Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Badly Infected Need Help


  • This topic is locked This topic is locked

#1
WhiteLight

WhiteLight

    Member

  • Member
  • PipPip
  • 37 posts
Hi all,

Firstly I thoroughly appreciate any help or advice given as you are not required to do so. I am quite a competent computer user and get called upon to remove viruses quite a lot. Recently I got ask to remove a virus and I am out of options. I don't have an OTL log as I am on my computer now, however I understand that this is required for each new post and I can get one within the next 24 hours.

So the computer is infected with the Windows System Restore Virus, and the additional pop ups that come with it including windows detected a hard drive problem, which comes with multiple delayed write failed pop ups. Windows Corrupt File (The file or directory c:\system volume information\"registry line" corrupt unreadable. Please run Chkdsk) etc. So I booted her up in safe mode with networking in an attmept to install Malwarebytes from usb with an update, and then scan. Installation was successful, however upon updating I get PROGRAM_ERROR_UPDATING 11004, 0, No address found. I followed section N in http://forums.malwar...50 however when doing a quick scan (without updating) about 30 seconds in, Malwarebytes exits and is then unopenable (In safe mode with networking). I can uninstall then re-install to open Malwarebytes but it exits during the scan and still cannot update. So it comes to my attention that there is also an infection that is corrupting the DNS/IP settings of the PC as there is also no internet connection in safe mode with networking. I tried manually updating Malwarebytes (Mbam_rules.exe) installed this over Malwarebytes, however quick scan still randomly exits. Also the PC could boot in safe mode with networking but not safe mode and I could not do a system restore as clicking the next button on my chosen date would not do anything. I also tried connecting the modem directly to the PC and not through the router but I still received the PROGRAM_ERROR_UPDATING 11004 and the internet is not working. Any advice or help that could point me in the right direction would be greatly appreciated! I was thinking along the lines of booting then running rkill to stop the system restore virus, running a rootkit killer and flushing the DNS settings and reseting the router so I can get an update and an uninterrupted scan? Also, the router is still working fine for a wireless connected laptop.

Many thanks!

Edited by WhiteLight, 26 October 2011 - 08:42 PM.

  • 0

Advertisements


#2
WhiteLight

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL.txt

OTL logfile created on: 27/10/2011 9:04:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.48 Mb Total Physical Memory | 641.66 Mb Available Physical Memory | 62.69% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 3.18 Gb Free Space | 2.84% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 2.12 Gb Free Space | 28.45% Space Free | Partition Type: FAT32

Computer Name: C7B9CD6C4F04459 | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\4186091564:3545201926.exe
PRC - [2011/10/27 13:11:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.scr
PRC - [2011/10/26 22:16:27 | 000,344,464 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
PRC - [2011/10/26 20:22:04 | 000,429,968 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\aWffiRBXKTIX.exe
PRC - [2009/10/27 18:36:16 | 001,499,136 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/05/14 16:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/12/31 17:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/06/13 21:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/15 21:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 23:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe
PRC - [2002/04/12 05:47:52 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe
PRC - [2002/03/22 15:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 22:16:27 | 000,344,464 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
MOD - [2011/10/26 20:22:04 | 000,429,968 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\aWffiRBXKTIX.exe
MOD - [2010/06/03 14:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/06 05:40:58 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/21 04:41:10 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/02/27 08:23:18 | 000,522,240 | ---- | M] () -- C:\WINDOWS\system32\splitter.ax
MOD - [2007/02/27 08:22:42 | 000,150,528 | ---- | M] () -- C:\WINDOWS\system32\mkx.dll
MOD - [2007/02/27 08:22:36 | 000,110,592 | ---- | M] () -- C:\WINDOWS\system32\avi.dll
MOD - [2007/02/27 08:22:14 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2007/02/27 08:21:38 | 000,079,360 | ---- | M] () -- C:\WINDOWS\system32\mkzlib.dll
MOD - [2007/02/27 08:21:38 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll
MOD - [2002/04/12 05:47:52 | 000,069,632 | ---- | M] () -- C:\Program Files\Microsoft Hardware\Mouse\IP4xBatt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/01/15 23:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/17 10:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/05/14 16:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/30 19:51:28 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/05/14 16:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 16:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 16:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/03 23:36:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/03/26 16:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/03/26 16:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/03/26 16:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/07/10 15:02:35 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005/09/30 13:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 13:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/17 22:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/02 19:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2003/09/20 09:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/12 05:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/18 00:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 10:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/25 20:26:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/06/22 12:59:11 | 000,000,000 | ---D | M]

[2008/09/16 13:29:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions
[2011/05/27 16:08:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\gtk07cbu.default\extensions
[2009/12/27 15:51:30 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\gtk07cbu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/24 20:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/08 20:58:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/08 20:57:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/08 20:57:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/26 08:51:47 | 000,000,884 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.240.133 www.google.com
O1 - Hosts: 94.63.240.134 www.bing.com
O4 - HKLM..\Run: [aWffiRBXKTIX.exe] C:\Documents and Settings\All Users\Application Data\aWffiRBXKTIX.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTClk\NVRTClk.exe ()
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe File not found
O4 - HKLM..\Run: [POINTER] point32.exe File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183591912784 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3942B7C-3904-4A4E-B910-A5526B1EA5D3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/05 00:14:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/27 21:02:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marc\Recent
[2011/10/26 22:16:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Marc\Start Menu\Programs\System Restore
[2011/10/26 22:12:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Marc\Application Data\Remote
[2011/10/26 22:04:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/26 22:04:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/26 22:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/26 21:06:36 | 009,466,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marc\Desktop\mbam-setup-1.51.1.1800.exe
[2011/10/26 21:00:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Marc\Application Data\Malwarebytes
[2011/10/26 20:54:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/26 20:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/26 20:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/26 08:21:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/26 08:20:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/25 20:25:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/25 19:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Remote
[2011/10/25 19:14:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2033/03/15 13:00:26 | 000,000,128 | ---- | M] () -- C:\tmp2
[2033/03/15 13:00:22 | 000,000,890 | ---- | M] () -- C:\tmp1
[2011/12/10 19:35:44 | 000,047,120 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/27 21:03:03 | 000,000,900 | -H-- | M] () -- C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/27 21:02:18 | 000,017,555 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/27 21:02:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/27 21:02:10 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/27 21:01:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4186091564
[2011/10/27 21:01:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/26 22:16:40 | 000,000,882 | -H-- | M] () -- C:\Documents and Settings\Marc\Desktop\System Restore.lnk
[2011/10/26 22:16:27 | 000,344,464 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/10/26 20:43:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 20:25:11 | 000,000,232 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/26 20:25:11 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/26 20:25:04 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/26 20:22:04 | 000,429,968 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\aWffiRBXKTIX.exe
[2011/10/26 16:42:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/26 09:08:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/25 09:12:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/02 11:25:12 | 000,453,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/02 11:25:12 | 000,076,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2033/03/15 13:00:26 | 000,000,128 | ---- | C] () -- C:\tmp2
[2033/03/15 13:00:22 | 000,000,890 | ---- | C] () -- C:\tmp1
[2011/10/27 21:03:02 | 000,000,900 | -H-- | C] () -- C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/26 22:16:40 | 000,000,882 | -H-- | C] () -- C:\Documents and Settings\Marc\Desktop\System Restore.lnk
[2011/10/26 20:25:11 | 000,000,232 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/26 20:25:11 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/26 20:25:04 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/26 20:24:59 | 000,344,464 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/10/26 20:22:05 | 000,429,968 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\aWffiRBXKTIX.exe
[2011/10/25 19:06:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4186091564
[2011/05/02 00:14:05 | 000,474,848 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/08 21:36:25 | 000,047,120 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/05 10:28:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/06 21:23:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/30 20:02:19 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/06/30 19:45:57 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/04/15 19:55:50 | 000,000,121 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2009/04/15 19:55:50 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2009/04/15 19:55:49 | 000,000,204 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2009/04/15 19:50:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2009/04/15 19:50:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2009/03/29 10:07:17 | 000,000,045 | RH-- | C] () -- C:\WINDOWS\gsc_user.dat
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/06/17 22:10:17 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2008/03/17 21:32:55 | 000,000,570 | ---- | C] () -- C:\WINDOWS\DTOOLS.INI
[2008/02/27 16:15:27 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\Unwise32.exe
[2007/12/28 17:25:07 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/16 17:05:08 | 000,034,584 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2007/11/07 15:49:29 | 000,001,759 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/01 16:34:15 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/01 16:34:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/18 20:12:31 | 000,000,116 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/07/13 11:56:39 | 000,000,671 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/10 15:02:35 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7389.sys
[2007/07/06 20:39:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/06 16:21:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/06 16:21:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/06 16:21:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/06 16:21:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/06 16:21:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/06 16:21:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/06 16:21:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/06 16:21:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/06 16:21:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/06 16:21:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/07/06 16:21:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/06 16:21:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/06 16:21:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/06 16:21:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/06 16:21:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/06 16:21:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/07/06 16:21:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/07/06 16:21:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/06 16:21:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/05 21:05:34 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2007/07/05 21:04:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER310E.ini
[2007/07/05 10:04:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/05 10:03:22 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/05 01:16:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/05 00:27:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/07/05 00:27:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/07/05 00:27:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/05 00:22:50 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\NVRTClk.exe
[2007/07/05 00:22:34 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2007/07/05 00:16:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/05 00:12:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/02/27 08:24:30 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2007/02/27 08:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/27 08:23:36 | 000,104,960 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2007/02/27 08:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/27 08:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/27 08:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/27 08:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/27 08:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/27 08:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/27 08:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2007/02/27 08:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/27 08:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/27 08:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/27 08:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/13 06:21:22 | 001,196,544 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/13 06:21:22 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/13 06:21:22 | 000,125,952 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/13 06:21:22 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/13 06:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/13 06:21:22 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/13 06:21:22 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/13 06:21:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/13 06:21:22 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/13 06:21:22 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/13 06:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/13 06:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/13 06:21:22 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/13 06:21:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/13 06:21:22 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/13 06:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2004/08/04 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 23:00:00 | 000,453,960 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 23:00:00 | 000,076,138 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 23:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 23:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 09:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2002/04/12 05:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/03 13:50:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\rmvpeye.exe
[2001/06/24 17:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[2000/01/31 09:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\4186091564:3545201926.exe

< End of report >

Extras.txt

OTL Extras logfile created on: 27/10/2011 9:04:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.48 Mb Total Physical Memory | 641.66 Mb Available Physical Memory | 62.69% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 3.18 Gb Free Space | 2.84% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 2.12 Gb Free Space | 28.45% Space Free | Partition Type: FAT32

Computer Name: C7B9CD6C4F04459 | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Mick\My Documents\utorrent.exe" = C:\Documents and Settings\Mick\My Documents\utorrent.exe:*:Enabled:utorrent -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Yahoo!\UPnP\yupnpsrv.exe" = C:\Program Files\Yahoo!\UPnP\yupnpsrv.exe:*:Enabled:Yahoo! UPnP AV Media Server
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\SimpleCenter\Home Media Server.exe" = C:\Program Files\SimpleCenter\Home Media Server.exe:*:Disabled:Home Media Server
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe" = C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe" = C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe" = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe:*:Disabled:AutoStartService -- (Panasonic Corporation)
"C:\Program Files\Mozilla Firefox\crashreporter.exe" = C:\Program Files\Mozilla Firefox\crashreporter.exe:*:Disabled:crashreporter -- (Mozilla Foundation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:Microsoft Application Error Reporting -- (Microsoft Corporation)
"C:\Program Files\Microsoft Hardware\Mouse\point32.exe" = C:\Program Files\Microsoft Hardware\Mouse\point32.exe:*:Disabled:Microsoft IntelliPoint -- (Microsoft Corporation)
"C:\Documents and Settings\Owner\Local Settings\Temp\0.6053146868293348.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\0.6053146868293348.exe:*:Disabled:0.6053146868293348
"C:\Documents and Settings\Owner\Local Settings\Temp\rterrd.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\rterrd.exe:*:Disabled:rterrd
"C:\Documents and Settings\Owner\Local Settings\Temp\kghjdfg.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\kghjdfg.exe:*:Disabled:kghjdfg
"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\nvvsvc.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\nvvsvc.exe:*:Disabled:nvvsvc -- ()
"C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe" = C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe:*:Disabled:6DSS92c31Apgjk -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{174BB915-2FE9-4540-9385-96F2E03987EA}_is1" = Video Downloader Suite V2.5.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.30" = NavDesk 7.30
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5505D86-C833-4370-9EAB-ACB4A1D68944}" = MYOB Accounting Plus v16 ED
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F39D312B-3CF2-41F6-A580-09DF9D6C97A3}" = EViews 6 Student Version
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Standard) 6.0.9
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR310 Reference Guide" = ESPR310 Reference Guide
"ESPR310 Software Guide" = ESPR310 Software Guide
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PALISADEBK11" = Palisade Numerical Tools - Book Version
"SOLVERTABLE" = SolverTable for Excel
"SysInfo" = Creative System Information
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/10/2011 6:01:31 AM | Computer Name = C7B9CD6C4F04459 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/10/2011 6:01:38 AM | Computer Name = C7B9CD6C4F04459 | Source = Application Hang | ID = 1001
Description = Fault bucket 1878916232.

Error - 25/10/2011 6:01:50 AM | Computer Name = C7B9CD6C4F04459 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/10/2011 6:04:38 AM | Computer Name = C7B9CD6C4F04459 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/10/2011 5:17:47 PM | Computer Name = C7B9CD6C4F04459 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 25/10/2011 5:25:07 PM | Computer Name = C7B9CD6C4F04459 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10b.ocx, version 10.0.22.87, fault address 0x000a97c8.

Error - 25/10/2011 8:49:52 PM | Computer Name = C7B9CD6C4F04459 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module mshtml.dll, version 7.0.6000.17063, fault address 0x002602a8.

Error - 25/10/2011 9:11:56 PM | Computer Name = C7B9CD6C4F04459 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module mshtml.dll, version 7.0.6000.17063, fault address 0x002602a8.

Error - 26/10/2011 3:26:06 AM | Computer Name = C7B9CD6C4F04459 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.4280, faulting module
unknown, version 0.0.0.0, fault address 0x0019f9b6.

Error - 26/10/2011 5:22:00 AM | Computer Name = C7B9CD6C4F04459 | Source = Application Error | ID = 1000
Description = Faulting application 0.6517500935492442.exe, version 0.0.0.0, faulting
module 0.6517500935492442.exe, version 0.0.0.0, fault address 0x000071a3.

[ System Events ]
Error - 27/10/2011 6:01:48 AM | Computer Name = C7B9CD6C4F04459 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 27/10/2011 6:01:48 AM | Computer Name = C7B9CD6C4F04459 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'netbt.sys' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 27/10/2011 6:01:48 AM | Computer Name = C7B9CD6C4F04459 | Source = Service Control Manager | ID = 7000
Description = The Windows Defender service failed to start due to the following
error: %%5

Error - 27/10/2011 6:01:48 AM | Computer Name = C7B9CD6C4F04459 | Source = Service Control Manager | ID = 7000
Description = The ESET Service service failed to start due to the following error:
%%5

Error - 27/10/2011 6:01:48 AM | Computer Name = C7B9CD6C4F04459 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%0


< End of report >
  • 0

#3
WhiteLight

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Anyone want to add anything??
  • 0

#4
WhiteLight

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Was thinking to remove HDD and scan in another computer with the infected drive as a slave??
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you have the zero access rootkit, it is removable but can sometimes cause system damage


When you download combofix save it to the root C drive and rename to svchost prior to running

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
WhiteLight

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks for the reply!!

But dam, I knew a reply was coming but time was not on my side so I have already acted and I will give you an update.

I removed the infected hard drive and placed it in another computer. After all the drivers auto installed I began a malwarebytes scan (latest update) on the infected drive. As it was scanning bitdefender blocked Rootkit.MBR.Sst.A(Boot image multiple times) as well as Gen:Variant.FakeAlert.93 which was aWffiRBXKTIX.exe which I noticed in the OTL log. During the scan however I believe the PC did a windows update and rebooted as it was at the login screen when I returned I was not happy. Upon logging in windows removal tool said it had removed some malicious files. I then completed another MBAM full scan on the infected drive and here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8042

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/10/2011 11:18:45 AM
mbam-log-2011-10-30 (11-18-45).txt

Scan type: Full scan (E:\|)
Objects scanned: 445512
Time elapsed: 1 hour(s), 33 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\documents and settings\all users\application data\6dss92c31apgjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\system volume information\_restore{9b1749ac-8ba0-4c15-9ffa-b0ffa56d89a4}\RP15\A0018475.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\system volume information\_restore{9b1749ac-8ba0-4c15-9ffa-b0ffa56d89a4}\RP15\A0018483.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\system volume information\_restore{9b1749ac-8ba0-4c15-9ffa-b0ffa56d89a4}\RP15\A0018487.exe (Rootkit.0Access) -> Quarantined and deleted successfully.

Now after reading your post I am a little worried. When restarting the PC I got BSOD after the windows xp loading screen. This kept happening until I removed the infected hard drive. I replaced the infected hardrive back into the original PC and when booting, the PC gets stuck on boot from CD after bios screen. So currently I am looking into the BIOS to make sure the boot settings are correct etc. Should I continue to try and boot her up and run a new OTL?

EDIT: When booting up the infected drive in spare PC it did an automatic chkdsk and also when booting the infected drive up for the first time in the original PC after the MBAM scan I got a CMOS checksum error - Defaults loaded

Edited by WhiteLight, 29 October 2011 - 08:33 PM.

  • 0

#7
WhiteLight

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Ok I managed to fix the settings in the bios and boot into windows. ESET loading pop up shows but does not load and I got an error that windows defender could not start. Also the desktop is not clickable like when the system restore virus was active and there is no desktop icons. I received no pop ups or the fake system restore screen yet. Here is the OTL log file:

OTL logfile created on: 30/10/2011 12:58:35 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.48 Mb Total Physical Memory | 692.58 Mb Available Physical Memory | 67.67% Memory free
2.40 Gb Paging File | 2.20 Gb Available in Paging File | 91.37% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 3.18 Gb Free Space | 2.84% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: C7B9CD6C4F04459 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 13:06:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/10/30 01:54:32 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2009/10/27 18:36:16 | 001,499,136 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/05/14 16:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/12/31 17:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2007/06/13 21:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/15 21:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/04/12 05:47:52 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe
PRC - [2002/03/22 15:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe


========== Modules (No Company Name) ==========

MOD - [2010/06/03 14:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/02/27 08:22:14 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2007/02/27 08:21:38 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll
MOD - [2002/04/12 05:47:52 | 000,069,632 | ---- | M] () -- C:\Program Files\Microsoft Hardware\Mouse\IP4xBatt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2011/10/30 01:54:32 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/01/15 23:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/17 10:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/05/14 16:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/30 19:51:28 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/05/14 16:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 16:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 16:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/03 23:36:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/03/26 16:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/03/26 16:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/03/26 16:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/07/10 15:02:35 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005/09/30 13:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 13:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/17 22:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/02 19:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2003/09/20 09:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/12 05:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/18 00:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 10:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/25 20:26:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/06/22 12:59:11 | 000,000,000 | ---D | M]

[2008/09/10 11:06:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/12/15 13:01:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmxk5pxw.default\extensions
[2010/12/08 21:04:47 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmxk5pxw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/24 20:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/08 20:58:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/08 20:57:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/08 20:57:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/26 08:51:47 | 000,000,884 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.240.133 www.google.com
O1 - Hosts: 94.63.240.134 www.bing.com
O4 - HKLM..\Run: [aWffiRBXKTIX.exe] C:\Documents and Settings\All Users\Application Data\aWffiRBXKTIX.exe File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTClk\NVRTClk.exe ()
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe File not found
O4 - HKLM..\Run: [POINTER] point32.exe File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [volmgr] C:\Documents and Settings\Owner\Application Data\volmgr.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{5D848504-01D2-D17C-F8D1-72F6B4750350}] "C:\Documents and Settings\Owner\Application Data\Niuw\axquzua.exe" File not found
O4 - HKCU..\Run: [4Y3Y0C3AWF7W0DXEEALF] C:\Recycle.Bin\B6232F3ADC4.exe /q File not found
O4 - HKCU..\Run: [CLCKR] "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\nvvsvc.exe" File not found
O4 - HKCU..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s File not found
O4 - HKCU..\Run: [volmgr] C:\Documents and Settings\Owner\Application Data\volmgr.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183591912784 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3942B7C-3904-4A4E-B910-A5526B1EA5D3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Owner\Local Settings\Application Data\2cb082f9\X) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/05 00:14:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2dca5c42-2a6b-11e0-92b2-000fea814095}\Shell - "" = AutoRun
O33 - MountPoints2\{2dca5c42-2a6b-11e0-92b2-000fea814095}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2dca5c42-2a6b-11e0-92b2-000fea814095}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL upgrade.htm
O33 - MountPoints2\{3984e712-1f57-11df-9132-000fea814095}\Shell\AutoRun\command - "" = E:\Launcher.exe
O33 - MountPoints2\{bd574341-2a82-11dc-961e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bd574341-2a82-11dc-961e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bd574341-2a82-11dc-961e-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{c22d9e00-6bbe-11dc-8ced-000fea814095}\Shell - "" = AutoRun
O33 - MountPoints2\{c22d9e00-6bbe-11dc-8ced-000fea814095}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c22d9e00-6bbe-11dc-8ced-000fea814095}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/26 22:04:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/26 22:04:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/26 22:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/26 20:54:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/26 20:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/10/26 20:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\System Restore
[2011/10/26 20:22:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\Yhhece
[2011/10/26 20:22:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\Niuw
[2011/10/26 20:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/26 20:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/26 08:21:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/26 08:20:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/25 19:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Remote
[2011/10/25 19:23:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\Remote
[2011/10/25 19:14:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/25 19:06:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\2cb082f9
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2033/03/15 13:00:26 | 000,000,128 | ---- | M] () -- C:\tmp2
[2033/03/15 13:00:22 | 000,000,890 | ---- | M] () -- C:\tmp1
[2011/12/14 19:43:20 | 003,356,663 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\Never Leave You(Uh Ho) - Stevie Mink.mp3
[2011/12/10 19:35:44 | 000,047,120 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/30 12:55:10 | 000,017,555 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/30 12:55:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/30 12:55:08 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/30 12:54:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/30 01:54:32 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
[2011/10/27 21:01:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4186091564
[2011/10/26 20:43:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 20:25:11 | 000,000,232 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/26 20:25:11 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/26 20:25:10 | 000,000,900 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/26 20:25:10 | 000,000,882 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\System Restore.lnk
[2011/10/26 20:25:04 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/26 16:42:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/26 09:08:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/25 09:12:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/05 22:13:53 | 000,041,984 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/02 11:25:12 | 000,453,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/02 11:25:12 | 000,076,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2033/03/15 13:00:26 | 000,000,128 | ---- | C] () -- C:\tmp2
[2033/03/15 13:00:22 | 000,000,890 | ---- | C] () -- C:\tmp1
[2011/12/14 19:44:39 | 003,356,663 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\Never Leave You(Uh Ho) - Stevie Mink.mp3
[2011/10/26 20:25:11 | 000,000,232 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/26 20:25:11 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/26 20:25:10 | 000,000,900 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/26 20:25:10 | 000,000,882 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\System Restore.lnk
[2011/10/26 20:25:04 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/25 19:06:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4186091564
[2011/05/02 00:14:05 | 000,474,848 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/08 21:36:25 | 000,047,120 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/05 10:28:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/06 21:23:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/30 20:02:19 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/06/30 19:45:57 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/04/15 19:55:50 | 000,000,121 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2009/04/15 19:55:50 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2009/04/15 19:55:49 | 000,000,204 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2009/04/15 19:50:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2009/04/15 19:50:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2009/03/29 10:07:17 | 000,000,045 | RH-- | C] () -- C:\WINDOWS\gsc_user.dat
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/06/17 22:10:17 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2008/03/17 21:32:55 | 000,000,570 | ---- | C] () -- C:\WINDOWS\DTOOLS.INI
[2008/02/27 16:15:27 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\Unwise32.exe
[2007/12/28 17:25:07 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/16 17:05:08 | 000,034,584 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2007/11/07 15:49:29 | 000,001,759 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/01 16:34:15 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/01 16:34:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/18 20:12:31 | 000,000,116 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/07/13 11:56:39 | 000,000,671 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/10 15:02:35 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7389.sys
[2007/07/06 20:50:02 | 000,041,984 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/06 20:39:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/06 16:21:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/06 16:21:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/06 16:21:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/06 16:21:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/06 16:21:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/06 16:21:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/06 16:21:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/06 16:21:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/06 16:21:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/06 16:21:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/07/06 16:21:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/06 16:21:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/06 16:21:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/06 16:21:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/06 16:21:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/06 16:21:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/07/06 16:21:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/07/06 16:21:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/06 16:21:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/05 21:05:34 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2007/07/05 21:04:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER310E.ini
[2007/07/05 10:04:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/05 10:03:22 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/05 01:16:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/05 00:27:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/07/05 00:27:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/07/05 00:27:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/05 00:22:50 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\NVRTClk.exe
[2007/07/05 00:22:34 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2007/07/05 00:16:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/05 00:12:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/02/27 08:24:30 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2007/02/27 08:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/27 08:23:36 | 000,104,960 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2007/02/27 08:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/27 08:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/27 08:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/27 08:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/27 08:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/27 08:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/27 08:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2007/02/27 08:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/27 08:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/27 08:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/27 08:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/13 06:21:22 | 001,196,544 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/13 06:21:22 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/13 06:21:22 | 000,125,952 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/13 06:21:22 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/13 06:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/13 06:21:22 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/13 06:21:22 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/13 06:21:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/13 06:21:22 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/13 06:21:22 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/13 06:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/13 06:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/13 06:21:22 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/13 06:21:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/13 06:21:22 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/13 06:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2004/08/04 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 23:00:00 | 000,453,960 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 23:00:00 | 000,076,138 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 23:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 23:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 09:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2002/04/12 05:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/03 13:50:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\rmvpeye.exe
[2001/06/24 17:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[2000/01/31 09:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

========== LOP Check ==========

[2008/03/25 12:08:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial
[2008/03/20 13:31:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2007/11/05 23:07:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/07/18 20:05:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009/06/22 12:59:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007/09/14 19:55:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/07/06 22:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/06/09 14:56:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/03/31 14:59:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/12/17 10:45:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2011/01/09 13:54:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2008/03/31 15:08:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/07/18 20:12:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2007/07/05 21:07:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/08/04 14:53:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/02/25 17:00:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/06/25 18:38:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/12 15:26:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2011/01/17 21:25:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\LG Electronics
[2011/01/17 22:09:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2011/10/30 01:23:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Niuw
[2008/03/31 15:55:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2007/10/06 20:34:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
[2008/08/14 17:16:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\NSeries
[2008/04/28 14:50:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2011/01/17 22:03:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Panasonic
[2011/01/12 18:23:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2009/03/29 10:08:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Quantitative Micro Software
[2011/10/30 01:23:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Remote
[2007/08/20 22:48:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2011/10/26 20:23:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Yhhece
[2011/10/25 09:12:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\4186091564:3545201926.exe

< End of report >

Edited by WhiteLight, 29 October 2011 - 08:13 PM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Unfortunately if this is not removed properly it can severely damage the system

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [aWffiRBXKTIX.exe] C:\Documents and Settings\All Users\Application Data\aWffiRBXKTIX.exe File not found
    O4 - HKCU..\Run: [{5D848504-01D2-D17C-F8D1-72F6B4750350}] "C:\Documents and Settings\Owner\Application Data\Niuw\axquzua.exe" File not found
    O4 - HKCU..\Run: [4Y3Y0C3AWF7W0DXEEALF] C:\Recycle.Bin\B6232F3ADC4.exe /q File not found
    O4 - HKCU..\Run: [CLCKR] "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\nvvsvc.exe" File not found
    O4 - HKCU..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s File not found
    O4 - HKCU..\Run: [volmgr] C:\Documents and Settings\Owner\Application Data\volmgr.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Owner\Local Settings\Application Data\2cb082f9\X) - File not found
    [2011/10/26 20:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\System Restore
    [2011/10/26 20:22:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\Yhhece
    [2011/10/26 20:22:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\Niuw
    [2011/10/25 19:06:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\2cb082f9
    [2011/10/27 21:01:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4186091564
    [2011/10/26 20:25:11 | 000,000,232 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
    [2011/10/26 20:25:11 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
    [2011/10/26 20:25:11 | 000,000,232 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
    [2011/10/26 20:25:11 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
    [2011/10/26 20:25:10 | 000,000,900 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/10/26 20:25:10 | 000,000,882 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\System Restore.lnk
    [2011/10/26 20:25:04 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
    [2011/10/25 19:06:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4186091564
    @Alternate Data Stream - 816 bytes -> C:\WINDOWS\4186091564:3545201926.exe

    :Reg

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptyjava]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NOW

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
WhiteLight

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thank you so much for the reply!

Can I run these off a usb? As I cannot copy anything onto the desktop. Or should I do these scans in safe mode?

Cheers

Edit: Also I am worried a tad bit worried about connecting the infected PC to my network if I need internet access? Or is the rootkit currently harmless to my router?

Edited by WhiteLight, 30 October 2011 - 06:40 AM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you are using a USB drive then first vaccinate the drive and the host computer with Panda Vaccinate

If using the internet then do not access the other computers on the network until the all clear is given

You can use safe mode with networking
  • 0

Advertisements


#11
WhiteLight

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Panda vaccinate removes the auto run from usb correct? As now I am unable to open the usb drive as there is nothing in the start menu or on the desktop in safe mode and normal boot..
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It replaces the autorun but you should still be able to open and copy to the drive
  • 0

#13
WhiteLight

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Don't worry about previous post administrator in safe mode has my computer in start menu :)
  • 0

#14
WhiteLight

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Haha thanks for the speedy reply, logs on the way!
  • 0

#15
WhiteLight

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here is RK log:

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date : 10/31/2011 00:34:24

Bad processes: 0

Driver: [NOT LOADED]

File attributes restored:
Desktop: Success 4 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 49 / Fail 0
Start menu: Success 73 / Fail 0
User folder: Success 79 / Fail 0
My documents: Success 208 / Fail 0
My favorites: Success 2 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 80636 / Fail 0He
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+3 -- 0x2 --> Restored

Finished : << RKreport[1].txt >>
RKreport[1].txt


Here is OTL:

OTL logfile created on: 31/10/2011 12:40:47 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.48 Mb Total Physical Memory | 829.13 Mb Available Physical Memory | 81.01% Memory free
2.41 Gb Paging File | 2.34 Gb Available in Paging File | 97.23% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 3.21 Gb Free Space | 2.87% Space Free | Partition Type: NTFS

Computer Name: C7B9CD6C4F04459 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 13:06:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/12/31 17:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2007/06/13 21:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2011/10/30 01:54:32 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/01/15 23:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/17 10:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/05/14 16:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/30 19:51:28 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/05/14 16:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 16:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 16:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/03 23:36:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/03/26 16:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/03/26 16:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/03/26 16:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/07/10 15:02:35 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005/09/30 13:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 13:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/17 22:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/02 19:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2003/09/20 09:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/12 05:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/18 00:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 10:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/25 20:26:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/06/22 12:59:11 | 000,000,000 | ---D | M]

[2011/10/24 20:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/08 20:58:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/08 20:57:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/31 00:36:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTClk\NVRTClk.exe ()
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe File not found
O4 - HKLM..\Run: [POINTER] point32.exe File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [volmgr] C:\Documents and Settings\Owner\Application Data\volmgr.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183591912784 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3942B7C-3904-4A4E-B910-A5526B1EA5D3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/05 00:14:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/31 00:36:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/31 00:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/10/31 00:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/10/31 00:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2011/10/31 00:35:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/31 00:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/10/26 22:04:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/26 22:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/26 22:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/26 20:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/10/26 20:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/26 20:53:40 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/26 20:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2011/10/26 20:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011/10/26 20:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/10/26 20:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/26 20:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/26 08:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/26 08:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/25 19:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Remote
[2011/10/25 19:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2033/03/15 13:00:26 | 000,000,128 | ---- | M] () -- C:\tmp2
[2033/03/15 13:00:22 | 000,000,890 | ---- | M] () -- C:\tmp1
[2011/12/10 19:35:44 | 000,047,120 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/31 00:40:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/31 00:39:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/31 00:38:08 | 000,017,555 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/31 00:38:04 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 00:36:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/31 00:35:30 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/30 23:43:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/30 23:27:54 | 000,725,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/10/30 13:06:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/30 01:54:32 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
[2011/10/26 20:39:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/26 16:42:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/26 09:08:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/25 09:12:55 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/02 11:25:12 | 000,453,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/02 11:25:12 | 000,076,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2033/03/15 13:00:26 | 000,000,128 | ---- | C] () -- C:\tmp2
[2033/03/15 13:00:22 | 000,000,890 | ---- | C] () -- C:\tmp1
[2011/10/31 00:35:30 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/31 00:11:46 | 000,725,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/05/02 00:14:05 | 000,474,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/08 21:36:25 | 000,047,120 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/05 10:28:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/06 21:23:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/30 20:02:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/06/30 19:45:57 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/04/15 19:55:50 | 000,000,121 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2009/04/15 19:55:50 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2009/04/15 19:55:49 | 000,000,204 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2009/04/15 19:50:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2009/04/15 19:50:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2009/03/29 10:07:17 | 000,000,045 | R--- | C] () -- C:\WINDOWS\gsc_user.dat
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/06/17 22:10:17 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2008/03/17 21:32:55 | 000,000,570 | ---- | C] () -- C:\WINDOWS\DTOOLS.INI
[2008/02/27 16:15:27 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\Unwise32.exe
[2007/12/28 17:25:07 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/16 17:05:08 | 000,034,584 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2007/11/07 15:49:29 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/01 16:34:15 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/01 16:34:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/18 20:12:31 | 000,000,116 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/07/13 11:56:39 | 000,000,671 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/10 15:02:35 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7389.sys
[2007/07/06 20:39:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/06 16:21:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/06 16:21:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/06 16:21:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/06 16:21:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/06 16:21:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/06 16:21:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/06 16:21:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/06 16:21:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/06 16:21:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/06 16:21:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/07/06 16:21:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/06 16:21:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/06 16:21:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/06 16:21:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/06 16:21:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/06 16:21:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/07/06 16:21:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/07/06 16:21:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/06 16:21:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/05 21:05:34 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2007/07/05 21:04:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER310E.ini
[2007/07/05 10:04:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/05 10:03:22 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/05 01:16:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/05 00:27:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/07/05 00:27:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/07/05 00:27:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/05 00:22:50 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\NVRTClk.exe
[2007/07/05 00:22:34 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2007/07/05 00:16:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/05 00:12:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/02/27 08:24:30 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2007/02/27 08:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/27 08:23:36 | 000,104,960 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2007/02/27 08:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/27 08:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/27 08:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/27 08:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/27 08:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/27 08:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/27 08:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2007/02/27 08:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/27 08:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/27 08:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/27 08:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/13 06:21:22 | 001,196,544 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/13 06:21:22 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/13 06:21:22 | 000,125,952 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/13 06:21:22 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/13 06:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/13 06:21:22 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/13 06:21:22 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/13 06:21:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/13 06:21:22 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/13 06:21:22 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/13 06:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/13 06:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/13 06:21:22 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/13 06:21:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/13 06:21:22 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/13 06:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2004/08/04 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 23:00:00 | 000,453,960 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 23:00:00 | 000,076,138 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 23:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 23:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 09:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2002/04/12 05:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/03 13:50:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\rmvpeye.exe
[2001/06/24 17:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[2000/01/31 09:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

========== LOP Check ==========

[2008/03/25 12:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial
[2008/03/20 13:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2007/11/05 23:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/07/18 20:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009/06/22 12:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007/09/14 19:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/07/06 22:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/06/09 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/03/31 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/12/17 10:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2011/01/09 13:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2011/10/31 00:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2008/03/31 15:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/07/18 20:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2007/07/05 21:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/08/04 14:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/02/25 17:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/06/25 18:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/25 09:12:55 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

I have all of the programs back in start menu (in safe mode) and more desktop icons. Now I couldn't connect to the internet in safe mode with networking, however combofix didn't ask to update (is this because of no internet access?). I agreed to the disclaimer and about 10 seconds later I get a warning about ESET NOD32 Antivirus 4.0 scanner being active. However there is nothing in the system tray and ESET is missing from the final link in start -> program -> ESET -> ESET NOD32 Antivirus -> (Empty). Is there another way to remove it? I am still at the warning screen in combofix.

Edited by WhiteLight, 30 October 2011 - 07:55 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP