Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

allinfree.net - Warned by Google Chrome Visiting for Every Website aft


  • This topic is locked This topic is locked

#1
Phebotalus

Phebotalus

    Member

  • Member
  • PipPip
  • 21 posts
Hi everyone.

I received a link to a video entitled "Russian Guy touching 1000 Breasts". While the link opened, I closed the window but was watching a YouTube video at the same time. A pop-up came up for installing a YouTube and Flash update for the YouTube player, and I didn't think twice and clicked it assuming it was legitimate. Now I highly doubt it was. Every time I visit any site with Google Chrome the same warning message is displayed concerning the site allinfree.net, no matter what site has been visited. I have attached a sample screenshot as google_warning.jpg.

I searched online and found someone complaining of the same problem: https://community.mc.../message/223287 However, detailed steps were not provided as to how to solve the problem.

I ran scans using Avira Free Antivirus, McAffee Stinger, Malwarebytes Anti-Malware, and SUPERAntiSpyware Free Edition to try and clean my computer, however the message was still coming up in Chrome.

While trying to get some more diagnostic information, I ran a scan with DDS but while scanning with GMER, my computer froze, crashed, and re-started. Now the computer runs extremely slowly. I was able to obtain an OTL log which I have copied below.

Please let me know how to proceed. Thank you for your time, help, and input :).

Phebotalus


OTL logfile created on: 1/16/2012 11:40:31 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Leo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.57% Memory free
3.35 Gb Paging File | 2.83 Gb Available in Paging File | 84.44% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 12.67 Gb Free Space | 6.67% Space Free | Partition Type: NTFS
Drive F: | 15.10 Gb Total Space | 14.23 Gb Free Space | 94.23% Space Free | Partition Type: FAT32

Computer Name: NOAM | User Name: Leo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Leo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_65186d77\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_27d12aac\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a1bf9796\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6ce6231c\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_1983c408\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\CTMMACTL.DLL ()
MOD - C:\WINDOWS\system32\PRTMATE.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (bckwfs) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (bckd) -- C:\WINDOWS\system32\drivers\bckd.sys (Blue Coat Systems, Inc.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/09 13:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/09 13:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/20 18:21:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/11 10:48:35 | 000,000,000 | ---D | M]

[2010/02/18 10:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Extensions
[2010/02/18 10:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/20 00:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions
[2009/09/02 13:37:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/28 19:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/12 18:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}-trash
[2009/11/28 19:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\staged-xpis
[2011/12/20 00:13:26 | 000,000,000 | ---D | M] (ASPCA App By We-Care.com) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\[email protected]
[2009/12/23 22:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube Extension = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agmhonoepgcnakccfpidhjehlocaeaaj\1.0.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: We-Care Reminder Lite = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/10/08 22:19:16 | 000,000,836 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 a.exe
O1 - Hosts: 127.0.0.1 b.exe
O1 - Hosts: 127.0.0.1 c.exe
O1 - Hosts: 127.0.0.1 d.exe
O1 - Hosts: 127.0.0.1 e.exe
O1 - Hosts: 127.0.0.1 f.exe
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\Leo\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Registration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.co...IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1158077826781 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://www.cramster....nt/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15026/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.248.154.22 206.248.154.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFD78B7C-5D41-46E8-B436-70C8646554B1}: DhcpNameServer = 206.248.154.22 206.248.154.170
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Leo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/12 10:05:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7cc5d97c-8977-11dd-bbec-0013d3a2ee56}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 11:39:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leo\Desktop\OTL.exe
[2012/01/15 16:56:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Leo\Desktop\dds.scr
[2012/01/14 18:32:42 | 009,027,648 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Leo\Desktop\McAffee Stinger.exe
[2012/01/07 17:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/01/02 12:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/12/20 00:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2011/12/20 00:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Blue Coat K9 Web Protection
[2011/12/20 00:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2005/12/08 10:52:08 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2005/06/18 01:04:56 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 11:23:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leo\Desktop\OTL.exe
[2012/01/16 11:15:10 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-448539723-725345543-1004UA.job
[2012/01/16 10:11:28 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10211102}.CDF
[2012/01/16 10:07:38 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 10:04:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/16 01:37:32 | 000,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/16 01:37:32 | 000,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/16 01:37:32 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/16 01:37:32 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/16 01:37:32 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/16 01:34:45 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10211102}.BAK
[2012/01/15 20:38:32 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\Microsoft Office Word 2003.lnk
[2012/01/15 19:18:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/15 18:15:03 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-448539723-725345543-1004Core.job
[2012/01/15 17:17:51 | 004,423,382 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\google_warning.bmp
[2012/01/15 16:57:59 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\gmer.exe
[2012/01/15 16:56:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Leo\Desktop\dds.scr
[2012/01/15 00:03:42 | 002,159,983 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\InfluencePsychologyPersuasion.rar
[2012/01/14 21:47:38 | 000,000,062 | RH-- | M] () -- C:\Documents and Settings\Leo\Desktop\stinger.opt
[2012/01/14 18:33:05 | 009,027,648 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Leo\Desktop\McAffee Stinger.exe
[2012/01/14 07:08:28 | 000,226,304 | ---- | M] () -- C:\Documents and Settings\Leo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/13 12:50:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 22:56:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/07 17:23:00 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/07 01:17:05 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Leo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/07 01:17:04 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\Google Chrome.lnk
[2012/01/04 16:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/02 12:19:22 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\Microsoft Office Project 2007.lnk
[2011/12/30 01:47:01 | 000,527,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/30 01:47:01 | 000,096,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/21 13:18:41 | 000,255,950 | ---- | M] () -- C:\Documents and Settings\Leo\My Documents\chrome_bookmarks.html
[2011/12/19 13:59:22 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/12/19 13:59:21 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/12/19 13:59:20 | 000,494,816 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/12/19 13:59:19 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/12/19 13:58:56 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/12/19 13:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/12/19 12:56:55 | 000,016,663 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\TA duties DDAH.PDF
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/15 17:17:47 | 004,423,382 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\google_warning.bmp
[2012/01/15 00:05:42 | 002,159,886 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\InfluencePsychologyPersuasion.pdf
[2012/01/15 00:03:28 | 002,159,983 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\InfluencePsychologyPersuasion.rar
[2012/01/14 21:47:38 | 000,000,062 | RH-- | C] () -- C:\Documents and Settings\Leo\Desktop\stinger.opt
[2012/01/13 12:50:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 17:23:00 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/04 16:25:42 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\Microsoft Office Project 2007.lnk
[2011/12/21 13:18:41 | 000,255,950 | ---- | C] () -- C:\Documents and Settings\Leo\My Documents\chrome_bookmarks.html
[2011/12/19 12:56:57 | 000,016,663 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\TA duties DDAH.PDF
[2011/06/01 22:27:37 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/02/19 21:27:54 | 003,614,370 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-436374069-448539723-725345543-1004-0.dat
[2011/02/19 21:27:53 | 000,251,838 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/27 23:16:34 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/27 23:16:30 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/27 23:16:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/16 23:33:11 | 001,382,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/20 19:23:07 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2010/01/30 15:52:27 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/05/27 23:06:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/04 11:39:24 | 000,000,560 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/05/04 11:39:02 | 000,001,432 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/05/04 11:32:28 | 000,053,630 | ---- | C] () -- C:\WINDOWS\hppins02.dat
[2009/05/04 11:32:28 | 000,002,037 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat
[2009/03/03 11:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/01/03 18:47:56 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008/12/21 00:03:02 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/10/10 14:15:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/17 08:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/04 20:02:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/05 21:19:38 | 000,220,160 | ---- | C] () -- C:\WINDOWS\PRINTERS.EXE
[2008/04/05 21:19:38 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PRTMATE.DLL
[2008/03/02 01:10:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/02/01 07:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/12/11 21:23:11 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/12/11 21:23:11 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/12/02 13:43:00 | 000,000,057 | ---- | C] () -- C:\WINDOWS\CATT2.INI
[2007/12/02 13:41:13 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\Winsys.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/14 20:22:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2007/08/14 20:22:39 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2007/08/05 17:20:00 | 000,000,601 | ---- | C] () -- C:\WINDOWS\Sin_Setup.INI
[2007/06/24 20:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/03 10:22:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DLL
[2007/06/03 10:22:06 | 000,000,508 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DAT
[2007/05/05 23:07:21 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/05 23:07:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\4319F7B84B.sys
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 11:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 11:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/10/27 10:41:06 | 000,226,304 | ---- | C] () -- C:\Documents and Settings\Leo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/14 23:50:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2006/09/14 23:49:53 | 000,000,551 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2006/09/14 19:14:07 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/09/14 19:14:07 | 000,000,805 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/09/14 17:52:55 | 000,050,410 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/09/14 16:35:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 19:26:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/12 17:50:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/12 17:49:29 | 000,517,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/09/12 10:39:10 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/09/12 10:28:43 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/09/12 10:25:17 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Leo\Local Settings\Application Data\fusioncache.dat
[2006/09/12 10:07:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/09/12 10:03:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/13 16:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,527,380 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,096,728 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/08 11:24:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/12/08 11:06:14 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/12/08 10:59:34 | 000,293,747 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/12/08 10:54:38 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2005/12/08 10:54:20 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/12/08 10:52:38 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/12/08 10:52:30 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2005/12/08 10:52:30 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2005/12/08 10:52:12 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2005/12/08 10:52:12 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/06/16 17:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/03/21 16:56:12 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2001/03/29 01:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/12/22 02:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/04/13 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2007/05/09 21:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/01/06 12:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/01/11 16:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2006/11/09 21:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/05/23 13:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/11/23 22:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011/10/02 15:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2008/05/01 15:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/12/20 00:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2009/10/08 23:24:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2010/01/02 00:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Auslogics
[2010/12/30 17:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Azureus
[2009/04/13 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Bell
[2009/01/05 17:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Bioshock
[2011/05/23 14:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Blackberry Desktop
[2008/12/24 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Command & Conquer 3 Kane's Wrath
[2008/12/21 19:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2011/03/22 21:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\CoreFTP
[2009/01/06 12:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DAEMON Tools
[2009/04/25 19:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DAEMON Tools Lite
[2009/01/06 12:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DAEMON Tools Pro
[2006/09/14 15:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Dev-Cpp
[2010/12/23 14:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Dropbox
[2008/03/02 01:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DWGeditor
[2011/10/02 16:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\EndNote
[2008/01/25 20:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\FileOpen
[2011/01/09 13:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Local
[2008/03/31 16:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Moyea
[2009/12/12 17:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Nitro PDF
[2011/02/19 14:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Nvu
[2007/08/07 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Opera
[2011/12/19 03:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\PrimoPDF
[2009/01/06 13:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Red Alert 3
[2008/12/21 20:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Red Alert 3 Demo
[2011/05/23 13:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Research In Motion
[2009/12/27 21:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\runic games
[2009/12/20 14:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Smart Recorder
[2010/02/18 10:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Thunderbird
[2012/01/14 22:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\uTorrent
[2011/04/24 12:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Windows Desktop Search
[2011/10/10 19:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Windows Search
[2012/01/15 19:18:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >

Attached Thumbnails

  • google_warning.jpg

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi this looks to be an interesting one

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/10/08 23:24:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Phebotalus

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Essexboy, thanks for your prompt reply.

Here`s the log for OTL. I tried to run it in normal windows but my AntiVirus stopped OTL from clearing the hosts file, so I re-ran it in safe mode and it worked. Log:


OTL logfile created on: 1/16/2012 7:04:35 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Leo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.74% Memory free
3.35 Gb Paging File | 2.92 Gb Available in Paging File | 87.22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 16.45 Gb Free Space | 8.66% Space Free | Partition Type: NTFS

Computer Name: NOAM | User Name: Leo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Leo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_65186d77\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_27d12aac\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a1bf9796\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6ce6231c\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_1983c408\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll ()
MOD - C:\WINDOWS\system32\CTMMACTL.DLL ()
MOD - C:\WINDOWS\system32\PRTMATE.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (bckwfs) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (bckd) -- C:\WINDOWS\system32\drivers\bckd.sys (Blue Coat Systems, Inc.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/09 13:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/09 13:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/20 18:21:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/11 10:48:35 | 000,000,000 | ---D | M]

[2010/02/18 10:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Extensions
[2010/02/18 10:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/20 00:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions
[2009/09/02 13:37:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/28 19:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/12 18:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}-trash
[2009/11/28 19:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\staged-xpis
[2011/12/20 00:13:26 | 000,000,000 | ---D | M] (ASPCA App By We-Care.com) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\[email protected]
[2009/12/23 22:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube Extension = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agmhonoepgcnakccfpidhjehlocaeaaj\1.0.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: We-Care Reminder Lite = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/16 18:49:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\Leo\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Registration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.co...IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1158077826781 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://www.cramster....nt/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15026/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.248.154.22 206.248.154.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFD78B7C-5D41-46E8-B436-70C8646554B1}: DhcpNameServer = 206.248.154.22 206.248.154.170
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Leo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/12 10:05:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7cc5d97c-8977-11dd-bbec-0013d3a2ee56}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 18:17:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/16 18:16:07 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Leo\Desktop\aswMBR.exe
[2012/01/16 11:39:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leo\Desktop\OTL.exe
[2012/01/15 16:56:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Leo\Desktop\dds.scr
[2012/01/14 18:32:42 | 009,027,648 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Leo\Desktop\McAffee Stinger.exe
[2012/01/07 17:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/01/02 12:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/12/20 00:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2011/12/20 00:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Blue Coat K9 Web Protection
[2011/12/20 00:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2005/12/08 10:52:08 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2005/06/18 01:04:56 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2012/01/16 19:18:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/16 19:15