:\temp_Backupper

[2011/09/05 09:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Open Source Backup

[2011/09/05 09:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\Open Source Backup

[2011/09/04 21:53:09 | 000,184,072 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys

[2011/09/04 21:53:08 | 000,038,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys

[2011/09/04 21:53:08 | 000,016,008 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys

[2011/09/04 21:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup 3.0

[2011/09/04 21:50:35 | 000,020,616 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe

[2011/09/04 21:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS

[2011/09/04 04:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Combat Engineer

[2011/09/04 04:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\Combat Engineer

[2011/09/04 04:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\#1 Free Minesweeper

[2011/09/04 04:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\SilverCreekCommonFiles

[2011/09/04 04:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\#1 Free Minesweeper

[2011/09/03 05:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll

[2011/08/28 17:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\dvdcss

[2011/08/28 16:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN

[2011/08/28 16:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2011/08/28 16:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\DealRunner

[2011/08/28 16:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 9

[2011/08/28 16:51:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\Administrative Tools

[2011/08/28 16:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\FoxTab FLV Player

[2011/08/28 16:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\DVD Codecs

[2011/08/28 16:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Codecs

[2011/08/28 16:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\BlazeVideo

[2011/08/28 12:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Local Settings\Application Data\Tific

[2011/08/28 12:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\Tific

[2011/08/28 12:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2011/08/28 12:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2011/08/28 11:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Boost

[2005/07/25 15:31:30 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll

[2005/07/25 15:27:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll

[2005/07/25 15:26:58 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll

[2005/07/25 15:25:40 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgih.exe

[2005/07/25 15:25:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll

[2005/07/25 15:25:18 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcoms.exe

[2005/07/25 15:24:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll

[2005/07/25 15:24:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll

[2005/07/25 15:19:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll



========== Files - Modified Within 30 Days ==========



[2011/09/26 21:09:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2011/09/26 21:07:55 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2011/09/26 21:05:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2011/09/26 21:05:01 | 1608,585,216 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/26 20:32:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2011/09/26 19:11:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe

[2011/09/26 19:07:44 | 004,228,780 | R--- | M] (Swearware) -- C:\Documents and Settings\Art\Desktop\ComboFix.exe

[2011/09/26 14:21:14 | 000,000,981 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI

[2011/09/23 19:52:02 | 000,060,800 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\TrueSight.sys

[2011/09/23 03:06:05 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job

[2011/09/21 23:48:48 | 000,011,407 | ---- | M] () -- C:\Documents and Settings\Art\My Documents\pspbrwse.jbf

[2011/09/21 23:47:47 | 000,001,399 | ---- | M] () -- C:\pspbrwse.jbf

[2011/09/21 23:46:55 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk

[2011/09/21 21:28:16 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk

[2011/09/21 21:03:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat

[2011/09/21 20:40:33 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Art\NTUSER.bak

[2011/09/21 19:38:52 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\magicJack.lnk

[2011/09/19 18:26:59 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk

[2011/09/19 06:52:09 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI

[2011/09/16 22:17:58 | 000,000,544 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Art.job

[2011/09/16 04:31:48 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/09/11 12:32:55 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\Art\.recently-used.xbel

[2011/09/11 11:20:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk

[2011/09/09 04:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll

[2011/09/05 10:51:33 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk

[2011/09/05 09:57:05 | 000,160,704 | ---- | M] () -- C:\WINDOWS\Open Source Backup Uninstaller.exe

[2011/09/04 22:00:51 | 000,276,992 | -HS- | M] () -- C:\EUMONBMP.SYS

[2011/09/04 21:53:06 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 3.0.lnk

[2011/09/04 04:13:16 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Combat Engineer.lnk

[2011/09/04 04:08:04 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Play Minesweeper.lnk

[2011/09/02 12:46:17 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Outlook.lnk

[2011/08/28 16:54:04 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2011/08/28 16:32:29 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\Art\Application Data\burnaware.ini

[2011/08/28 11:49:44 | 000,000,139 | ---- | M] () -- C:\WINDOWS\wininit.ini



========== Files Created - No Company Name ==========



[2011/09/26 20:04:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/09/26 20:04:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/09/26 20:04:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/09/26 20:04:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/09/26 20:04:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/09/26 19:21:35 | 1608,585,216 | -HS- | C] () -- C:\hiberfil.sys

[2011/09/23 19:50:09 | 000,060,800 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\TrueSight.sys

[2011/09/21 23:48:48 | 000,011,407 | ---- | C] () -- C:\Documents and Settings\Art\My Documents\pspbrwse.jbf

[2011/09/21 23:47:47 | 000,001,399 | ---- | C] () -- C:\pspbrwse.jbf

[2011/09/21 23:32:04 | 000,002,523 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk

[2011/09/21 21:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat

[2011/09/11 12:32:55 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\Art\.recently-used.xbel

[2011/09/11 11:20:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk

[2011/09/05 10:28:19 | 000,002,375 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk

[2011/09/05 09:57:05 | 000,160,704 | ---- | C] () -- C:\WINDOWS\Open Source Backup Uninstaller.exe

[2011/09/04 22:00:51 | 000,276,992 | -HS- | C] () -- C:\EUMONBMP.SYS

[2011/09/04 21:53:07 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys

[2011/09/04 21:53:06 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 3.0.lnk

[2011/09/04 04:13:16 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Combat Engineer.lnk

[2011/09/04 04:08:04 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Play Minesweeper.lnk

[2011/09/02 12:45:40 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Outlook.lnk

[2011/08/28 16:54:04 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2011/08/27 23:45:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\GkSui16.EXE

[2011/08/21 11:55:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/08/21 11:23:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll

[2011/08/21 11:23:40 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini

[2011/03/06 17:47:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI

[2011/03/06 17:39:16 | 000,041,016 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/03/06 17:38:36 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe

[2011/02/26 23:49:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GTCODEC.DLL

[2011/02/26 23:49:17 | 000,000,598 | ---- | C] () -- C:\WINDOWS\FashionCam01.ini

[2011/02/26 23:49:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\AVIMaker.INI

[2011/02/26 21:51:47 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat

[2011/01/23 14:40:32 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI

[2011/01/18 22:50:21 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\Art\Application Data\burnaware.ini

[2010/12/19 12:36:42 | 000,136,210 | ---- | C] () -- C:\WINDOWS\hpwins10.dat

[2010/12/19 12:36:08 | 000,010,376 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat

[2010/11/16 18:23:54 | 000,000,613 | ---- | C] () -- C:\WINDOWS\wizards.ini

[2010/10/12 00:15:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/03 08:23:59 | 000,000,300 | ---- | C] () -- C:\WINDOWS\sporting.ini

[2010/09/26 11:08:43 | 000,000,535 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2010/09/23 20:43:19 | 000,001,243 | ---- | C] () -- C:\WINDOWS\fpexplor.INI

[2010/09/23 20:39:25 | 000,000,459 | ---- | C] () -- C:\WINDOWS\frontpg.ini

[2010/09/21 17:08:01 | 000,006,172 | ---- | C] () -- C:\WINDOWS\hplj1300.ini

[2010/08/29 06:24:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2010/08/08 12:20:53 | 002,304,558 | ---- | C] () -- C:\WINDOWS\BrunetteShow.dat

[2010/08/08 12:17:18 | 000,000,571 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini

[2010/08/08 12:17:16 | 003,719,606 | ---- | C] () -- C:\WINDOWS\STRIPSHOW.dat

[2010/08/08 12:17:16 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe

[2010/06/12 20:44:29 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/06 10:20:15 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\fusioncache.dat

[2010/04/06 08:51:38 | 002,319,536 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll

[2010/04/06 08:51:17 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe

[2010/04/06 08:51:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe

[2010/04/06 06:38:48 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2010/04/06 04:01:12 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2010/04/05 21:58:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2010/04/05 14:25:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/04/05 07:23:39 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini

[2010/04/05 07:23:37 | 000,000,981 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2010/04/05 07:23:36 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT

[2008/05/26 22:18:18 | 000,184,832 | ---- | C] () -- C:\WINDOWS\System32\searchprotocolhost.exe

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/07/07 05:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll

[2004/08/31 19:30:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/08/31 19:26:32 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2004/08/31 19:23:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\symlcbrd.sys

[2004/08/31 19:22:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/08/31 19:17:45 | 000,000,139 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/08/31 19:06:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT

[2004/08/31 19:04:42 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT

[2004/08/31 19:04:42 | 000,088,652 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT

[2004/08/31 19:04:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/08/31 18:52:26 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/05/26 15:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE

[2004/03/20 13:22:58 | 000,611,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/03/20 13:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/03/20 12:58:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/03/20 12:55:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/03/19 17:41:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT

[2004/03/19 17:41:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT

[2004/03/19 17:40:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

[2004/03/19 17:39:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT

[2004/03/19 17:39:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN

[2004/03/19 17:38:18 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys

[2004/03/19 17:36:56 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT

[2004/03/19 17:35:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2002/09/03 08:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN

[2002/09/03 08:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT

[2001/07/31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL



========== Alternate Data Streams ==========



@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:307AA992



< End of report >
___________________________________________________________________________________________________________________________________________________________________

OTL Extras logfile created on: 9/26/2011 9:09:10 PM - Run 4

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Art\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



1.50 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 73.30% Memory free

3.60 Gb Paging File | 3.39 Gb Available in Paging File | 94.06% Paging File free

Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.71 Gb Total Space | 5.06 Gb Free Space | 15.00% Space Free | Partition Type: NTFS

Drive D: | 6.00 Gb Total Space | 1.88 Gb Free Space | 31.27% Space Free | Partition Type: NTFS



Computer Name: ARTS | User Name: Art | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



========== Extra Registry (SafeList) ==========





========== File Associations ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l



========== Shell Spawning ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)



========== Security Center Settings ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]



========== System Restore Settings ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2



========== Firewall Settings ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]



[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009



========== Authorized Applications List ==========



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw -- ()

"C:\Program Files\microsoft frontpage\bin\fpexplor.exe" = C:\Program Files\microsoft frontpage\bin\fpexplor.exe:*:Disabled:Microsoft FrontPage Explorer -- (Microsoft Corporation)

"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)

"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Documents and Settings\Art\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Art\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)

"D:\misc install\PDFReader_Setup.exe" = D:\misc install\PDFReader_Setup.exe:*:Enabled:InstallCore™ -- (InstallCore© Technologies )

"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Program Files\Webshots\3.1.5.7617\Webshots.scr" = C:\Program Files\Webshots\3.1.5.7617\Webshots.scr:*:Enabled:Webshots Photo Manager -- (Webshots.com)





========== HKEY_LOCAL_MACHINE Uninstall List ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"#1 Free Minesweeper" = #1 Free Minesweeper

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security

"{1485B7CD-4CBD-4039-8EAE-5A22993D7F54}" = hp LaserJet 1150 / 1300

"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update

"{152BF35B-56D7-4652-B519-1661AAC270EE}" = The Print Shop 20

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21

"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}" = HP Officejet All-In-One Series

"{40724630-C95F-449d-B71D-777CFDE9EA21}" = J5700

"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan

"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext

"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support

"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security

"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security

"{4945EDF1-CEA8-4FE2-BC48-82C69EBA9695}" = FashionCam 01

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security

"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2

"{5D0F0C1F-46B0-4AA2-B8DC-02E5FE777C19}" = 5700_Help

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax

"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime

"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization

"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007

"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}" = Norton Internet Security

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status

"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A398F2DC-D706-4bb2-AC38-5532CD229D08}" = CC_ccProxyMSI

"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1

"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{BB912177-24CC-4AEE-8329-97D7ACD125D4}" = Macrium Reflect - Free Edition

"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer

"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart

"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder

"{E13A66A4-8A37-451E-B4C5-E60BA0A777E3}" = Preclick PhotoBack Plug-in for HP

"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = Norton Internet Security

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{EBD89E93-9774-433A-A638-27E268519A12}" = Delta60

"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security

"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist

"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement

"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Amazon Kindle" = Amazon Kindle

"Ares" = Ares 2.1.7

"AtomTime Pro_is1" = AtomTime Pro 3.1d

"BurnAware Free_is1" = BurnAware Free 3.1.1

"Combat Engineer" = Combat Engineer v.2.0

"EaseUS Todo Backup Free 3.0_is1" = EaseUS Todo Backup Free 3.0

"EKS Floyd's Bumpershoot" = EKS Floyd's Bumpershoot

"EKS Sherlock" = EKS Sherlock

"ERUNT_is1" = ERUNT 1.1j

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"FrontPage v2.0" = Microsoft FrontPage 97

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPExtendedCapabilities" = HP Customer Participation Program 8.0

"HPOCR" = HP OCR Software 8.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Image Composer" = Microsoft Image Composer 1.0

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"Lexmark 2300 Series" = Lexmark 2300 Series

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"mvl_spor" = mvl_spor

"Neopets" = Neopets

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Open Source Backup" = Open Source Backup

"Quicken 2002 New User Edition" = Quicken 2002 New User Edition

"Shockwave" = Shockwave

"Sierra Utilities" = Sierra Utilities

"STANDARDR" = Microsoft Office Standard 2007

"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security (Symantec Corporation)

"Unlocker" = Unlocker 1.9.1

"Verizon V CAST Media Manager" = Verizon V CAST Media Manager

"VLC media player" = VideoLAN VLC media player 0.8.6f

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WebPost" = Microsoft Web Publishing Wizard 1.52

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Works" = Microsoft Works 4.5

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Search Defender" = Yahoo! Search Protection

"Yahoo! Software Update" = Yahoo! Software Update



========== HKEY_CURRENT_USER Uninstall List ==========



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 4.1.0.366

"magicJack" = magicJack

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8



========== Last 10 Event Log Errors ==========



[ Application Events ]

Error - 9/23/2011 5:01:19 AM | Computer Name = ARTS | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'

could not be installed. Error code 1603. Additional information is available in

the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.



Error - 9/23/2011 5:01:20 AM | Computer Name = ARTS | Source = NativeWrapper | ID = 5000

Description =



Error - 9/23/2011 8:17:50 PM | Computer Name = ARTS | Source = SNDSrvc | ID = 13

Description =



Error - 9/23/2011 11:26:46 PM | Computer Name = ARTS | Source = SNDSrvc | ID = 13

Description =



Error - 9/26/2011 8:21:57 PM | Computer Name = ARTS | Source = SNDSrvc | ID = 13

Description =



Error - 9/26/2011 8:27:38 PM | Computer Name = ARTS | Source = MsiInstaller | ID = 11706

Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source

could be found for product Microsoft .NET Framework 1.1. The Windows installer

cannot continue.



Error - 9/26/2011 8:27:42 PM | Computer Name = ARTS | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'

could not be installed. Error code 1603. Additional information is available in

the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.



Error - 9/26/2011 8:27:46 PM | Computer Name = ARTS | Source = NativeWrapper | ID = 5000

Description =



Error - 9/26/2011 9:15:48 PM | Computer Name = ARTS | Source = JavaQuickStarterService | ID = 1

Description =



Error - 9/26/2011 9:15:53 PM | Computer Name = ARTS | Source = SNDSrvc | ID = 13

Description =



[ System Events ]

Error - 9/2/2011 5:00:59 AM | Computer Name = ARTS | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on

Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).



Error - 9/2/2011 8:47:44 AM | Computer Name = ARTS | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service WSearch with

arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}



Error - 9/2/2011 12:57:08 PM | Computer Name = ARTS | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service WSearch with

arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}



Error - 9/2/2011 1:04:34 PM | Computer Name = ARTS | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service WSearch with

arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}



Error - 9/2/2011 1:29:49 PM | Computer Name = ARTS | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service WSearch with

arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}



Error - 9/2/2011 1:37:12 PM | Computer Name = ARTS | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}



Error - 9/2/2011 1:44:37 PM | Computer Name = ARTS | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}



Error - 9/2/2011 1:45:48 PM | Computer Name = ARTS | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}



Error - 9/2/2011 1:48:45 PM | Computer Name = ARTS | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service WSearch with

arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}



Error - 9/3/2011 5:00:59 AM | Computer Name = ARTS | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on

Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).





< End of report >
____________________________________________________________________________________________________________________________________________________________

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-09-26 21:20:57

-----------------------------

21:20:57.875 OS Version: Windows 5.1.2600 Service Pack 3

21:20:57.875 Number of processors: 1 586 0x209

21:20:57.875 ComputerName: ARTS UserName: Art

21:20:59.328 Initialize success

21:21:16.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

21:21:16.140 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3

21:21:16.140 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c

21:21:16.140 Disk 1 Vendor: ST36423A 3.05 Size: 6149MB BusType: 3

21:21:18.171 Disk 0 MBR read successfully

21:21:18.171 Disk 0 MBR scan

21:21:18.171 Disk 0 unknown MBR code

21:21:18.171 Disk 0 scanning sectors +78108030

21:21:18.250 Disk 0 scanning C:\WINDOWS\system32\drivers

21:21:29.718 Service scanning

21:21:30.687 Modules scanning

21:21:38.765 Disk 0 trace - called modules:

21:21:38.796 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

21:21:38.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a25dab8]

21:21:39.328 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a275b00]

21:21:39.328 Scan finished successfully

21:21:52.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Art\Desktop\MBR.dat"

21:21:52.453 The log file has been saved successfully to "C:\Documents and Settings\Art\Desktop\aswMBR.txt"
  • 0

#5
michaelg9
Posted 27 September 2011 - 05:03 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello there,

1- if I do a format and restore from the restore partition on the hd would that be considered safe
2- the computer was disconnected from the network within 1 day of getting infected
3- I am using a router which has built in firewall as well as a modem which is napt enabled
4- the only passwords on the computer are for email
5- I am the the only user
6- I do have quicken on it for my checking acc bookkeeping only no online banking

those things considered what would you honestly suggest as the next step---clean or reformat

also what are the chances that my backup hd is corrupt


1- It depends from what the recovery partition restores. I've seen cases where the user had an infected Master Boot Record, and even after the restore of a recovery partition the infection was there because the Master Boot Record wasn't restored too. I can't tell you for sure that after such restore your computer would be 100% safe.

What the backdoor warning says is that, if you are using the specific computer for online banking or any other personal data that would cause you big trouble in case of someone else could access them, then to be 100% sure that your data are safe even after we clean the computer would be a reformat and re-install. It's up to you to think what private data have been used on this computer and whether these are a good reason for you to reformat.



Next:

Go to Start > Control Panel and double click Add/Remove Programs. Uninstall the following programs:

Norton Internet Security
Norton WMI Update
Java™ 6 Update 20
Java™ 6 Update 21
Norton AntiSpam
Norton Internet Security
Norton Internet Security
Java Auto Updater
Norton Internet Security
Norton AntiSpam
Java 2 Runtime Environment, SE v1.4.2_03
Norton Internet Security
Norton AntiVirus
Symantec Script Blocking Installer
EaseUS Todo Backup Free 3.0
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Neopets


Some programs appear many times, if you find the same program multiple times, please uninstall them all.
I want you to delete anything related to Symantec antivirus, Java and EaseUS Todo Backup as they're patched.
You can install them again after we finish, but I'll suggest you a new antivirus program instead of symantec


Next:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::

Folder::
c:\windows\$NtUninstallKB27593$

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"=-

[-HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

[-HKEY_CLASSES_ROOT\agihelper.AGUtils]

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2011/08/06 00:51:50 | 000,051,848 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
    SRV - File not found [Disabled | Stopped] -- -- (WSearch)
    SRV - File not found [Auto | Stopped] -- -- (SymWSC)
    SRV - File not found [Auto | Stopped] -- -- (Symantec Core LC)
    SRV - File not found [Auto | Stopped] -- -- (SNDSrvc)
    SRV - File not found [Auto | Stopped] -- -- (SBService)
    SRV - File not found [On_Demand | Stopped] -- -- (SAVScan)
    SRV - File not found [Unknown | Stopped] -- -- (PCCUJobMgr)
    SRV - File not found [Auto | Stopped] -- -- (Norton PC Checkup Application Launcher)
    SRV - File not found [On_Demand | Stopped] -- -- (navapsvc)
    SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
    SRV - File not found [Auto | Stopped] -- -- (EaseUS Agent)
    SRV - File not found [Auto | Stopped] -- -- (ccSetMgr)
    SRV - File not found [Auto | Stopped] -- -- (ccProxy)
    SRV - File not found [Auto | Stopped] -- -- (ccEvtMgr)
    O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    /md5start
    ipsec.sys
    /md5stop

  • Click the Quick Scan button. Post the log it produces in your next reply.



Next:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#6
arwier
Posted 29 September 2011 - 07:17 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
ComboFix 11-09-26.02 - Art 09/27/2011 20:56:52.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1008 [GMT -5:00]
Running from: c:\documents and settings\Art\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Art\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\d3d9caps.dat
c:\windows\$NtUninstallKB27593$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-27 01:52 . 2011-09-27 01:52 -------- d-----w- C:\_OTL
2011-09-24 21:44 . 2011-09-24 21:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webshots
2011-09-24 21:12 . 2011-09-24 21:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2011-09-24 01:19 . 2011-09-24 01:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-09-22 04:29 . 2011-09-22 04:31 -------- d-----w- c:\program files\Jasc Software Inc
2011-09-22 03:06 . 2011-09-22 03:06 -------- d-----w- c:\documents and settings\Art\Application Data\SUPERAntiSpyware.com
2011-09-22 03:06 . 2011-09-22 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-22 02:03 . 2010-11-09 19:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-22 02:03 . 2010-11-09 19:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-09-22 01:42 . 2004-02-10 16:50 155648 ----a-w- c:\windows\system32\igfxres.dll
2011-09-21 12:42 . 2011-09-21 12:42 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-09-19 12:14 . 2011-09-19 12:14 -------- d--h--w- c:\windows\PIF
2011-09-19 11:03 . 2011-09-19 11:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group
2011-09-19 10:47 . 2011-09-19 10:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2011-09-19 10:46 . 2011-09-19 10:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2011-09-19 10:46 . 2011-09-19 10:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2011-09-18 06:26 . 2011-09-18 06:26 -------- d-----w- c:\program files\BitPim
2011-09-16 09:31 . 2011-09-16 09:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-16 09:08 . 2011-09-16 09:08 -------- d-----w- C:\295b6f360e3123054473
2011-09-11 16:22 . 2011-09-11 16:22 -------- d-----w- c:\documents and settings\Art\Application Data\gtk-2.0
2011-09-11 16:22 . 2011-09-11 16:22 -------- d-----w- c:\documents and settings\Art\.thumbnails
2011-09-11 16:21 . 2011-09-22 02:06 -------- d-----w- c:\documents and settings\Art\.gimp-2.6
2011-09-11 16:20 . 2011-09-11 16:20 -------- d-----w- c:\program files\GIMP-2.0
2011-09-11 16:03 . 2011-09-11 16:03 -------- d-----w- c:\documents and settings\Art\Application Data\Preclick
2011-09-09 11:05 . 2011-09-09 11:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2011-09-05 15:29 . 2011-09-05 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2011-09-05 15:28 . 2011-09-05 15:28 -------- d-----w- c:\program files\Macrium
2011-09-05 15:12 . 2011-09-05 15:12 -------- d-----w- C:\temp_hkeo1mr3dck
2011-09-05 15:12 . 2011-09-05 15:12 -------- d-----w- C:\temp_Backupper
2011-09-05 14:57 . 2011-09-05 14:57 160704 ----a-w- c:\windows\Open Source Backup Uninstaller.exe
2011-09-05 14:57 . 2011-09-05 14:57 -------- d-----w- c:\program files\Open Source Backup
2011-09-05 03:00 . 2011-09-05 03:00 276992 --sha-w- C:\EUMONBMP.SYS
2011-09-05 02:53 . 2011-08-06 05:52 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-09-05 02:53 . 2011-08-06 05:52 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-09-05 02:53 . 2011-08-06 05:52 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-09-05 02:53 . 2011-08-06 05:52 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-09-05 02:50 . 2011-09-05 02:50 -------- d-----w- c:\program files\EaseUS
2011-09-04 09:13 . 2011-09-04 09:13 -------- d-----w- c:\program files\Combat Engineer
2011-09-04 09:07 . 2011-09-04 09:07 -------- d-----w- c:\program files\SilverCreekCommonFiles
2011-09-04 09:07 . 2011-09-27 03:12 -------- d-----w- c:\program files\#1 Free Minesweeper
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2002-09-23 15:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-11-18 11:27 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-03-19 22:40 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-01 17:56 . 2011-07-01 17:56 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2011-07-01 17:55 . 2011-07-01 17:55 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2011-07-01 17:55 . 2011-07-01 17:55 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-27_01.32.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-27 23:36 . 2011-09-27 23:36 262144 c:\windows\ERDNT\AutoBackup\9-27-2011\Users\00000002\UsrClass.dat
+ 2011-09-27 23:36 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\9-27-2011\ERDNT.EXE
+ 2011-09-27 09:09 . 2011-09-27 09:09 711680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\8374c8f256058ae7790d53419a66c014\System.Web.DynamicData.ni.dll
+ 2011-09-27 09:14 . 2011-09-27 09:14 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\0df91adfb9c0e51b7b967d61e8151b78\System.Transactions.ni.dll
- 2011-06-15 10:53 . 2011-06-15 10:53 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\0df91adfb9c0e51b7b967d61e8151b78\System.Transactions.ni.dll
+ 2011-09-27 09:14 . 2011-09-27 09:14 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.Wrapper.dll
- 2011-06-15 10:53 . 2011-06-15 10:53 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.Wrapper.dll
- 2011-06-15 10:53 . 2011-06-15 10:53 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.ni.dll
+ 2011-09-27 09:14 . 2011-09-27 09:14 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.ni.dll
+ 2011-09-27 09:03 . 2011-09-27 09:03 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\8e0296bb72bc508991212f4c60a493a0\ComSvcConfig.ni.exe
- 2011-06-15 10:11 . 2011-06-15 10:11 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\8e0296bb72bc508991212f4c60a493a0\ComSvcConfig.ni.exe
+ 2011-09-27 23:36 . 2011-09-27 23:36 4243456 c:\windows\ERDNT\AutoBackup\9-27-2011\Users\00000001\NTUSER.DAT
+ 2011-09-27 09:13 . 2011-09-27 09:13 4461568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\eaaa5d5fe5bca41302986ef64dd73f6d\System.Workflow.ComponentModel.ni.dll
- 2011-06-15 12:40 . 2011-06-15 12:40 4461568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\eaaa5d5fe5bca41302986ef64dd73f6d\System.Workflow.ComponentModel.ni.dll
+ 2011-09-27 09:13 . 2011-09-27 09:13 1895424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\c313e0b2791a2924838c30459ff5f2af\System.Web.Services.ni.dll
- 2011-06-15 10:54 . 2011-06-15 10:54 1895424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\c313e0b2791a2924838c30459ff5f2af\System.Web.Services.ni.dll
+ 2011-09-27 09:06 . 2011-09-27 09:06 3101184 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\cde2bf65e1d7dd62b2b94175776eb2dc\System.Web.Extensions.ni.dll
+ 2011-09-27 09:14 . 2011-09-27 09:14 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
- 2011-06-15 09:20 . 2011-06-15 09:20 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
+ 2011-09-27 09:13 . 2011-09-27 09:13 1193984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\b79b606f95f1a745c1068f4c3c794cab\System.Data.OracleClient.ni.dll
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\17cb4f0.msp
- 2011-06-15 10:54 . 2011-06-15 10:54 11993088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\b41d16c906e76aae419a021a293ee7ce\System.Web.ni.dll
+ 2011-09-27 09:13 . 2011-09-27 09:13 11993088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\b41d16c906e76aae419a021a293ee7ce\System.Web.ni.dll
- 2011-06-15 12:39 . 2011-06-15 12:39 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
+ 2011-09-27 09:12 . 2011-09-27 09:12 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 04:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-06-26 421888]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\Art\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-4-7 157088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HLBackupScheduler]
2010-12-08 09:24 5247624 ----a-w- c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"srservice"=2 (0x2)
"mnmsrvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=3 (0x3)
"Browser"=3 (0x3)
"WSearch"=2 (0x2)
"TrkWks"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"seclogon"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"Dot3svc"=3 (0x3)
"CiSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Art\\Application Data\\mjusbsp\\magicJack.exe"=
"d:\\misc install\\PDFReader_Setup.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Webshots\\3.1.5.7617\\Webshots.scr"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\SYSTEM32\DRIVERS\pssnap.sys [7/1/2011 12:55 PM 16024]
R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [9/21/2011 9:03 PM 98392]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/6/2010 8:51 AM 711352]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/6/2010 8:51 AM 711352]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe --> c:\program files\EaseUS\Todo Backup\bin\Agent.exe [?]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe /s --> c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [?]
S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe" /s "PCCUJobMgr" /m "c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll" /prefetch:1 --> c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 8:18 PM 23680]
S3 Revoflt;Revoflt;c:\windows\SYSTEM32\DRIVERS\revoflt.sys [8/8/2010 1:35 PM 27064]
S3 TrueSight;TrueSight;c:\documents and settings\Art\Desktop\TrueSight.sys [9/23/2011 7:50 PM 60800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/1/2011 12:55 PM 220824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
- c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2010-04-10 14:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0bc6e3fa-78ef-4886-842c-5a1258c4455a} - (no file)
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-27 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(172)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Webshots\315~1.761\Webshots.scr
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\System32\tcpsvcs.exe
c:\program files\iolo\System Mechanic Professional\SMTrayNotify.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-27 21:14:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-28 02:14
.
Pre-Run: 5,627,609,088 bytes free
Post-Run: 5,623,541,760 bytes free
.
- - End Of File - - 28A92769DDDDAA55DD826C6F56B4DD38
____________________________________________________________________________________________________________________________________________________________________

OTL logfile created on: 9/29/2011 7:52:51 PM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Art\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 73.80% Memory free
3.60 Gb Paging File | 3.39 Gb Available in Paging File | 94.15% Paging File free
Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 4.43 Gb Free Space | 13.14% Space Free | Partition Type: NTFS
Drive D: | 6.00 Gb Total Space | 1.88 Gb Free Space | 31.27% Space Free | Partition Type: NTFS
Drive G: | 1.86 Gb Total Space | 1.72 Gb Free Space | 92.60% Space Free | Partition Type: FAT

Computer Name: ARTS | User Name: Art | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/26 19:11:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
PRC - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/08 13:38:16 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7617\Webshots.scr
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2006/12/10 22:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 22:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (HidServ)
SRV - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - [2011/09/23 19:52:02 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Art\Desktop\TrueSight.sys -- (TrueSight)
DRV - [2011/07/01 12:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys -- (motccgp)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys -- (IPSec)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2006/07/24 18:51:34 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2004/03/19 17:41:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2004/03/19 17:41:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/07/24 21:21:10 | 000,334,248 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT891x1.sys -- (DCamUSBDXGTech) Fashion Cam 01 Dual-Mode DSC (Video Camera)
DRV - [2001/07/05 12:13:14 | 000,018,088 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT890X.SYS -- (GT890x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Art\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)


[2011/08/28 16:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\

O1 HOSTS File: ([2011/09/27 21:06:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270494171107 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD92E848-ECFB-4F6D-BD2D-6D9DB5578BF2}: DhcpNameServer = 192.168.2.1 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/29 19:44:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/27 21:04:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/26 21:20:49 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Art\Desktop\aswMBR.exe
[2011/09/26 20:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/26 20:44:22 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
[2011/09/26 20:04:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/26 20:04:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/26 20:04:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/26 20:04:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/26 20:03:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/26 19:16:47 | 004,228,780 | R--- | C] (Swearware) -- C:\Documents and Settings\Art\Desktop\ComboFix.exe
[2011/09/22 01:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Desktop\My Shared Folder
[2011/09/21 23:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jasc Software
[2011/09/21 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2011/09/21 22:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\SUPERAntiSpyware.com
[2011/09/21 22:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/21 21:03:34 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/21 21:03:34 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/09/21 07:42:43 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/09/19 07:14:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/19 07:12:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/09/18 01:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\bitpim
[2011/09/18 01:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitPim
[2011/09/18 01:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim
[2011/09/16 04:08:02 | 000,000,000 | ---D | C] -- C:\295b6f360e3123054473
[2011/09/11 11:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\gtk-2.0
[2011/09/11 11:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\.thumbnails
[2011/09/11 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\gegl-0.0
[2011/09/11 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\.gimp-2.6
[2011/09/11 11:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
[2011/09/11 11:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011/09/11 11:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\Preclick
[2011/09/09 06:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2011/09/05 10:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\Reflect
[2011/09/05 10:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/09/05 10:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
[2011/09/05 10:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2011/09/05 10:12:07 | 000,000,000 | ---D | C] -- C:\temp_hkeo1mr3dck
[2011/09/05 10:12:07 | 000,000,000 | ---D | C] -- C:\temp_Backupper
[2011/09/05 09:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Open Source Backup
[2011/09/05 09:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\Open Source Backup
[2011/09/04 21:53:09 | 000,184,072 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2011/09/04 21:53:08 | 000,038,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2011/09/04 21:53:08 | 000,016,008 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2011/09/04 21:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2011/09/04 04:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Combat Engineer
[2011/09/04 04:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\Combat Engineer
[2011/09/04 04:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\#1 Free Minesweeper
[2011/09/04 04:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\SilverCreekCommonFiles
[2011/09/04 04:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\#1 Free Minesweeper
[2005/07/25 15:31:30 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2005/07/25 15:27:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2005/07/25 15:26:58 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2005/07/25 15:25:40 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgih.exe
[2005/07/25 15:25:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2005/07/25 15:25:18 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcoms.exe
[2005/07/25 15:24:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2005/07/25 15:24:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2005/07/25 15:19:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll

========== Files - Modified Within 30 Days ==========

[2011/09/29 19:48:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/09/29 19:45:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/09/29 19:45:25 | 1608,585,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/29 03:06:18 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2011/09/28 07:39:05 | 000,000,981 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/09/27 21:06:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/09/27 12:11:17 | 000,013,379 | ---- | M] () -- C:\Program Files\QUICKENW.QIF
[2011/09/26 22:06:20 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2011/09/26 21:20:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Art\Desktop\aswMBR.exe
[2011/09/26 19:11:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
[2011/09/26 19:07:44 | 004,228,780 | R--- | M] (Swearware) -- C:\Documents and Settings\Art\Desktop\ComboFix.exe
[2011/09/23 19:52:02 | 000,060,800 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\TrueSight.sys
[2011/09/21 23:48:48 | 000,011,407 | ---- | M] () -- C:\Documents and Settings\Art\My Documents\pspbrwse.jbf
[2011/09/21 23:47:47 | 000,001,399 | ---- | M] () -- C:\pspbrwse.jbf
[2011/09/21 21:28:16 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/21 21:03:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/21 20:40:33 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Art\NTUSER.bak
[2011/09/21 19:38:52 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\magicJack.lnk
[2011/09/19 18:26:59 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk
[2011/09/19 06:52:09 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/09/11 12:32:55 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\Art\.recently-used.xbel
[2011/09/11 11:20:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2011/09/05 10:51:33 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk
[2011/09/05 09:57:05 | 000,160,704 | ---- | M] () -- C:\WINDOWS\Open Source Backup Uninstaller.exe
[2011/09/04 22:00:51 | 000,276,992 | -HS- | M] () -- C:\EUMONBMP.SYS
[2011/09/04 04:13:16 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Combat Engineer.lnk
[2011/09/04 04:08:04 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Play Minesweeper.lnk
[2011/09/02 12:46:17 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Outlook.lnk

========== Files Created - No Company Name ==========

[2011/09/27 12:08:09 | 000,013,379 | ---- | C] () -- C:\Program Files\QUICKENW.QIF
[2011/09/26 20:04:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/26 20:04:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/26 20:04:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/26 20:04:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/26 20:04:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/26 19:21:35 | 1608,585,216 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/23 19:50:09 | 000,060,800 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\TrueSight.sys
[2011/09/21 23:48:48 | 000,011,407 | ---- | C] () -- C:\Documents and Settings\Art\My Documents\pspbrwse.jbf
[2011/09/21 23:47:47 | 000,001,399 | ---- | C] () -- C:\pspbrwse.jbf
[2011/09/21 23:32:04 | 000,002,523 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2011/09/21 21:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/11 12:32:55 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\Art\.recently-used.xbel
[2011/09/11 11:20:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2011/09/05 10:28:19 | 000,002,375 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk
[2011/09/05 09:57:05 | 000,160,704 | ---- | C] () -- C:\WINDOWS\Open Source Backup Uninstaller.exe
[2011/09/04 22:00:51 | 000,276,992 | -HS- | C] () -- C:\EUMONBMP.SYS
[2011/09/04 21:53:07 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/09/04 04:13:16 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Combat Engineer.lnk
[2011/09/04 04:08:04 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Play Minesweeper.lnk
[2011/09/02 12:45:40 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Outlook.lnk
[2011/08/27 23:45:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\GkSui16.EXE
[2011/08/21 11:55:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/21 11:23:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/08/21 11:23:40 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/03/06 17:47:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2011/03/06 17:39:16 | 000,041,016 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/06 17:38:36 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2011/02/26 23:49:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GTCODEC.DLL
[2011/02/26 23:49:17 | 000,000,598 | ---- | C] () -- C:\WINDOWS\FashionCam01.ini
[2011/02/26 23:49:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\AVIMaker.INI
[2011/02/26 21:51:47 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2011/01/23 14:40:32 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2011/01/18 22:50:21 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\Art\Application Data\burnaware.ini
[2010/12/19 12:36:42 | 000,136,210 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/12/19 12:36:08 | 000,010,376 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2010/11/16 18:23:54 | 000,000,613 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2010/10/12 00:15:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/03 08:23:59 | 000,000,300 | ---- | C] () -- C:\WINDOWS\sporting.ini
[2010/09/26 11:08:43 | 000,000,535 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/09/23 20:43:19 | 000,001,243 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2010/09/23 20:39:25 | 000,000,459 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2010/09/21 17:08:01 | 000,006,172 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2010/08/29 06:24:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/08/08 12:20:53 | 002,304,558 | ---- | C] () -- C:\WINDOWS\BrunetteShow.dat
[2010/08/08 12:17:18 | 000,000,571 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2010/08/08 12:17:16 | 003,719,606 | ---- | C] () -- C:\WINDOWS\STRIPSHOW.dat
[2010/08/08 12:17:16 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2010/06/12 20:44:29 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 10:20:15 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\fusioncache.dat
[2010/04/06 08:51:38 | 002,319,536 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/04/06 08:51:17 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/04/06 08:51:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2010/04/06 06:38:48 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/04/06 04:01:12 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/04/05 21:58:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/04/05 14:25:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/04/05 07:23:39 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2010/04/05 07:23:37 | 000,000,981 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/04/05 07:23:36 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2008/05/26 22:18:18 | 000,184,832 | ---- | C] () -- C:\WINDOWS\System32\searchprotocolhost.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/07/07 05:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2004/08/31 19:30:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/31 19:26:32 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/08/31 19:22:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/31 19:17:45 | 000,000,139 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/31 19:06:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/08/31 19:04:42 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/08/31 19:04:42 | 000,088,652 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/08/31 19:04:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/31 18:52:26 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/26 15:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/03/20 13:22:58 | 000,611,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/03/20 13:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 12:58:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/20 12:55:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/03/19 17:41:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/03/19 17:41:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/03/19 17:40:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/03/19 17:39:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/03/19 17:39:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/03/19 17:38:18 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys
[2004/03/19 17:36:56 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/03/19 17:35:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/03 08:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 08:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/07/31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/04/07 07:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2010/09/25 23:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/08/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/08/07 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E222
[2010/04/25 18:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garden Planner
[2011/04/27 07:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/08/21 11:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/09/05 10:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/23 13:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/02/26 23:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/25 23:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011/03/07 21:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/03 19:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/17 13:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager
[2011/02/16 13:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/18 03:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\AGI
[2010/04/06 03:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Auslogics
[2011/06/10 01:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Ewen Chia's My Free Website Builder
[2010/05/01 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Garden Planner
[2011/04/03 17:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\GetRightToGo
[2011/09/11 11:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\gtk-2.0
[2011/09/11 11:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Image Zone Express
[2011/03/06 10:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\iolo
[2011/09/21 19:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\mjusbsp
[2011/09/27 20:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Neopets Toolbar
[2010/10/29 18:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\OpenOffice.org
[2010/10/10 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Opera
[2011/09/11 11:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Preclick
[2011/09/11 10:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Printer Info Cache
[2011/05/19 18:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\SumatraPDF
[2011/08/28 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Tific
[2010/08/11 12:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\VS Revo Group
[2010/04/07 07:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Webshots
[2011/04/12 22:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Desktop Search
[2011/07/28 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Search
[2011/09/29 03:06:18 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: IPSEC.SYS >
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\I386\ipsec.sys
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] () MD5=275E81ECB4EBAC9BA604713A90EBA03B -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys
[2004/08/04 01:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:307AA992

< End of report >
__________________________________________________________________________________________________________________________________________________________________

20:00:33.0031 2948 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
20:00:33.0078 2948 ============================================================
20:00:33.0078 2948 Current date / time: 2011/09/29 20:00:33.0078
20:00:33.0078 2948 SystemInfo:
20:00:33.0078 2948
20:00:33.0078 2948 OS Version: 5.1.2600 ServicePack: 3.0
20:00:33.0078 2948 Product type: Workstation
20:00:33.0078 2948 ComputerName: ARTS
20:00:33.0078 2948 UserName: Art
20:00:33.0078 2948 Windows directory: C:\WINDOWS
20:00:33.0078 2948 System windows directory: C:\WINDOWS
20:00:33.0078 2948 Processor architecture: Intel x86
20:00:33.0078 2948 Number of processors: 1
20:00:33.0078 2948 Page size: 0x1000
20:00:33.0078 2948 Boot type: Normal boot
20:00:33.0078 2948 ============================================================
20:00:34.0531 2948 Initialize success
20:00:44.0968 2964 ============================================================
20:00:44.0968 2964 Scan started
20:00:44.0968 2964 Mode: Manual; SigCheck; TDLFS;
20:00:44.0968 2964 ============================================================
20:00:46.0093 2964 Abiosdsk - ok
20:00:46.0171 2964 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
20:00:47.0578 2964 abp480n5 - ok
20:00:47.0718 2964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:00:47.0937 2964 ACPI - ok
20:00:48.0093 2964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:00:48.0265 2964 ACPIEC - ok
20:00:48.0437 2964 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
20:00:48.0625 2964 adpu160m - ok
20:00:48.0812 2964 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:00:48.0875 2964 aeaudio - ok
20:00:49.0031 2964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:00:49.0187 2964 aec - ok
20:00:49.0343 2964 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
20:00:49.0421 2964 AFD - ok
20:00:49.0609 2964 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
20:00:49.0781 2964 agp440 - ok
20:00:49.0890 2964 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
20:00:50.0078 2964 agpCPQ - ok
20:00:50.0218 2964 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
20:00:50.0296 2964 Aha154x - ok
20:00:50.0515 2964 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
20:00:50.0718 2964 aic78u2 - ok
20:00:50.0859 2964 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
20:00:51.0031 2964 aic78xx - ok
20:00:51.0203 2964 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
20:00:51.0406 2964 AliIde - ok
20:00:51.0531 2964 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
20:00:51.0718 2964 alim1541 - ok
20:00:51.0890 2964 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
20:00:52.0062 2964 amdagp - ok
20:00:52.0265 2964 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
20:00:52.0375 2964 amsint - ok
20:00:52.0515 2964 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
20:00:52.0718 2964 asc - ok
20:00:52.0843 2964 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
20:00:52.0937 2964 asc3350p - ok
20:00:53.0031 2964 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
20:00:53.0218 2964 asc3550 - ok
20:00:53.0406 2964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:00:53.0562 2964 AsyncMac - ok
20:00:53.0703 2964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:00:53.0875 2964 atapi - ok
20:00:53.0984 2964 Atdisk - ok
20:00:54.0093 2964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:00:54.0281 2964 Atmarpc - ok
20:00:54.0453 2964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:00:54.0656 2964 audstub - ok
20:00:54.0843 2964 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:00:54.0906 2964 bcm4sbxp - ok
20:00:55.0078 2964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:00:55.0296 2964 Beep - ok
20:00:55.0312 2964 catchme - ok
20:00:55.0484 2964 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
20:00:55.0656 2964 cbidf - ok
20:00:55.0859 2964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:00:56.0062 2964 cbidf2k - ok
20:00:56.0156 2964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:00:56.0328 2964 CCDECODE - ok
20:00:56.0515 2964 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
20:00:56.0609 2964 cd20xrnt - ok
20:00:56.0781 2964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:00:56.0984 2964 Cdaudio - ok
20:00:57.0125 2964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:00:57.0312 2964 Cdfs - ok
20:00:57.0453 2964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:00:57.0609 2964 Cdrom - ok
20:00:57.0750 2964 Changer - ok
20:00:57.0843 2964 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:00:58.0031 2964 CmBatt - ok
20:00:58.0203 2964 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
20:00:58.0390 2964 CmdIde - ok
20:00:58.0546 2964 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:00:58.0718 2964 Compbatt - ok
20:00:58.0890 2964 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
20:00:59.0109 2964 Cpqarray - ok
20:00:59.0234 2964 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
20:00:59.0421 2964 dac2w2k - ok
20:00:59.0593 2964 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
20:00:59.0796 2964 dac960nt - ok
20:00:59.0953 2964 DCamUSBDXGTech (be7e9fd34914c239b8d25cb58df48374) C:\WINDOWS\system32\Drivers\GT891x1.SYS
20:01:00.0015 2964 DCamUSBDXGTech ( UnsignedFile.Multi.Generic ) - warning
20:01:00.0015 2964 DCamUSBDXGTech - detected UnsignedFile.Multi.Generic (1)
20:01:00.0250 2964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:01:00.0375 2964 Disk - ok
20:01:00.0593 2964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:01:00.0812 2964 dmboot - ok
20:01:00.0953 2964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:01:01.0125 2964 dmio - ok
20:01:01.0265 2964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:01:01.0453 2964 dmload - ok
20:01:01.0578 2964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:01:01.0781 2964 DMusic - ok
20:01:01.0968 2964 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:01:02.0140 2964 dot4 - ok
20:01:02.0281 2964 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
20:01:02.0468 2964 Dot4Print - ok
20:01:02.0656 2964 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:01:02.0859 2964 dot4usb - ok
20:01:02.0968 2964 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
20:01:03.0171 2964 dpti2o - ok
20:01:03.0312 2964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:01:03.0484 2964 drmkaud - ok
20:01:03.0671 2964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:01:03.0843 2964 Fastfat - ok
20:01:04.0078 2964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:01:04.0250 2964 Fdc - ok
20:01:04.0406 2964 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
20:01:04.0421 2964 FileDisk ( UnsignedFile.Multi.Generic ) - warning
20:01:04.0421 2964 FileDisk - detected UnsignedFile.Multi.Generic (1)
20:01:04.0578 2964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:01:04.0765 2964 Fips - ok
20:01:04.0890 2964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:01:05.0078 2964 Flpydisk - ok
20:01:05.0218 2964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:01:05.0390 2964 FltMgr - ok
20:01:05.0500 2964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:01:05.0687 2964 Fs_Rec - ok
20:01:05.0843 2964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:01:06.0046 2964 Ftdisk - ok
20:01:06.0203 2964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:01:06.0375 2964 Gpc - ok
20:01:06.0546 2964 GT890x (8195e2ed60fa447aac46242017615067) C:\WINDOWS\system32\Drivers\GT890x.SYS
20:01:06.0562 2964 GT890x ( UnsignedFile.Multi.Generic ) - warning
20:01:06.0578 2964 GT890x - detected UnsignedFile.Multi.Generic (1)
20:01:06.0687 2964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:01:06.0875 2964 HidUsb - ok
20:01:07.0015 2964 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
20:01:07.0203 2964 hpn - ok
20:01:07.0328 2964 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:01:07.0687 2964 HPZid412 - ok
20:01:07.0875 2964 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:01:07.0937 2964 HPZipr12 - ok
20:01:08.0078 2964 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:01:08.0156 2964 HPZius12 - ok
20:01:08.0281 2964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:01:08.0343 2964 HTTP - ok
20:01:08.0546 2964 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:01:08.0718 2964 i2omgmt - ok
20:01:08.0890 2964 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
20:01:09.0046 2964 i2omp - ok
20:01:09.0203 2964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:01:09.0390 2964 i8042prt - ok
20:01:09.0578 2964 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:01:09.0687 2964 ialm - ok
20:01:09.0890 2964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:01:10.0031 2964 Imapi - ok
20:01:10.0250 2964 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
20:01:10.0453 2964 ini910u - ok
20:01:10.0671 2964 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:01:10.0765 2964 IntelC51 - ok
20:01:11.0031 2964 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:01:11.0093 2964 IntelC52 - ok
20:01:11.0281 2964 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:01:11.0312 2964 IntelC53 - ok
20:01:11.0453 2964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
20:01:11.0640 2964 IntelIde - ok
20:01:11.0796 2964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:01:11.0953 2964 intelppm - ok
20:01:12.0125 2964 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:01:12.0265 2964 ip6fw - ok
20:01:12.0437 2964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:01:12.0640 2964 IpFilterDriver - ok
20:01:12.0796 2964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:01:12.0953 2964 IpInIp - ok
20:01:13.0156 2964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:01:13.0296 2964 IpNat - ok
20:01:13.0468 2964 IPSec (275e81ecb4ebac9ba604713a90eba03b) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:01:13.0484 2964 IPSec ( Rootkit.Win32.ZAccess.g ) - infected
20:01:13.0484 2964 IPSec - detected Rootkit.Win32.ZAccess.g (0)
20:01:13.0546 2964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:01:13.0718 2964 IRENUM - ok
20:01:13.0859 2964 is3srv - ok
20:01:13.0921 2964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:01:14.0062 2964 isapnp - ok
20:01:14.0218 2964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:01:14.0359 2964 Kbdclass - ok
20:01:14.0515 2964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:01:14.0703 2964 kmixer - ok
20:01:14.0859 2964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:01:14.0937 2964 KSecDD - ok
20:01:15.0078 2964 lbrtfdc - ok
20:01:15.0187 2964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:01:15.0375 2964 mnmdd - ok
20:01:15.0515 2964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:01:15.0703 2964 Modem - ok
20:01:15.0859 2964 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:01:16.0031 2964 MODEMCSA - ok
20:01:16.0171 2964 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:01:16.0187 2964 mohfilt - ok
20:01:16.0281 2964 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
20:01:16.0375 2964 motccgp - ok
20:01:16.0578 2964 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
20:01:16.0640 2964 motccgpfl - ok
20:01:16.0796 2964 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
20:01:16.0859 2964 motmodem - ok
20:01:17.0031 2964 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
20:01:17.0062 2964 motport - ok
20:01:17.0218 2964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:01:17.0359 2964 Mouclass - ok
20:01:17.0468 2964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:01:17.0656 2964 mouhid - ok
20:01:17.0796 2964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:01:17.0953 2964 MountMgr - ok
20:01:18.0078 2964 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
20:01:18.0281 2964 mraid35x - ok
20:01:18.0453 2964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:01:18.0609 2964 MRxDAV - ok
20:01:18.0828 2964 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:01:18.0921 2964 MRxSmb - ok
20:01:19.0078 2964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:01:19.0265 2964 Msfs - ok
20:01:19.0406 2964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:01:19.0578 2964 MSKSSRV - ok
20:01:19.0718 2964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:01:19.0859 2964 MSPCLOCK - ok
20:01:20.0062 2964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:01:20.0203 2964 MSPQM - ok
20:01:20.0343 2964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:01:20.0500 2964 mssmbios - ok
20:01:20.0656 2964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:01:20.0828 2964 MSTEE - ok
20:01:20.0968 2964 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:01:21.0015 2964 Mup - ok
20:01:21.0203 2964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:01:21.0390 2964 NABTSFEC - ok
20:01:21.0578 2964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:01:21.0750 2964 NDIS - ok
20:01:21.0921 2964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:01:22.0093 2964 NdisIP - ok
20:01:22.0265 2964 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:01:22.0328 2964 NdisTapi - ok
20:01:22.0484 2964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:01:22.0671 2964 Ndisuio - ok
20:01:22.0843 2964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:01:22.0984 2964 NdisWan - ok
20:01:23.0140 2964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:01:23.0187 2964 NDProxy - ok
20:01:23.0359 2964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:01:23.0500 2964 NetBIOS - ok
20:01:23.0687 2964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:01:23.0843 2964 NetBT - ok
20:01:24.0062 2964 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
20:01:24.0218 2964 nm - ok
20:01:24.0406 2964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:01:24.0546 2964 Npfs - ok
20:01:24.0750 2964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:01:24.0953 2964 Ntfs - ok
20:01:25.0140 2964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:01:25.0296 2964 Null - ok
20:01:25.0437 2964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:01:25.0625 2964 NwlnkFlt - ok
20:01:25.0781 2964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:01:25.0953 2964 NwlnkFwd - ok
20:01:26.0093 2964 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:01:26.0250 2964 NwlnkIpx - ok
20:01:26.0406 2964 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:01:26.0562 2964 NwlnkNb - ok
20:01:26.0734 2964 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:01:26.0921 2964 NwlnkSpx - ok
20:01:27.0093 2964 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
20:01:27.0109 2964 omci ( UnsignedFile.Multi.Generic ) - warning
20:01:27.0109 2964 omci - detected UnsignedFile.Multi.Generic (1)
20:01:27.0312 2964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:01:27.0484 2964 Parport - ok
20:01:27.0703 2964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:01:27.0890 2964 PartMgr - ok
20:01:28.0031 2964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:01:28.0218 2964 ParVdm - ok
20:01:28.0343 2964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:01:28.0515 2964 PCI - ok
20:01:28.0640 2964 PCIDump - ok
20:01:28.0718 2964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:01:28.0875 2964 PCIIde - ok
20:01:29.0000 2964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:01:29.0171 2964 Pcmcia - ok
20:01:29.0312 2964 PDCOMP - ok
20:01:29.0375 2964 PDFRAME - ok
20:01:29.0500 2964 PDRELI - ok
20:01:29.0531 2964 PDRFRAME - ok
20:01:29.0656 2964 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
20:01:29.0828 2964 perc2 - ok
20:01:29.0968 2964 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
20:01:30.0140 2964 perc2hib - ok
20:01:30.0328 2964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:01:30.0484 2964 PptpMiniport - ok
20:01:30.0625 2964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:01:30.0796 2964 Processor - ok
20:01:30.0937 2964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:01:31.0093 2964 PSched - ok
20:01:31.0312 2964 pssnap (ac7bd82678401a89cc80359806c80364) C:\WINDOWS\system32\DRIVERS\pssnap.sys
20:01:31.0343 2964 pssnap - ok
20:01:31.0531 2964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:01:31.0703 2964 Ptilink - ok
20:01:31.0843 2964 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
20:01:32.0000 2964 ql1080 - ok
20:01:32.0140 2964 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
20:01:32.0312 2964 Ql10wnt - ok
20:01:32.0515 2964 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
20:01:32.0703 2964 ql12160 - ok
20:01:32.0859 2964 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
20:01:33.0031 2964 ql1240 - ok
20:01:33.0203 2964 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
20:01:33.0359 2964 ql1280 - ok
20:01:33.0531 2964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:01:33.0687 2964 RasAcd - ok
20:01:33.0859 2964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:01:34.0031 2964 Rasl2tp - ok
20:01:34.0203 2964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:01:34.0359 2964 RasPppoe - ok
20:01:34.0531 2964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:01:34.0703 2964 Raspti - ok
20:01:34.0828 2964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:01:35.0015 2964 Rdbss - ok
20:01:35.0171 2964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:01:35.0343 2964 RDPCDD - ok
20:01:35.0500 2964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:01:35.0687 2964 rdpdr - ok
20:01:35.0843 2964 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:01:35.0890 2964 RDPWD - ok
20:01:36.0078 2964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:01:36.0250 2964 redbook - ok
20:01:36.0406 2964 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
20:01:36.0406 2964 Revoflt - ok
20:01:36.0609 2964 SASDIFSV - ok
20:01:36.0625 2964 SASKUTIL - ok
20:01:36.0812 2964 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
20:01:36.0828 2964 SBRE - ok
20:01:36.0921 2964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:01:37.0093 2964 Secdrv - ok
20:01:37.0281 2964 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:01:37.0468 2964 serenum - ok
20:01:37.0656 2964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:01:37.0828 2964 Serial - ok
20:01:38.0031 2964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:01:38.0171 2964 Sfloppy - ok
20:01:38.0312 2964 Simbad - ok
20:01:38.0453 2964 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
20:01:38.0640 2964 sisagp - ok
20:01:38.0796 2964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:01:38.0937 2964 SLIP - ok
20:01:39.0156 2964 smwdm (99a9e1ef62f955c82a5001ac94b4b77b) C:\WINDOWS\system32\drivers\smwdm.sys
20:01:39.0234 2964 smwdm - ok
20:01:39.0390 2964 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
20:01:39.0468 2964 Sparrow - ok
20:01:39.0593 2964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:01:39.0765 2964 splitter - ok
20:01:39.0953 2964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:01:40.0125 2964 sr - ok
20:01:40.0328 2964 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:01:40.0437 2964 Srv - ok
20:01:40.0640 2964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:01:40.0796 2964 streamip - ok
20:01:40.0953 2964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:01:41.0109 2964 swenum - ok
20:01:41.0296 2964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:01:41.0468 2964 swmidi - ok
20:01:41.0656 2964 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
20:01:41.0812 2964 symc810 - ok
20:01:41.0968 2964 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
20:01:42.0125 2964 symc8xx - ok
20:01:42.0265 2964 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
20:01:42.0437 2964 sym_hi - ok
20:01:42.0593 2964 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
20:01:42.0765 2964 sym_u3 - ok
20:01:42.0890 2964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:01:43.0062 2964 sysaudio - ok
20:01:43.0187 2964 szkg5 - ok
20:01:43.0218 2964 szkgfs - ok
20:01:43.0390 2964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:01:43.0468 2964 Tcpip - ok
20:01:43.0671 2964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:01:43.0828 2964 TDPIPE - ok
20:01:43.0984 2964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:01:44.0171 2964 TDTCP - ok
20:01:44.0312 2964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:01:44.0484 2964 TermDD - ok
20:01:44.0656 2964 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
20:01:44.0828 2964 TosIde - ok
20:01:45.0015 2964 TrueSight (ddbf8e194041469f26fc6cbc8264beb0) C:\Documents and Settings\Art\Desktop\TrueSight.sys
20:01:45.0031 2964 TrueSight ( UnsignedFile.Multi.Generic ) - warning
20:01:45.0031 2964 TrueSight - detected UnsignedFile.Multi.Generic (1)
20:01:45.0187 2964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:01:45.0359 2964 Udfs - ok
20:01:45.0531 2964 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
20:01:45.0609 2964 ultra - ok
20:01:45.0812 2964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:01:46.0000 2964 Update - ok
20:01:46.0187 2964 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:01:46.0343 2964 usbaudio - ok
20:01:46.0515 2964 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
20:01:46.0625 2964 usbbus - ok
20:01:46.0781 2964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:01:46.0921 2964 usbccgp - ok
20:01:47.0078 2964 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
20:01:47.0125 2964 UsbDiag - ok
20:01:47.0265 2964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:01:47.0421 2964 usbehci - ok
20:01:47.0593 2964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:01:47.0765 2964 usbhub - ok
20:01:47.0906 2964 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
20:01:47.0937 2964 USBModem - ok
20:01:48.0062 2964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:01:48.0218 2964 usbprint - ok
20:01:48.0375 2964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:01:48.0531 2964 usbscan - ok
20:01:48.0671 2964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:01:48.0828 2964 USBSTOR - ok
20:01:49.0000 2964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:01:49.0171 2964 usbuhci - ok
20:01:49.0390 2964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:01:49.0546 2964 VgaSave - ok
20:01:49.0703 2964 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
20:01:49.0890 2964 viaagp - ok
20:01:50.0031 2964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
20:01:50.0203 2964 ViaIde - ok
20:01:50.0390 2964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:01:50.0546 2964 VolSnap - ok
20:01:50.0718 2964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:01:50.0890 2964 Wanarp - ok
20:01:51.0093 2964 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:01:51.0140 2964 Wdf01000 - ok
20:01:51.0281 2964 WDICA - ok
20:01:51.0390 2964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:01:51.0546 2964 wdmaud - ok
20:01:51.0828 2964 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:01:51.0875 2964 WpdUsb - ok
20:01:52.0046 2964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:01:52.0218 2964 WSTCODEC - ok
20:01:52.0406 2964 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:01:52.0468 2964 WudfPf - ok
20:01:52.0656 2964 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:01:52.0687 2964 WudfRd - ok
20:01:52.0750 2964 MBR (0x1B8) (a03e065717cb65f3034ad33ad58b6bba) \Device\Harddisk0\DR0
20:01:52.0812 2964 \Device\Harddisk0\DR0 - ok
20:01:52.0875 2964 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:01:53.0406 2964 \Device\Harddisk1\DR1 - ok
20:01:53.0437 2964 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk2\DR6
20:01:53.0578 2964 \Device\Harddisk2\DR6 - ok
20:01:53.0593 2964 Boot (0x1200) (a0220789848b84cbd8b9c7ab87afe039) \Device\Harddisk0\DR0\Partition0
20:01:53.0593 2964 \Device\Harddisk0\DR0\Partition0 - ok
20:01:53.0640 2964 Boot (0x1200) (83da548994032fc8ec49d79878fcd0c9) \Device\Harddisk1\DR1\Partition0
20:01:53.0656 2964 \Device\Harddisk1\DR1\Partition0 - ok
20:01:53.0671 2964 Boot (0x1200) (20a815073bbd12996a156c09ba3c3047) \Device\Harddisk2\DR6\Partition0
20:01:53.0671 2964 \Device\Harddisk2\DR6\Partition0 - ok
20:01:53.0687 2964 ============================================================
20:01:53.0687 2964 Scan finished
20:01:53.0687 2964 ============================================================
20:01:53.0812 2956 Detected object count: 6
20:01:53.0812 2956 Actual detected object count: 6
20:03:47.0953 2956 DCamUSBDXGTech ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:47.0953 2956 DCamUSBDXGTech ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:47.0968 2956 FileDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:47.0968 2956 FileDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:47.0968 2956 GT890x ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:47.0968 2956 GT890x ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:48.0140 2956 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
20:03:48.0359 2956 Backup copy found, using it..
20:03:48.0406 2956 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
20:03:48.0406 2956 IPSec ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
20:03:48.0406 2956 omci ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:48.0406 2956 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:48.0421 2956 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:48.0421 2956 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:57.0531 2944 Deinitialize success
________________________________________________________________________________________________________________________________




also would we be far enough along for me to safely reconnect to the network and internet

Edited by arwier, 29 September 2011 - 07:20 PM.

  • 0

#7
michaelg9
Posted 30 September 2011 - 06:11 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
No, we're not away from connecting this computer to the computer. After you install an antivirus at step#3 of this post, you may connect to the internet again.


Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.


Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2011/09/23 19:52:02 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Art\Desktop\TrueSight.sys -- (TrueSight)
    O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
    O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found


    :Services
    PCCUJobMgr
    Norton PC Checkup Application Launcher


    :Reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

    [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

    :Files
    c:\windows\$NtUninstallKB27593$
    c:\program files\Ask.com
    c:\program files\Norton PC Checkup
    C:\Program Files\Norton Internet Security

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    /md5start
    ipsec.sys
    /md5stop

  • Click the Quick Scan button. Post the log it produces in your next reply.


Next:


Please download Avast! Home Edition - a very good free AntiVirus - and install it. After that, you may connect to the internet again, but be careful as we're not done yet
If it asks you to do a scan, do not accept as we're going to perform a scan in the next post
  • 0

#8
arwier
Posted 30 September 2011 - 06:29 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
ComboFix 11-09-30.05 - Art 09/30/2011 17:31:44.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1073 [GMT -5:00]
Running from: c:\documents and settings\Art\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Art\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-27 01:52 . 2011-09-27 01:52 -------- d-----w- C:\_OTL
2011-09-24 21:44 . 2011-09-24 21:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webshots
2011-09-24 21:12 . 2011-09-24 21:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2011-09-24 01:19 . 2011-09-24 01:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-09-22 04:29 . 2011-09-22 04:31 -------- d-----w- c:\program files\Jasc Software Inc
2011-09-22 03:06 . 2011-09-22 03:06 -------- d-----w- c:\documents and settings\Art\Application Data\SUPERAntiSpyware.com
2011-09-22 03:06 . 2011-09-22 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-22 02:03 . 2010-11-09 19:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-22 02:03 . 2010-11-09 19:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-09-22 01:42 . 2004-02-10 16:50 155648 ----a-w- c:\windows\system32\igfxres.dll
2011-09-21 12:42 . 2011-09-21 12:42 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-09-19 12:14 . 2011-09-19 12:14 -------- d--h--w- c:\windows\PIF
2011-09-19 11:03 . 2011-09-19 11:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group
2011-09-19 10:47 . 2011-09-19 10:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2011-09-19 10:46 . 2011-09-19 10:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2011-09-19 10:46 . 2011-09-19 10:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2011-09-18 06:26 . 2011-09-18 06:26 -------- d-----w- c:\program files\BitPim
2011-09-16 09:31 . 2011-09-16 09:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-16 09:08 . 2011-09-16 09:08 -------- d-----w- C:\295b6f360e3123054473
2011-09-11 16:22 . 2011-09-11 16:22 -------- d-----w- c:\documents and settings\Art\Application Data\gtk-2.0
2011-09-11 16:22 . 2011-09-11 16:22 -------- d-----w- c:\documents and settings\Art\.thumbnails
2011-09-11 16:21 . 2011-09-22 02:06 -------- d-----w- c:\documents and settings\Art\.gimp-2.6
2011-09-11 16:20 . 2011-09-11 16:20 -------- d-----w- c:\program files\GIMP-2.0
2011-09-11 16:03 . 2011-09-11 16:03 -------- d-----w- c:\documents and settings\Art\Application Data\Preclick
2011-09-09 11:05 . 2011-09-09 11:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2011-09-05 15:29 . 2011-09-05 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2011-09-05 15:28 . 2011-09-05 15:28 -------- d-----w- c:\program files\Macrium
2011-09-05 15:12 . 2011-09-05 15:12 -------- d-----w- C:\temp_hkeo1mr3dck
2011-09-05 15:12 . 2011-09-05 15:12 -------- d-----w- C:\temp_Backupper
2011-09-05 14:57 . 2011-09-05 14:57 160704 ----a-w- c:\windows\Open Source Backup Uninstaller.exe
2011-09-05 14:57 . 2011-09-05 14:57 -------- d-----w- c:\program files\Open Source Backup
2011-09-05 03:00 . 2011-09-05 03:00 276992 --sha-w- C:\EUMONBMP.SYS
2011-09-05 02:53 . 2011-08-06 05:52 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-09-05 02:53 . 2011-08-06 05:52 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-09-05 02:53 . 2011-08-06 05:52 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-09-05 02:53 . 2011-08-06 05:52 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-09-05 02:50 . 2011-09-05 02:50 -------- d-----w- c:\program files\EaseUS
2011-09-04 09:13 . 2011-09-04 09:13 -------- d-----w- c:\program files\Combat Engineer
2011-09-04 09:07 . 2011-09-04 09:07 -------- d-----w- c:\program files\SilverCreekCommonFiles
2011-09-04 09:07 . 2011-09-27 03:12 -------- d-----w- c:\program files\#1 Free Minesweeper
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 01:04 . 2004-03-19 22:38 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-09-09 09:12 . 2002-09-23 15:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2002-11-18 11:27 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-03-19 22:40 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-27_01.32.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-30 00:47 . 2011-09-30 00:47 262144 c:\windows\ERDNT\AutoBackup\9-29-2011\Users\00000002\UsrClass.dat
+ 2011-09-30 00:47 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2011\ERDNT.EXE
+ 2011-09-27 23:36 . 2011-09-27 23:36 262144 c:\windows\ERDNT\AutoBackup\9-27-2011\Users\00000002\UsrClass.dat
+ 2011-09-27 23:36 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\9-27-2011\ERDNT.EXE
+ 2011-09-27 09:09 . 2011-09-27 09:09 711680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\8374c8f256058ae7790d53419a66c014\System.Web.DynamicData.ni.dll
+ 2011-09-30 09:14 . 2011-09-30 09:14 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\0df91adfb9c0e51b7b967d61e8151b78\System.Transactions.ni.dll
- 2011-06-15 10:53 . 2011-06-15 10:53 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\0df91adfb9c0e51b7b967d61e8151b78\System.Transactions.ni.dll
- 2011-06-15 10:53 . 2011-06-15 10:53 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.Wrapper.dll
+ 2011-09-30 09:15 . 2011-09-30 09:15 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.Wrapper.dll
- 2011-06-15 10:53 . 2011-06-15 10:53 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.ni.dll
+ 2011-09-30 09:15 . 2011-09-30 09:15 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.ni.dll
+ 2011-09-30 09:03 . 2011-09-30 09:03 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\8e0296bb72bc508991212f4c60a493a0\ComSvcConfig.ni.exe
- 2011-06-15 10:11 . 2011-06-15 10:11 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\8e0296bb72bc508991212f4c60a493a0\ComSvcConfig.ni.exe
+ 2011-09-30 00:47 . 2011-09-30 00:47 4251648 c:\windows\ERDNT\AutoBackup\9-29-2011\Users\00000001\NTUSER.DAT
+ 2011-09-27 23:36 . 2011-09-27 23:36 4243456 c:\windows\ERDNT\AutoBackup\9-27-2011\Users\00000001\NTUSER.DAT
- 2011-06-15 12:40 . 2011-06-15 12:40 4461568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\eaaa5d5fe5bca41302986ef64dd73f6d\System.Workflow.ComponentModel.ni.dll
+ 2011-09-30 09:14 . 2011-09-30 09:14 4461568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\eaaa5d5fe5bca41302986ef64dd73f6d\System.Workflow.ComponentModel.ni.dll
+ 2011-09-30 09:13 . 2011-09-30 09:13 1895424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\c313e0b2791a2924838c30459ff5f2af\System.Web.Services.ni.dll
- 2011-06-15 10:54 . 2011-06-15 10:54 1895424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\c313e0b2791a2924838c30459ff5f2af\System.Web.Services.ni.dll
+ 2011-09-27 09:06 . 2011-09-27 09:06 3101184 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\cde2bf65e1d7dd62b2b94175776eb2dc\System.Web.Extensions.ni.dll
- 2011-06-15 09:20 . 2011-06-15 09:20 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
+ 2011-09-30 09:15 . 2011-09-30 09:15 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
+ 2011-09-30 09:14 . 2011-09-30 09:14 1193984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\b79b606f95f1a745c1068f4c3c794cab\System.Data.OracleClient.ni.dll
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\6a30cf8.msp
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\1b40ae4.msp
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\17cd539.msp
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\17cb4f0.msp
- 2011-06-15 10:54 . 2011-06-15 10:54 11993088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\b41d16c906e76aae419a021a293ee7ce\System.Web.ni.dll
+ 2011-09-30 09:14 . 2011-09-30 09:14 11993088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\b41d16c906e76aae419a021a293ee7ce\System.Web.ni.dll
- 2011-06-15 12:39 . 2011-06-15 12:39 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
+ 2011-09-30 09:12 . 2011-09-30 09:12 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-06-26 421888]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\Art\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-4-7 157088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HLBackupScheduler]
2010-12-08 09:24 5247624 ----a-w- c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"srservice"=2 (0x2)
"mnmsrvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=3 (0x3)
"Browser"=3 (0x3)
"WSearch"=2 (0x2)
"TrkWks"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"seclogon"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"Dot3svc"=3 (0x3)
"CiSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Art\\Application Data\\mjusbsp\\magicJack.exe"=
"d:\\misc install\\PDFReader_Setup.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Webshots\\3.1.5.7617\\Webshots.scr"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\SYSTEM32\DRIVERS\pssnap.sys [7/1/2011 12:55 PM 16024]
R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [9/21/2011 9:03 PM 98392]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/6/2010 8:51 AM 711352]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/6/2010 8:51 AM 711352]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 8:18 PM 23680]
S3 Revoflt;Revoflt;c:\windows\SYSTEM32\DRIVERS\revoflt.sys [8/8/2010 1:35 PM 27064]
S3 TrueSight;TrueSight;\??\c:\documents and settings\Art\Desktop\TrueSight.sys --> c:\documents and settings\Art\Desktop\TrueSight.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/1/2011 12:55 PM 220824]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 46374448
*Deregistered* - 46374448
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-30 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
- c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2010-04-10 14:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 192.168.1.254
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-46374448.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 17:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-30 17:40:35
ComboFix-quarantined-files.txt 2011-09-30 22:40
ComboFix2.txt 2011-09-28 02:14
.
Pre-Run: 4,301,742,080 bytes free
Post-Run: 4,280,496,128 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B9526B8E5781FB4356841946A8E22D0D
_______________________________________________________________________________________________________________


OTL logfile created on: 9/30/2011 6:00:48 PM - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Art\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 66.12% Memory free
3.60 Gb Paging File | 3.28 Gb Available in Paging File | 91.15% Paging File free
Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 3.98 Gb Free Space | 11.79% Space Free | Partition Type: NTFS
Drive D: | 6.00 Gb Total Space | 1.88 Gb Free Space | 31.27% Space Free | Partition Type: NTFS
Drive G: | 1.86 Gb Total Space | 1.68 Gb Free Space | 90.19% Space Free | Partition Type: FAT

Computer Name: ARTS | User Name: Art | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/30 17:38:08 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
PRC - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/08 13:38:16 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7617\Webshots.scr
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Modules (No Company Name) ==========

MOD - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2006/12/10 22:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 22:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HPBHEALR.DLL
MOD - [2001/05/06 11:14:24 | 000,765,952 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll
MOD - [2001/05/06 11:14:22 | 000,086,093 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll
MOD - [2001/05/06 11:14:22 | 000,053,326 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll
MOD - [2001/05/06 11:14:22 | 000,053,319 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll
MOD - [2001/05/06 11:14:22 | 000,032,841 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll
MOD - [2001/05/06 11:14:22 | 000,028,753 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll
MOD - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (HidServ)
SRV - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - [2011/07/01 12:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys -- (motccgp)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2006/07/24 18:51:34 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2004/03/19 17:41:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2004/03/19 17:41:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/07/24 21:21:10 | 000,334,248 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT891x1.sys -- (DCamUSBDXGTech) Fashion Cam 01 Dual-Mode DSC (Video Camera)
DRV - [2001/07/05 12:13:14 | 000,018,088 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT890X.SYS -- (GT890x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Art\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)


[2011/08/28 16:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\

O1 HOSTS File: ([2011/09/27 21:06:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270494171107 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD92E848-ECFB-4F6D-BD2D-6D9DB5578BF2}: DhcpNameServer = 192.168.2.1 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/30 17:54:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/30 17:53:10 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
[2011/09/30 17:28:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/30 17:26:40 | 004,237,173 | R--- | C] (Swearware) -- C:\Documents and Settings\Art\Desktop\ComboFix.exe
[2011/09/27 21:04:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/26 20:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/26 20:04:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/26 20:04:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/26 20:04:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/26 20:04:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/26 20:03:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/22 01:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Desktop\My Shared Folder
[2011/09/21 23:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jasc Software
[2011/09/21 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2011/09/21 22:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\SUPERAntiSpyware.com
[2011/09/21 22:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/21 21:03:34 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/21 21:03:34 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/09/21 07:42:43 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/09/19 07:14:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/19 07:12:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/09/18 01:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\bitpim
[2011/09/18 01:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitPim
[2011/09/18 01:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim
[2011/09/16 04:08:02 | 000,000,000 | ---D | C] -- C:\295b6f360e3123054473
[2011/09/11 11:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\gtk-2.0
[2011/09/11 11:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\.thumbnails
[2011/09/11 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\gegl-0.0
[2011/09/11 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\.gimp-2.6
[2011/09/11 11:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
[2011/09/11 11:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011/09/11 11:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\Preclick
[2011/09/09 06:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2011/09/05 10:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\My Documents\Reflect
[2011/09/05 10:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/09/05 10:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
[2011/09/05 10:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2011/09/05 10:12:07 | 000,000,000 | ---D | C] -- C:\temp_hkeo1mr3dck
[2011/09/05 10:12:07 | 000,000,000 | ---D | C] -- C:\temp_Backupper
[2011/09/05 09:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Open Source Backup
[2011/09/05 09:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\Open Source Backup
[2011/09/04 21:53:09 | 000,184,072 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2011/09/04 21:53:08 | 000,038,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2011/09/04 21:53:08 | 000,016,008 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2011/09/04 21:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2011/09/04 04:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Combat Engineer
[2011/09/04 04:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\Combat Engineer
[2011/09/04 04:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\#1 Free Minesweeper
[2011/09/04 04:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\SilverCreekCommonFiles
[2011/09/04 04:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\#1 Free Minesweeper
[2005/07/25 15:31:30 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2005/07/25 15:27:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2005/07/25 15:26:58 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2005/07/25 15:25:40 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgih.exe
[2005/07/25 15:25:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2005/07/25 15:25:18 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcoms.exe
[2005/07/25 15:24:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2005/07/25 15:24:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2005/07/25 15:19:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll

========== Files - Modified Within 30 Days ==========

[2011/09/30 17:56:33 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/09/30 17:55:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/09/30 17:55:48 | 1608,585,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/30 17:47:40 | 058,979,456 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\setup_av_free_cnet.exe
[2011/09/30 17:38:08 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
[2011/09/30 17:28:18 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/09/30 17:23:00 | 004,237,173 | R--- | M] (Swearware) -- C:\Documents and Settings\Art\Desktop\ComboFix.exe
[2011/09/30 06:27:52 | 000,000,981 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/09/30 03:07:27 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2011/09/27 21:06:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/09/27 12:11:17 | 000,013,379 | ---- | M] () -- C:\Program Files\QUICKENW.QIF
[2011/09/26 22:06:20 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2011/09/21 23:48:48 | 000,011,407 | ---- | M] () -- C:\Documents and Settings\Art\My Documents\pspbrwse.jbf
[2011/09/21 23:47:47 | 000,001,399 | ---- | M] () -- C:\pspbrwse.jbf
[2011/09/21 21:28:16 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/09/21 21:03:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/21 20:40:33 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Art\NTUSER.bak
[2011/09/21 19:38:52 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\magicJack.lnk
[2011/09/19 18:26:59 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk
[2011/09/19 06:52:09 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/11 12:32:55 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\Art\.recently-used.xbel
[2011/09/11 11:20:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2011/09/05 10:51:33 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk
[2011/09/05 09:57:05 | 000,160,704 | ---- | M] () -- C:\WINDOWS\Open Source Backup Uninstaller.exe
[2011/09/04 22:00:51 | 000,276,992 | -HS- | M] () -- C:\EUMONBMP.SYS
[2011/09/04 04:13:16 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Combat Engineer.lnk
[2011/09/04 04:08:04 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Play Minesweeper.lnk
[2011/09/02 12:46:17 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Outlook.lnk

========== Files Created - No Company Name ==========

[2011/09/30 17:51:19 | 058,979,456 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\setup_av_free_cnet.exe
[2011/09/30 17:28:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/30 17:28:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/27 12:08:09 | 000,013,379 | ---- | C] () -- C:\Program Files\QUICKENW.QIF
[2011/09/26 20:04:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/26 20:04:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/26 20:04:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/26 20:04:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/26 20:04:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/26 19:21:35 | 1608,585,216 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/21 23:48:48 | 000,011,407 | ---- | C] () -- C:\Documents and Settings\Art\My Documents\pspbrwse.jbf
[2011/09/21 23:47:47 | 000,001,399 | ---- | C] () -- C:\pspbrwse.jbf
[2011/09/21 23:32:04 | 000,002,523 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2011/09/21 21:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/11 12:32:55 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\Art\.recently-used.xbel
[2011/09/11 11:20:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2011/09/05 10:28:19 | 000,002,375 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk
[2011/09/05 09:57:05 | 000,160,704 | ---- | C] () -- C:\WINDOWS\Open Source Backup Uninstaller.exe
[2011/09/04 22:00:51 | 000,276,992 | -HS- | C] () -- C:\EUMONBMP.SYS
[2011/09/04 21:53:07 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/09/04 04:13:16 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Combat Engineer.lnk
[2011/09/04 04:08:04 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Play Minesweeper.lnk
[2011/09/02 12:45:40 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\Outlook.lnk
[2011/08/27 23:45:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\GkSui16.EXE
[2011/08/21 11:55:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/21 11:23:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/08/21 11:23:40 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/03/06 17:47:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2011/03/06 17:39:16 | 000,041,016 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/06 17:38:36 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2011/02/26 23:49:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GTCODEC.DLL
[2011/02/26 23:49:17 | 000,000,598 | ---- | C] () -- C:\WINDOWS\FashionCam01.ini
[2011/02/26 23:49:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\AVIMaker.INI
[2011/02/26 21:51:47 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2011/01/23 14:40:32 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2011/01/18 22:50:21 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\Art\Application Data\burnaware.ini
[2010/12/19 12:36:42 | 000,136,210 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/12/19 12:36:08 | 000,010,376 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2010/11/16 18:23:54 | 000,000,613 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2010/10/12 00:15:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/03 08:23:59 | 000,000,300 | ---- | C] () -- C:\WINDOWS\sporting.ini
[2010/09/26 11:08:43 | 000,000,535 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/09/23 20:43:19 | 000,001,243 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2010/09/23 20:39:25 | 000,000,459 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2010/09/21 17:08:01 | 000,006,172 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2010/08/29 06:24:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/08/08 12:20:53 | 002,304,558 | ---- | C] () -- C:\WINDOWS\BrunetteShow.dat
[2010/08/08 12:17:18 | 000,000,571 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2010/08/08 12:17:16 | 003,719,606 | ---- | C] () -- C:\WINDOWS\STRIPSHOW.dat
[2010/08/08 12:17:16 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2010/06/12 20:44:29 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 10:20:15 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\fusioncache.dat
[2010/04/06 08:51:38 | 002,319,536 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/04/06 08:51:17 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/04/06 08:51:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2010/04/06 06:38:48 | 000,000,429 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/04/06 04:01:12 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/04/05 21:58:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/04/05 14:25:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/04/05 07:23:39 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2010/04/05 07:23:37 | 000,000,981 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/04/05 07:23:36 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2008/05/26 22:18:18 | 000,184,832 | ---- | C] () -- C:\WINDOWS\System32\searchprotocolhost.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/07/07 05:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2004/08/31 19:30:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/31 19:26:32 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/08/31 19:22:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/31 19:17:45 | 000,000,139 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/31 19:06:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/08/31 19:04:42 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/08/31 19:04:42 | 000,088,652 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/08/31 19:04:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/31 18:52:26 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/26 15:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/03/20 13:22:58 | 000,611,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/03/20 13:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 12:58:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/20 12:55:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/03/19 17:41:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/03/19 17:41:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/03/19 17:40:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/03/19 17:39:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/03/19 17:39:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/03/19 17:36:56 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/03/19 17:35:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/03 08:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 08:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/07/31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/04/07 07:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2010/09/25 23:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/08/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/08/07 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E222
[2010/04/25 18:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garden Planner
[2011/04/27 07:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/08/21 11:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/09/05 10:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/23 13:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/02/26 23:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/25 23:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011/03/07 21:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/03 19:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/17 13:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager
[2011/02/16 13:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/18 03:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\AGI
[2010/04/06 03:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Auslogics
[2011/06/10 01:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Ewen Chia's My Free Website Builder
[2010/05/01 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Garden Planner
[2011/04/03 17:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\GetRightToGo
[2011/09/11 11:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\gtk-2.0
[2011/09/11 11:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Image Zone Express
[2011/03/06 10:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\iolo
[2011/09/21 19:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\mjusbsp
[2011/09/27 20:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Neopets Toolbar
[2010/10/29 18:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\OpenOffice.org
[2010/10/10 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Opera
[2011/09/11 11:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Preclick
[2011/09/11 10:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Printer Info Cache
[2011/05/19 18:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\SumatraPDF
[2011/08/28 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Tific
[2010/08/11 12:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\VS Revo Group
[2010/04/07 07:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Webshots
[2011/04/12 22:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Desktop Search
[2011/07/28 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Search
[2011/09/30 03:07:27 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: IPSEC.SYS >
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\I386\ipsec.sys
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2011/09/29 20:04:20 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys
[2004/08/04 01:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:307AA992

< End of report >
  • 0

#9
michaelg9
Posted 01 October 2011 - 02:12 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Your logs are looking much better now :) Let's re-install the patched programs:

Upgrading Java:
  • Go here and click Free Java Download
  • It will offer you the latest version of java, download it and install it

Also download Java Runtime Environment and install it.

EaseUS backup program can be re-installed when everything is checked and clean on this machine, in a little. I'll tell you when you can re-install it.



Next:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next:

Click on the Avast ball.
click on Scan Computer
click on Boot-Time Scan
click on Settings
A window will open and near the bottom you will see Ask, click the down arrow and select Move to Chest
Click OK then Schedule Now.
and let it run a scan. It may take hours.


Once it finishes it should load windows.
Find this text file:

C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswBoot.txt

Open it and post its contents here
  • 0

#10
arwier
Posted 01 October 2011 - 03:34 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7840

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/1/2011 12:28:29 PM
mbam-log-2011-10-01 (12-28-29).txt

Scan type: Quick scan
Objects scanned: 187265
Time elapsed: 25 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)
____________________________________________________________________________________________________________

CmdLine - quick
aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast"
CmdLine end
SafeBoot: 0
CreateKbThread
new CKbBuffer
CKbBuffer::Init
CKbBuffer::Init end
NtCreateEvent(g_hStopEvent)
dep_osBeginThread - KbThread
CreateKbThread end
NtInitializeRegistry
KbThread start
ReadRegistry
DATA=C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast
PROG=C:\Program Files\AVAST Software\Avast
BUILD=1289
Microsoft Windows XP Service Pack 3
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
ReadRegistry end
CreateTemp
CreateTemp end
aswcmnbDllMain
cmnbInit
aswEnginDllMain(DLL_PROCESS_ATTACH)
InitLog
InitLog end
CmdLine - full
aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast"
CmdLine end
Program folder: C:\Program Files\AVAST Software\Avast
Engine folder: C:\Program Files\AVAST Software\Avast\defs\11100100
TimeStamp: 4e81fa72
Unschedule
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,61,00,73,00,77,00,42,00,
6F,00,6F,00,74,00,2E,00,65,00,78,00,65,00,20,00,
2F,00,41,00,3A,00,22,00,2A,00,22,00,20,00,2F,00,
4C,00,3A,00,22,00,31,00,30,00,33,00,33,00,22,00,
20,00,2F,00,68,00,65,00,75,00,72,00,3A,00,38,00,
30,00,20,00,2F,00,52,00,41,00,3A,00,61,00,73,00,
6B,00,20,00,2F,00,70,00,75,00,70,00,20,00,2F,00,
61,00,72,00,63,00,68,00,69,00,76,00,65,00,73,00,
20,00,2F,00,49,00,41,00,3A,00,30,00,20,00,2F,00,
4B,00,42,00,44,00,3A,00,32,00,20,00,2F,00,64,00,
69,00,72,00,3A,00,22,00,43,00,3A,00,5C,00,50,00,
72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,
69,00,6C,00,65,00,73,00,5C,00,41,00,56,00,41,00,
53,00,54,00,20,00,53,00,6F,00,66,00,74,00,77,00,
61,00,72,00,65,00,5C,00,41,00,76,00,61,00,73,00,
74,00,22,00,00,00,00,00,
Unschedule end
LoadResources
LoadResources end
InitReport
InitReport end
Global exclusions:
NtSetEvent(g_hInitEvent) - 1
InitKeyboard
g_dwKbdNum: 2
s_dwKbdClassCnt: 2
InitKeyboard end
NtSetEvent(g_hInitEvent) - 2
GetKey
CPU: Phys(1), Log(1), Aff(1), Feat(0000000f)
FreeMemory: 1371570176
avworkInitialize
FreeMemory: 1371877376
CKbBuffer::Wait
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Wait end
ProcessArea
avfilesScanAdd *MBR0
avfilesScanAdd *BOOTC:
Loading raw access support
avfilesScanAdd *RAW:C:\ [Fs: 000700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *BOOTD:
avfilesScanAdd *RAW:D:\ [Fs: 000700ff, NTFS; Dev: 07, 00000020]
avfilesScanRealMulti begin
CKbBuffer::Get
0, 79, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (9): 1
0, 79, 1, 0, 0
CKbBuffer::Get
0, 79, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (9): 1
0, 79, 1, 0, 0
CKbBuffer::Get
0, 79, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (9): 1
0, 79, 1, 0, 0
CKbBuffer::Get
0, 79, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (9): 1
0, 79, 1, 0, 0
CKbBuffer::Get
0, 79, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (9): 1
0, 79, 1, 0, 0
CKbBuffer::Get
0, 79, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (9): 1
0, 79, 1, 0, 0
CKbBuffer::Get
0, 80, 0, 0, 0
GetKey end (2/32)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (9): 2
0, 80, 1, 0, 0
GetErrorText
avfilesScanRealMulti finished
Runtime: 11690828ms
avworkClose
Unloading raw access support
Loading raw access support
Checking deleted files:
MarkFileRemoval
MarkFileRemoval end
TerminateKbThread
GetKey end (?/00)
CloseKeyboard
CloseKeyboard end
KbThread stop
CKbBuffer::~CKbBuffer
CKbBuffer::~CKbBuffer end
aswEnginDllMain(DLL_PROCESS_DETACH)
cmnbFree
FreeResources
CloseReport
CloseLog
  • 0

Advertisements

#11
michaelg9
Posted 01 October 2011 - 03:41 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Did avast find anything? Are there any other logs in the directory you found the avast log?
How's your computer working? Are there any other problems?
  • 0

#12
arwier
Posted 01 October 2011 - 03:53 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
avast! Antirootkit, version 1.0
Scan started: Saturday, October 01, 2011 4:00:08 PM

Process [0]
Process [4]
Process C:\WINDOWS\SYSTEM32\smss.exe [712]
Process C:\WINDOWS\SYSTEM32\csrss.exe [804]
Process C:\WINDOWS\SYSTEM32\winlogon.exe [828]
Process C:\WINDOWS\SYSTEM32\services.exe [872]
Process C:\WINDOWS\SYSTEM32\lsass.exe [884]
Process C:\WINDOWS\SYSTEM32\svchost.exe [1044]
Process C:\WINDOWS\SYSTEM32\svchost.exe [1156]
Process C:\WINDOWS\SYSTEM32\svchost.exe [1252]
Process C:\WINDOWS\SYSTEM32\svchost.exe [1284]
Process C:\WINDOWS\SYSTEM32\svchost.exe [1484]
Process C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1636]
Process C:\WINDOWS\SYSTEM32\spoolsv.exe [200]
Process C:\WINDOWS\SYSTEM32\svchost.exe [720]
Process C:\WINDOWS\explorer.exe [1076]
Process C:\WINDOWS\SYSTEM32\ctfmon.exe [1824]
Process C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1900]
Process C:\Program Files\Java\jre7\bin\jqs.exe [516]
Process C:\WINDOWS\SYSTEM32\svchost.exe [784]
Process C:\WINDOWS\SYSTEM32\svchost.exe [1464]
Process C:\WINDOWS\SYSTEM32\TCPSVCS.EXE [1504]
Process C:\WINDOWS\SYSTEM32\wuauclt.exe [2164]
Process C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2512]
Process C:\WINDOWS\SYSTEM32\alg.exe [2592]
Process C:\WINDOWS\SYSTEM32\hkcmd.exe [3016]
Process C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [3028]
Process C:\Program Files\AVAST Software\Avast\AvastUI.exe [3072]
Process C:\Program Files\Common Files\Java\Java Update\jusched.exe [3080]
Process C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [3088]
Process C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3208]
Process C:\Program Files\OpenOffice.org 3\program\soffice.exe [3448]
Process C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe [3520]
Process C:\Program Files\OpenOffice.org 3\program\soffice.bin [3540]
Process C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe [2472]
Process C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [2692]
Disk 0 MBR
Service .NET CLR Data [???]
Service .NET CLR Networking [???]
Service .NET CLR Networking 4.0.0.0 [???]
Service .NET Data Provider for Oracle [???]
Service .NET Data Provider for SqlServer [???]
Service .NET Memory Cache 4.0 [???]
Service .NETFramework [???]
Service Aavmker4 [C:\WINDOWS\System32\Drivers\Aavmker4.sys]
Service Abiosdsk [C:\WINDOWS\System32\Drivers\Abiosdsk.sys]
Service abp480n5 [C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS]
Service ACPI [C:\WINDOWS\System32\DRIVERS\ACPI.sys]
Service ACPIEC [C:\WINDOWS\System32\Drivers\ACPIEC.sys]
Service adpu160m [C:\WINDOWS\System32\DRIVERS\adpu160m.sys]
Service aeaudio [C:\WINDOWS\system32\drivers\aeaudio.sys]
Service aec [C:\WINDOWS\system32\drivers\aec.sys]
Service AFD [C:\WINDOWS\System32\drivers\afd.sys]
Service agp440 [C:\WINDOWS\System32\DRIVERS\agp440.sys]
Service agpCPQ [C:\WINDOWS\System32\DRIVERS\agpCPQ.sys]
Service Aha154x [C:\WINDOWS\System32\DRIVERS\aha154x.sys]
Service aic78u2 [C:\WINDOWS\System32\DRIVERS\aic78u2.sys]
Service aic78xx [C:\WINDOWS\System32\DRIVERS\aic78xx.sys]
Service Alerter [C:\WINDOWS\system32\alrsvc.dll]
Service ALG [C:\WINDOWS\System32\alg.exe]
Service AliIde [C:\WINDOWS\System32\DRIVERS\aliide.sys]
Service alim1541 [C:\WINDOWS\System32\DRIVERS\alim1541.sys]
Service amdagp [C:\WINDOWS\System32\DRIVERS\amdagp.sys]
Service amsint [C:\WINDOWS\System32\DRIVERS\amsint.sys]
Service AppMgmt [C:\WINDOWS\System32\appmgmts.dll]
Service asc [C:\WINDOWS\System32\DRIVERS\asc.sys]
Service asc3350p [C:\WINDOWS\System32\DRIVERS\asc3350p.sys]
Service asc3550 [C:\WINDOWS\System32\DRIVERS\asc3550.sys]
Service ASP.NET [???]
Service ASP.NET_1.1.4322 [???]
Service ASP.NET_2.0.50727 [???]
Service ASP.NET_4.0.30319 [???]
Service aspnet_state [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe]
Service aswFsBlk [C:\WINDOWS\System32\Drivers\aswFsBlk.sys]
Service aswMon2 [C:\WINDOWS\System32\Drivers\aswMon2.sys]
Service aswRdr [C:\WINDOWS\System32\Drivers\aswRdr.sys]
Service aswSnx [C:\WINDOWS\System32\Drivers\aswSnx.sys]
Service aswSP [C:\WINDOWS\System32\Drivers\aswSP.sys]
Service aswTdi [C:\WINDOWS\System32\Drivers\aswTdi.sys]
Service AsyncMac [C:\WINDOWS\system32\DRIVERS\asyncmac.sys]
Service atapi [C:\WINDOWS\System32\DRIVERS\atapi.sys]
Service Atdisk [C:\WINDOWS\System32\Drivers\Atdisk.sys]
Service Atmarpc [C:\WINDOWS\System32\DRIVERS\atmarpc.sys]
Service AudioSrv [C:\WINDOWS\System32\audiosrv.dll]
Service audstub [C:\WINDOWS\System32\DRIVERS\audstub.sys]
Service avast! Antivirus [C:\Program Files\AVAST Software\Avast\AvastSvc.exe]
Service BattC [???]
Service bcm4sbxp [C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys]
Service Beep [C:\WINDOWS\System32\Drivers\Beep.sys]
Service BITS [C:\WINDOWS\system32\qmgr.dll]
Service Browser [C:\WINDOWS\System32\browser.dll]
Service catchme [C:\DOCUME~1\Art\LOCALS~1\Temp\catchme.sys]
Service cbidf [C:\WINDOWS\System32\DRIVERS\cbidf2k.sys]
Service cbidf2k [C:\WINDOWS\System32\Drivers\cbidf2k.sys]
Service CCDECODE [C:\WINDOWS\System32\DRIVERS\CCDECODE.sys]
Service cd20xrnt [C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys]
Service Cdaudio [C:\WINDOWS\System32\Drivers\Cdaudio.sys]
Service Cdfs [C:\WINDOWS\System32\Drivers\Cdfs.sys]
Service Cdrom [C:\WINDOWS\System32\DRIVERS\cdrom.sys]
Service Changer [C:\WINDOWS\System32\Drivers\Changer.sys]
Service CiSvc [C:\WINDOWS\system32\cisvc.exe]
Service ClipSrv [C:\WINDOWS\system32\clipsrv.exe]
Service clr_optimization_v2.0.50727_32 [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
Service clr_optimization_v4.0.30319_32 [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe]
Service CmBatt [C:\WINDOWS\System32\DRIVERS\CmBatt.sys]
Service CmdIde [C:\WINDOWS\System32\DRIVERS\cmdide.sys]
Service Compbatt [C:\WINDOWS\System32\DRIVERS\compbatt.sys]
Service COMSysApp [C:\WINDOWS\system32\dllhost.exe]
Service ContentFilter [???]
Service ContentIndex [???]
Service Cpqarray [C:\WINDOWS\System32\DRIVERS\cpqarray.sys]
Service CryptSvc [C:\WINDOWS\System32\cryptsvc.dll]
Service dac2w2k [C:\WINDOWS\System32\DRIVERS\dac2w2k.sys]
Service dac960nt [C:\WINDOWS\System32\DRIVERS\dac960nt.sys]
Service DCamUSBDXGTech [C:\WINDOWS\System32\Drivers\GT891x1.SYS]
Service DcomLaunch [C:\WINDOWS\system32\rpcss.dll]
Service Dhcp [C:\WINDOWS\System32\dhcpcsvc.dll]
Service Disk [C:\WINDOWS\System32\DRIVERS\disk.sys]
Service dmadmin [C:\WINDOWS\System32\dmadmin.exe]
Service dmboot [C:\WINDOWS\System32\drivers\dmboot.sys]
Service dmio [C:\WINDOWS\System32\drivers\dmio.sys]
Service dmload [C:\WINDOWS\System32\drivers\dmload.sys]
Service dmserver [C:\WINDOWS\System32\dmserver.dll]
Service DMusic [C:\WINDOWS\system32\drivers\DMusic.sys]
Service Dnscache [C:\WINDOWS\System32\dnsrslvr.dll]
Service Dot3svc [C:\WINDOWS\System32\dot3svc.dll]
Service dot4 [C:\WINDOWS\System32\DRIVERS\Dot4.sys]
Service Dot4Print [C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys]
Service dot4usb [C:\WINDOWS\System32\DRIVERS\dot4usb.sys]
Service dpti2o [C:\WINDOWS\System32\DRIVERS\dpti2o.sys]
Service drmkaud [C:\WINDOWS\system32\drivers\drmkaud.sys]
Service drvmcdb [???]
Service drvncdb [???]
Service drvnddm [???]
Service EapHost [C:\WINDOWS\System32\eapsvc.dll]
Service ERSvc [C:\WINDOWS\System32\ersvc.dll]
Service Eventlog [C:\WINDOWS\system32\services.exe]
Service EventSystem [C:\WINDOWS\System32\es.dll]
Service Fastfat [C:\WINDOWS\System32\Drivers\Fastfat.sys]
Service FastUserSwitchingCompatibility [C:\WINDOWS\System32\shsvcs.dll]
Service Fax [C:\WINDOWS\system32\fxssvc.exe]
Service Fdc [C:\WINDOWS\System32\DRIVERS\fdc.sys]
Service FileDisk [C:\WINDOWS\System32\Drivers\FileDisk.sys]
Service Fips [C:\WINDOWS\System32\Drivers\Fips.sys]
Service Flpydisk [C:\WINDOWS\System32\DRIVERS\flpydisk.sys]
Service FltMgr [C:\WINDOWS\system32\drivers\fltmgr.sys]
Service FontCache3.0.0.0 [c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe]
Service Fs_Rec [C:\WINDOWS\System32\Drivers\Fs_Rec.sys]
Service Ftdisk [C:\WINDOWS\System32\DRIVERS\ftdisk.sys]
Service Gpc [C:\WINDOWS\System32\DRIVERS\msgpc.sys]
Service GT890x [C:\WINDOWS\System32\Drivers\GT890x.SYS]
Service gupdate [C:\Program Files\Google\Update\GoogleUpdate.exe]
Service gupdatem [C:\Program Files\Google\Update\GoogleUpdate.exe]
Service helpsvc [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll]
Service HidServ [C:\WINDOWS\System32\hidserv.dll]
Service HidUsb [C:\WINDOWS\System32\DRIVERS\hidusb.sys]
Service hkmsvc [C:\WINDOWS\System32\kmsvc.dll]
Service hpn [C:\WINDOWS\System32\DRIVERS\hpn.sys]
Service hpqcxs08 [C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll]
Service hpqddsvc [C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll]
Service HPZid412 [C:\WINDOWS\system32\DRIVERS\HPZid412.sys]
Service HPZipr12 [C:\WINDOWS\system32\DRIVERS\HPZipr12.sys]
Service HPZius12 [C:\WINDOWS\system32\DRIVERS\HPZius12.sys]
Service HTTP [C:\WINDOWS\System32\Drivers\HTTP.sys]
Service HTTPFilter [C:\WINDOWS\System32\w3ssl.dll]
Service i2omgmt [C:\WINDOWS\System32\Drivers\i2omgmt.sys]
Service i2omp [C:\WINDOWS\System32\DRIVERS\i2omp.sys]
Service i8042prt [C:\WINDOWS\System32\DRIVERS\i8042prt.sys]
Service ialm [C:\WINDOWS\System32\DRIVERS\ialmnt5.sys]
Service ICSharing [???]
Service idsvc [c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe]
Service Imapi [C:\WINDOWS\System32\DRIVERS\imapi.sys]
Service Imapi Helper [C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe]
Service ImapiHelper [???]
Service ImapiService [C:\WINDOWS\system32\imapi.exe]
Service inetaccs [???]
Service ini910u [C:\WINDOWS\System32\DRIVERS\ini910u.sys]
Service Inport [???]
Service IntelC51 [C:\WINDOWS\System32\DRIVERS\IntelC51.sys]
Service IntelC52 [C:\WINDOWS\System32\DRIVERS\IntelC52.sys]
Service IntelC53 [C:\WINDOWS\System32\DRIVERS\IntelC53.sys]
Service IntelIde [C:\WINDOWS\System32\DRIVERS\intelide.sys]
Service intelppm [C:\WINDOWS\System32\DRIVERS\intelppm.sys]
Service ioloFileInfoList [C:\Program Files\iolo\common\lib\ioloServiceManager.exe]
Service ioloSystemService [C:\Program Files\iolo\common\lib\ioloServiceManager.exe]
Service ip6fw [C:\WINDOWS\system32\drivers\ip6fw.sys]
Service IpFilterDriver [C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys]
Service IpInIp [C:\WINDOWS\System32\DRIVERS\ipinip.sys]
Service IpNat [C:\WINDOWS\System32\DRIVERS\ipnat.sys]
Service IPSec [C:\WINDOWS\System32\DRIVERS\ipsec.sys]
Service IRENUM [C:\WINDOWS\System32\DRIVERS\irenum.sys]
Service is3srv [C:\WINDOWS\system32\drivers\is3srv.sys]
Service ISAPISearch [???]
Service isapnp [C:\WINDOWS\System32\DRIVERS\isapnp.sys]
Service JavaQuickStarterService [C:\Program Files\Java\jre7\bin\jqs.exe]
Service Kbdclass [C:\WINDOWS\System32\DRIVERS\kbdclass.sys]
Service kmixer [C:\WINDOWS\system32\drivers\kmixer.sys]
Service KSecDD [C:\WINDOWS\System32\Drivers\KSecDD.sys]
Service lanmanserver [C:\WINDOWS\System32\srvsvc.dll]
Service lanmanworkstation [C:\WINDOWS\System32\wkssvc.dll]
Service lbrtfdc [C:\WINDOWS\System32\Drivers\lbrtfdc.sys]
Service ldap [???]
Service LicenseService [???]
Service LmHosts [C:\WINDOWS\System32\lmhsvc.dll]
Service lxcg_device [C:\WINDOWS\system32\lxcgcoms.exe]
Service MBAMProtector [C:\WINDOWS\system32\drivers\mbam.sys]
Service MBAMService [C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe]
Service MDM [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]
Service Messenger [C:\WINDOWS\System32\msgsvc.dll]
Service mnmdd [C:\WINDOWS\System32\Drivers\mnmdd.sys]
Service mnmsrvc [C:\WINDOWS\System32\mnmsrvc.exe]
Service Modem [C:\WINDOWS\System32\Drivers\Modem.sys]
Service MODEMCSA [C:\WINDOWS\system32\drivers\MODEMCSA.sys]
Service mohfilt [C:\WINDOWS\System32\DRIVERS\mohfilt.sys]
Service motccgp [C:\WINDOWS\system32\DRIVERS\motccgp.sys]
Service motccgpfl [C:\WINDOWS\system32\DRIVERS\motccgpfl.sys]
Service motmodem [C:\WINDOWS\system32\DRIVERS\motmodem.sys]
Service motport [C:\WINDOWS\system32\DRIVERS\motport.sys]
Service Mouclass [C:\WINDOWS\System32\DRIVERS\mouclass.sys]
Service mouhid [C:\WINDOWS\System32\DRIVERS\mouhid.sys]
Service MountMgr [C:\WINDOWS\System32\Drivers\MountMgr.sys]
Service mraid35x [C:\WINDOWS\System32\DRIVERS\mraid35x.sys]
Service MRxDAV [C:\WINDOWS\System32\DRIVERS\mrxdav.sys]
Service MRxSmb [C:\WINDOWS\System32\DRIVERS\mrxsmb.sys]
Service MSDTC [C:\WINDOWS\System32\msdtc.exe]
Service MSDTC Bridge 3.0.0.0 [???]
Service MSDTC Bridge 4.0.0.0 [???]
Service Msfs [C:\WINDOWS\System32\Drivers\Msfs.sys]
Service MSIServer [C:\WINDOWS\system32\msiexec.exe]
Service MSKSSRV [C:\WINDOWS\system32\drivers\MSKSSRV.sys]
Service MSPCLOCK [C:\WINDOWS\system32\drivers\MSPCLOCK.sys]
Service MSPQM [C:\WINDOWS\system32\drivers\MSPQM.sys]
Service MSSCNTRS [???]
Service mssmbios [C:\WINDOWS\System32\DRIVERS\mssmbios.sys]
Service MSTEE [C:\WINDOWS\system32\drivers\MSTEE.sys]
Service Mup [C:\WINDOWS\System32\Drivers\Mup.sys]
Service NABTSFEC [C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys]
Service napagent [C:\WINDOWS\System32\qagentrt.dll]
Service NDIS [C:\WINDOWS\System32\Drivers\NDIS.sys]
Service NdisIP [C:\WINDOWS\system32\DRIVERS\NdisIP.sys]
Service NdisTapi [C:\WINDOWS\System32\DRIVERS\ndistapi.sys]
Service Ndisuio [C:\WINDOWS\System32\DRIVERS\ndisuio.sys]
Service NdisWan [C:\WINDOWS\System32\DRIVERS\ndiswan.sys]
Service NDProxy [C:\WINDOWS\System32\Drivers\NDProxy.sys]
Service Net Driver HPZ12 [C:\WINDOWS\System32\HPZinw12.dll]
Service NetBIOS [C:\WINDOWS\System32\DRIVERS\netbios.sys]
Service NetBT [C:\WINDOWS\System32\DRIVERS\netbt.sys]
Service NetDDE [C:\WINDOWS\system32\netdde.exe]
Service NetDDEdsdm [C:\WINDOWS\system32\netdde.exe]
Service Netlogon [C:\WINDOWS\system32\lsass.exe]
Service Netman [C:\WINDOWS\System32\netman.dll]
Service NetTcpPortSharing [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe]
Service Nla [C:\WINDOWS\System32\mswsock.dll]
Service nm [C:\WINDOWS\System32\DRIVERS\NMnt.sys]
Service Npfs [C:\WINDOWS\System32\Drivers\Npfs.sys]
Service Ntfs [C:\WINDOWS\System32\Drivers\Ntfs.sys]
Service NtLmSsp [C:\WINDOWS\System32\lsass.exe]
Service NtmsSvc [C:\WINDOWS\system32\ntmssvc.dll]
Service Null [C:\WINDOWS\System32\Drivers\Null.sys]
Service NwlnkFlt [C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys]
Service NwlnkFwd [C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys]
Service NwlnkIpx [C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys]
Service NwlnkNb [C:\WINDOWS\System32\DRIVERS\nwlnknb.sys]
Service NwlnkSpx [C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys]
Service odserv [C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE]
Service omci [C:\WINDOWS\System32\DRIVERS\omci.sys]
Service ose [C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE]
Service Outlook [???]
Service Parport [C:\WINDOWS\System32\DRIVERS\parport.sys]
Service PartMgr [C:\WINDOWS\System32\Drivers\PartMgr.sys]
Service ParVdm [C:\WINDOWS\System32\Drivers\ParVdm.sys]
Service PCI [C:\WINDOWS\System32\DRIVERS\pci.sys]
Service PCIDump [C:\WINDOWS\System32\Drivers\PCIDump.sys]
Service PCIIde [C:\WINDOWS\System32\DRIVERS\pciide.sys]
Service Pcmcia [C:\WINDOWS\System32\DRIVERS\pcmcia.sys]
Service PDCOMP [C:\WINDOWS\System32\Drivers\PDCOMP.sys]
Service PDFRAME [C:\WINDOWS\System32\Drivers\PDFRAME.sys]
Service PDRELI [C:\WINDOWS\System32\Drivers\PDRELI.sys]
Service PDRFRAME [C:\WINDOWS\System32\Drivers\PDRFRAME.sys]
Service perc2 [C:\WINDOWS\System32\DRIVERS\perc2.sys]
Service perc2hib [C:\WINDOWS\System32\DRIVERS\perc2hib.sys]
Service PerfDisk [???]
Service PerfNet [???]
Service PerfOS [???]
Service PerfProc [???]
Service PlugPlay [C:\WINDOWS\system32\services.exe]
Service Pml Driver HPZ12 [C:\WINDOWS\System32\HPZipm12.dll]
Service PolicyAgent [C:\WINDOWS\system32\lsass.exe]
Service PptpMiniport [C:\WINDOWS\System32\DRIVERS\raspptp.sys]
Service Processor [C:\WINDOWS\System32\DRIVERS\processr.sys]
Service ProtectedStorage [C:\WINDOWS\system32\lsass.exe]
Service PSched [C:\WINDOWS\System32\DRIVERS\psched.sys]
Service pssnap [C:\WINDOWS\system32\DRIVERS\pssnap.sys]
Service Ptilink [C:\WINDOWS\System32\DRIVERS\ptilink.sys]
Service ql1080 [C:\WINDOWS\System32\DRIVERS\ql1080.sys]
Service Ql10wnt [C:\WINDOWS\System32\DRIVERS\ql10wnt.sys]
Service ql12160 [C:\WINDOWS\System32\DRIVERS\ql12160.sys]
Service ql1240 [C:\WINDOWS\System32\DRIVERS\ql1240.sys]
Service ql1280 [C:\WINDOWS\System32\DRIVERS\ql1280.sys]
Service RasAcd [C:\WINDOWS\System32\DRIVERS\rasacd.sys]
Service RasAuto [C:\WINDOWS\System32\rasauto.dll]
Service Rasl2tp [C:\WINDOWS\System32\DRIVERS\rasl2tp.sys]
Service RasMan [C:\WINDOWS\System32\rasmans.dll]
Service RasPppoe [C:\WINDOWS\System32\DRIVERS\raspppoe.sys]
Service Raspti [C:\WINDOWS\System32\DRIVERS\raspti.sys]
Service Rdbss [C:\WINDOWS\System32\DRIVERS\rdbss.sys]
Service RDPCDD [C:\WINDOWS\System32\DRIVERS\RDPCDD.sys]
Service RDPDD [???]
Service rdpdr [C:\WINDOWS\System32\DRIVERS\rdpdr.sys]
Service RDPNP [???]
Service RDPWD [C:\WINDOWS\System32\Drivers\RDPWD.sys]
Service RDSessMgr [C:\WINDOWS\system32\sessmgr.exe]
Service redbook [C:\WINDOWS\System32\DRIVERS\redbook.sys]
Service ReflectService [C:\Program Files\Macrium\Reflect\ReflectService.exe]
Service RemoteAccess [C:\WINDOWS\System32\mprdim.dll]
Service RemoteRegistry [C:\WINDOWS\system32\regsvc.dll]
Service Revoflt [C:\WINDOWS\system32\DRIVERS\revoflt.sys]
Service RpcLocator [C:\WINDOWS\System32\locator.exe]
Service RpcSs [C:\WINDOWS\System32\rpcss.dll]
Service RSVP [C:\WINDOWS\System32\rsvp.exe]
Service SamSs [C:\WINDOWS\system32\lsass.exe]
Service SASDIFSV [C:\DOCUME~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS]
Service SASKUTIL [C:\DOCUME~1\Art\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS]
Service SBRE [C:\WINDOWS\system32\drivers\SBREdrv.sys]
Service SCardSvr [C:\WINDOWS\System32\SCardSvr.exe]
Service Schedule [C:\WINDOWS\system32\schedsvc.dll]
Service ScsiPort [???]
Service Secdrv [C:\WINDOWS\System32\DRIVERS\secdrv.sys]
Service seclogon [C:\WINDOWS\System32\seclogon.dll]
Service SENS [C:\WINDOWS\system32\sens.dll]
Service serenum [C:\WINDOWS\System32\DRIVERS\serenum.sys]
Service Serial [C:\WINDOWS\System32\DRIVERS\serial.sys]
Service ServiceModelEndpoint 3.0.0.0 [???]
Service ServiceModelEndpoint 4.0.0.0 [???]
Service ServiceModelOperation 3.0.0.0 [???]
Service ServiceModelOperation 4.0.0.0 [???]
Service ServiceModelService 3.0.0.0 [???]
Service ServiceModelService 4.0.0.0 [???]
Service Sfloppy [C:\WINDOWS\System32\Drivers\Sfloppy.sys]
Service SharedAccess [C:\WINDOWS\System32\ipnathlp.dll]
Service ShellHWDetection [C:\WINDOWS\System32\shsvcs.dll]
Service Simbad [C:\WINDOWS\System32\Drivers\Simbad.sys]
Service SimpTcp [C:\WINDOWS\System32\tcpsvcs.exe]
Service sisagp [C:\WINDOWS\System32\DRIVERS\sisagp.sys]
Service SLIP [C:\WINDOWS\system32\DRIVERS\SLIP.sys]
Service SMSvcHost 3.0.0.0 [???]
Service SMSvcHost 4.0.0.0 [???]
Service smwdm [C:\WINDOWS\system32\drivers\smwdm.sys]
Service Sparrow [C:\WINDOWS\System32\DRIVERS\sparrow.sys]
Service splitter [C:\WINDOWS\system32\drivers\splitter.sys]
Service Spooler [C:\WINDOWS\system32\spoolsv.exe]
Service sr [C:\WINDOWS\system32\DRIVERS\sr.sys]
Service srservice [C:\WINDOWS\system32\srsvc.dll]
Service Srv [C:\WINDOWS\System32\DRIVERS\srv.sys]
Service SSDPSRV [C:\WINDOWS\System32\ssdpsrv.dll]
Service stisvc [C:\WINDOWS\system32\wiaservc.dll]
Service streamip [C:\WINDOWS\system32\DRIVERS\StreamIP.sys]
Service swenum [C:\WINDOWS\System32\DRIVERS\swenum.sys]
Service swmidi [C:\WINDOWS\system32\drivers\swmidi.sys]
Service SwPrv [C:\WINDOWS\System32\dllhost.exe]
Service swwd [???]
Service symc810 [C:\WINDOWS\System32\DRIVERS\symc810.sys]
Service symc8xx [C:\WINDOWS\System32\DRIVERS\symc8xx.sys]
Service sym_hi [C:\WINDOWS\System32\DRIVERS\sym_hi.sys]
Service sym_u3 [C:\WINDOWS\System32\DRIVERS\sym_u3.sys]
Service sysaudio [C:\WINDOWS\system32\drivers\sysaudio.sys]
Service SysmonLog [C:\WINDOWS\system32\smlogsvc.exe]
Service szkg5 [C:\WINDOWS\system32\DRIVERS\szkg.sys]
Service szkgfs [C:\WINDOWS\system32\drivers\szkgfs.sys]
Service TapiSrv [C:\WINDOWS\System32\tapisrv.dll]
Service Tcpip [C:\WINDOWS\System32\DRIVERS\tcpip.sys]
Service TDPIPE [C:\WINDOWS\System32\Drivers\TDPIPE.sys]
Service TDTCP [C:\WINDOWS\System32\Drivers\TDTCP.sys]
Service TermDD [C:\WINDOWS\System32\DRIVERS\termdd.sys]
Service TermService [C:\WINDOWS\System32\termsrv.dll]
Service Themes [C:\WINDOWS\System32\shsvcs.dll]
Service TlntSvr [C:\WINDOWS\System32\tlntsvr.exe]
Service TosIde [C:\WINDOWS\System32\DRIVERS\toside.sys]
Service TrkWks [C:\WINDOWS\system32\trkwks.dll]
Service TSDDD [???]
Service Udfs [C:\WINDOWS\System32\Drivers\Udfs.sys]
Service UGatherer [???]
Service UGTHRSVC [???]
Service ultra [C:\WINDOWS\System32\DRIVERS\ultra.sys]
Service Update [C:\WINDOWS\System32\DRIVERS\update.sys]
Service upnphost [C:\WINDOWS\System32\upnphost.dll]
Service UPS [C:\WINDOWS\System32\ups.exe]
Service usbaudio [C:\WINDOWS\system32\drivers\usbaudio.sys]
Service usbbus [C:\WINDOWS\system32\DRIVERS\lgusbbus.sys]
Service usbccgp [C:\WINDOWS\System32\DRIVERS\usbccgp.sys]
Service UsbDiag [C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys]
Service usbehci [C:\WINDOWS\System32\DRIVERS\usbehci.sys]
Service usbhub [C:\WINDOWS\System32\DRIVERS\usbhub.sys]
Service USBModem [C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys]
Service usbprint [C:\WINDOWS\System32\DRIVERS\usbprint.sys]
Service usbscan [C:\WINDOWS\System32\DRIVERS\usbscan.sys]
Service USBSTOR [C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS]
Service usbuhci [C:\WINDOWS\System32\DRIVERS\usbuhci.sys]
Service VgaSave [C:\WINDOWS\System32\drivers\vga.sys]
Service viaagp [C:\WINDOWS\System32\DRIVERS\viaagp.sys]
Service ViaIde [C:\WINDOWS\System32\DRIVERS\viaide.sys]
Service VolSnap [C:\WINDOWS\System32\Drivers\VolSnap.sys]
Service VSS [C:\WINDOWS\System32\vssvc.exe]
Service vxd [???]
Service w32time [C:\WINDOWS\system32\w32time.dll]
Service W3SVC [???]
Service Wanarp [C:\WINDOWS\System32\DRIVERS\wanarp.sys]
Service Wdf01000 [C:\WINDOWS\system32\DRIVERS\Wdf01000.sys]
Service WDICA [C:\WINDOWS\System32\Drivers\WDICA.sys]
Service wdmaud [C:\WINDOWS\system32\drivers\wdmaud.sys]
Service WebClient [C:\WINDOWS\System32\webclnt.dll]
Service WebPost [???]
Service Windows Workflow Foundation 3.0.0.0 [???]
Service Windows Workflow Foundation 4.0.0.0 [???]
Service winmgmt [C:\WINDOWS\system32\wbem\WMIsvc.dll]
Service Winsock [C:\WINDOWS\System32\Drivers\Winsock.sys]
Service WinSock2 [???]
Service WinTrust [???]
Service wlidsvc [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE]
Service WmdmPmSN [C:\WINDOWS\system32\MsPMSNSv.dll]
Service Wmi [C:\WINDOWS\System32\advapi32.dll]
Service WmiApRpl [???]
Service WmiApSrv [C:\WINDOWS\System32\wbem\wmiapsrv.exe]
Service WMPNetworkSvc [C:\Program Files\Windows Media Player\WMPNetwk.exe]
Service WpdUsb [C:\WINDOWS\system32\DRIVERS\wpdusb.sys]
Service WPFFontCache_v0400 [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe]
Service wscsvc [C:\WINDOWS\system32\wscsvc.dll]
Service WSearchIdxPi [???]
Service WSTCODEC [C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS]
Service wuauserv [C:\WINDOWS\system32\wuauserv.dll]
Service WudfPf [C:\WINDOWS\system32\DRIVERS\WudfPf.sys]
Service WudfRd [C:\WINDOWS\system32\DRIVERS\wudfrd.sys]
Service WudfSvc [C:\WINDOWS\System32\WUDFSvc.dll]
Service WZCSVC [C:\WINDOWS\System32\wzcsvc.dll]
Service xmlprov [C:\WINDOWS\System32\xmlprov.dll]
Service YahooAUService [C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe]
Service {BCEF58F1-678B-4CF3-81B1-42C9041073AF} [???]
Service {BD92E848-ECFB-4F6D-BD2D-6D9DB5578BF2} [???]

Scan finished: Saturday, October 01, 2011 4:00:29 PM
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------


9/30/2011 7:39:55 PM 00000774: NNTPs RedirectPort: 563
10/1/2011 4:22:21 AM 00000778: Started, Log = 1
10/1/2011 4:22:21 AM 00000778: Build 5.0.1289
10/1/2011 4:22:21 AM 00000778: OS Windows XP Workstation (Service Pack 3)
10/1/2011 4:22:21 AM 00000778: PopListen 127.0.0.1 12110
10/1/2011 4:22:21 AM 00000778: SmtpListen 127.0.0.1 12025
10/1/2011 4:22:21 AM 00000778: ImapListen 127.0.0.1 12143
10/1/2011 4:22:21 AM 00000778: NntpListen 127.0.0.1 12119
10/1/2011 4:22:21 AM 00000778: PopListenSSL 127.0.0.1 12995
10/1/2011 4:22:21 AM 00000778: SmtpListenSSL 127.0.0.1 12465
10/1/2011 4:22:21 AM 00000778: ImapListenSSL 127.0.0.1 12993
10/1/2011 4:22:21 AM 00000778: NntpListenSSL 127.0.0.1 12563
10/1/2011 4:22:22 AM 00000778: AutoRedirect 1
10/1/2011 4:22:22 AM 00000778: IgnoreLocalhost 1
10/1/2011 4:22:22 AM 00000778: POP Start: 1
10/1/2011 4:22:22 AM 00000778: POP RedirectPort: 110
10/1/2011 4:22:22 AM 00000778: SMTP Start: 1
10/1/2011 4:22:22 AM 00000778: SMTP RedirectPort: 25,587
10/1/2011 4:22:22 AM 00000778: IMAP Start: 1
10/1/2011 4:22:22 AM 00000778: IMAP RedirectPort: 143
10/1/2011 4:22:22 AM 00000778: NNTP Start: 1
10/1/2011 4:22:22 AM 00000778: NNTP RedirectPort: 119
10/1/2011 4:22:22 AM 00000778: POPs Start: 1
10/1/2011 4:22:22 AM 00000778: POPs RedirectPort: 995
10/1/2011 4:22:22 AM 00000778: SMTPs Start: 1
10/1/2011 4:22:22 AM 00000778: SMTPs RedirectPort: 465
10/1/2011 4:22:22 AM 00000778: IMAPs Start: 1
10/1/2011 4:22:22 AM 00000778: IMAPs RedirectPort: 993
10/1/2011 4:22:22 AM 00000778: NNTPs Start: 1
10/1/2011 4:22:22 AM 00000778: NNTPs RedirectPort: 563
10/1/2011 3:52:07 PM 00000708: Started, Log = 1
10/1/2011 3:52:07 PM 00000708: Build 5.0.1289
10/1/2011 3:52:07 PM 00000708: OS Windows XP Workstation (Service Pack 3)
10/1/2011 3:52:07 PM 00000708: PopListen 127.0.0.1 12110
10/1/2011 3:52:07 PM 00000708: SmtpListen 127.0.0.1 12025
10/1/2011 3:52:07 PM 00000708: ImapListen 127.0.0.1 12143
10/1/2011 3:52:07 PM 00000708: NntpListen 127.0.0.1 12119
10/1/2011 3:52:07 PM 00000708: PopListenSSL 127.0.0.1 12995
10/1/2011 3:52:07 PM 00000708: SmtpListenSSL 127.0.0.1 12465
10/1/2011 3:52:07 PM 00000708: ImapListenSSL 127.0.0.1 12993
10/1/2011 3:52:07 PM 00000708: NntpListenSSL 127.0.0.1 12563
10/1/2011 3:52:07 PM 00000708: AutoRedirect 1
10/1/2011 3:52:07 PM 00000708: IgnoreLocalhost 1
10/1/2011 3:52:07 PM 00000708: POP Start: 1
10/1/2011 3:52:07 PM 00000708: POP RedirectPort: 110
10/1/2011 3:52:07 PM 00000708: SMTP Start: 1
10/1/2011 3:52:07 PM 00000708: SMTP RedirectPort: 25,587
10/1/2011 3:52:07 PM 00000708: IMAP Start: 1
10/1/2011 3:52:07 PM 00000708: IMAP RedirectPort: 143
10/1/2011 3:52:07 PM 00000708: NNTP Start: 1
10/1/2011 3:52:07 PM 00000708: NNTP RedirectPort: 119
10/1/2011 3:52:07 PM 00000708: POPs Start: 1
10/1/2011 3:52:07 PM 00000708: POPs RedirectPort: 995
10/1/2011 3:52:07 PM 00000708: SMTPs Start: 1
10/1/2011 3:52:07 PM 00000708: SMTPs RedirectPort: 465
10/1/2011 3:52:07 PM 00000708: IMAPs Start: 1
10/1/2011 3:52:07 PM 00000708: IMAPs RedirectPort: 993
10/1/2011 3:52:07 PM 00000708: NNTPs Start: 1
10/1/2011 3:52:07 PM 00000708: NNTPs RedirectPort: 563
10/1/2011 4:38:21 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:22 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:22 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:22 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:22 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:23 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:23 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:23 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:23 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:24 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:24 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:24 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:24 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:25 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:25 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:25 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:25 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:26 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:26 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:26 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:27 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:27 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:27 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:27 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:27 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:28 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:28 PM 000003EC: --POP Mail is clean
10/1/2011 4:38:32 PM 000008E0: --POP Mail is clean
10/1/2011 4:38:32 PM 000008E0: --POP Mail is clean
10/1/2011 4:38:34 PM 000008E0: --POP Mail is clean
10/1/2011 4:38:34 PM 000008E0: --POP Mail is clean
10/1/2011 4:38:35 PM 000008E0: --POP Mail is clean
10/1/2011 4:38:35 PM 000008E0: --POP Mail is clean
10/1/2011 4:38:35 PM 000008E0: --POP Mail is clean
10/1/2011 4:38:35 PM 000008E0: --POP Mail is clean

______________________________________________________________________________________________________________
9/30/2011 7:12:27 PM chest start
9/30/2011 7:39:08 PM chest stop
9/30/2011 7:39:54 PM chest start
10/1/2011 4:21:29 AM chest stop
10/1/2011 4:22:22 AM chest start
10/1/2011 12:36:15 PM chest stop
10/1/2011 3:52:07 PM chest start
________________________________________________________________________________________________________________

9/30/2011 7:19:52 PM Autosandbox candidate: G:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Source: ]
[Opened by: C:\WINDOWS\Explorer.EXE]
--> Result: Not sandboxing (because the file is trusted).

9/30/2011 7:19:54 PM Autosandbox candidate: G:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Source: ]
[Opened by: C:\WINDOWS\Explorer.EXE]
--> Result: Not sandboxing (because the file is trusted).

9/30/2011 7:19:55 PM Autosandbox candidate: G:\Unlocker1.9.1.exe
[Source: ]
[Opened by: C:\WINDOWS\Explorer.EXE]
--> Result: Sandboxing (based on user's decision).

9/30/2011 7:20:29 PM Autosandbox candidate: G:\OTL.exe
[Source: ]
[Opened by: C:\WINDOWS\Explorer.EXE]
--> Result: Sandboxing (based on user's decision).

9/30/2011 7:20:43 PM Autosandbox candidate: G:\OTL.exe
[Source: ]
[Opened by: C:\WINDOWS\Explorer.EXE]
--> Result: Not sandboxing (based on user's decision).

9/30/2011 7:40:16 PM Autosandbox candidate: C:\Program Files\iolo\common\lib\ioloServiceManager.exe
[Source: ]
[Opened by: C:\WINDOWS\system32\services.exe]
--> Result: Not sandboxing (because the file is trusted).

9/30/2011 7:41:53 PM Autosandbox candidate: C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe
[Source: ]
[Opened by: C:\Program Files\iolo\common\lib\ioloServiceManager.exe]
--> Result: Not sandboxing (because the file is trusted).

9/30/2011 7:42:07 PM Autosandbox candidate: C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC PROFESSIONAL\SMTRAYNOTIFY.EXE
[Source: ]
[Opened by: C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe]
--> Result: Not sandboxing (because the file is trusted).

10/1/2011 4:22:36 AM Autosandbox candidate: C:\Program Files\iolo\common\lib\ioloServiceManager.exe
[Source: ]
[Opened by: C:\WINDOWS\system32\services.exe]
--> Result: Not sandboxing (because the file is trusted).

10/1/2011 4:23:47 AM Autosandbox candidate: C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe
[Source: ]
[Opened by: C:\Program Files\iolo\common\lib\ioloServiceManager.exe]
--> Result: Not sandboxing (because the file is trusted).

10/1/2011 4:23:53 AM Autosandbox candidate: C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC PROFESSIONAL\SMTRAYNOTIFY.EXE
[Source: ]
[Opened by: C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe]
--> Result: Not sandboxing (because the file is trusted).

10/1/2011 3:52:24 PM Autosandbox candidate: C:\Program Files\iolo\common\lib\ioloServiceManager.exe
[Source: ]
[Opened by: C:\WINDOWS\system32\services.exe]
--> Result: Not sandboxing (because the file is trusted).

10/1/2011 3:53:42 PM Autosandbox candidate: C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe
[Source: ]
[Opened by: C:\Program Files\iolo\common\lib\ioloServiceManager.exe]
--> Result: Not sandboxing (because the file is trusted).

10/1/2011 3:53:52 PM Autosandbox candidate: C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC PROFESSIONAL\SMTRAYNOTIFY.EXE
[Source: ]
[Opened by: C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe]
--> Result: Not sandboxing (because the file is trusted).

seems to be working very good and haven't seen any other problems as of yet THANK YOU VERY MUCH
  • 0

#13
arwier
Posted 01 October 2011 - 03:56 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
one of them found a number of corrupt recover files and asked to delete them so I did allow it to do that
  • 0

#14
michaelg9
Posted 02 October 2011 - 06:17 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
That's not the scan logs I want. Check here and tell me if there are any logs:

Open avast > Program settings > Reports.


If there are, post them here
  • 0

#15
arwier
Posted 02 October 2011 - 06:58 AM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I am sorry about that I think this is what you wanted

10/01/2011 12:36
Scan of all local drives

File C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\mC06511DpHpB06511\mC06511DpHpB06511.exe.vir is infected by Win32:MalOb-GF [Cryp], Deleted
File C:\Qoobox\Quarantine\C\Documents and Settings\Art\Local Settings\Application Data\Microsoft\nvvsvc.exe.vir is infected by Win32:Downloader-KCD [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccProxy.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccSetMgr.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\SCRIPT~1\SBServ.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\SNDSrvc.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\EaseUS\Todo Backup\bin\Agent.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\SearchIndexer.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wuauclt.exe.vir is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000097.ini is infected by Win32:Malware-gen, Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000098.exe is infected by Win32:MalOb-GF [Cryp], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000112.exe is infected by Win32:Downloader-KCD [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000127.exe is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000128.EXE is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000129.EXE is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000130.EXE is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000131.exe is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000132.exe is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000133.EXE is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000134.EXE is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000135.exe is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000136.exe is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000137.exe is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000138.exe is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000139.exe is infected by Win32:Patched-WQ [Trj], Deleted
File D:\misc install\fdvdcodecs.exe|>$TEMP\rkinstaller.exe is infected by Win32:PUP-gen [PUP], Deleted
File D:\misc install\fdvdcodecs.exe|>$TEMP\rkverify.exe is infected by Win32:Relevant-P [PUP], Deleted
File D:\misc install\FlvPlayerSetup.exe is infected by Win32:PUP-gen [PUP], Deleted
File D:\misc install\hotchix2006.exe|>[Embedded_O#034c00]|>hotchix2006.zip|>hotchix2006.exe Error 42125 {ZIP archive is corrupted.}
File D:\misc install\nearly-nude-1-screensaver.exe|><ResourceDir>\smedia.exe|>[Embedded_I#0714] is infected by Win32:Adware-gen [Adw], Deleted
File D:\misc install\PDFReader_Setup.exe is infected by Win32:Trojan-gen, Deleted
File D:\misc install\sexyss16.exe|><ResourceDir>\smedia.exe|>[Embedded_I#0714] is infected by Win32:Adware-gen [Adw], Deleted
File D:\misc install\sexyss42.exe|><ResourceDir>\smedia.exe|>[Embedded_I#0714] is infected by Win32:Adware-gen [Adw], Deleted
File D:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP16\A0002712.exe|>$TEMP\rkinstaller.exe is infected by Win32:PUP-gen [PUP], Deleted
File D:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP16\A0002712.exe|>$TEMP\rkverify.exe is infected by Win32:Relevant-P [PUP], Deleted
File D:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP16\A0002713.exe is infected by Win32:PUP-gen [PUP], Deleted
File D:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP16\A0002714.exe|><ResourceDir>\smedia.exe|>[Embedded_I#0714] is infected by Win32:Adware-gen [Adw], Deleted
File D:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP16\A0002715.exe is infected by Win32:Trojan-gen, Deleted
File D:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP16\A0002716.exe|><ResourceDir>\smedia.exe|>[Embedded_I#0714] is infected by Win32:Adware-gen [Adw], Deleted
File D:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP16\A0002717.exe|><ResourceDir>\smedia.exe|>[Embedded_I#0714] is infected by Win32:Adware-gen [Adw], Deleted
Number of searched folders: 8770
Number of tested files: 1267290
Number of infected files: 45
_______________________________________________________________________________________________________________

Is that all you were looking for or do you want the rest of the reports there as well
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP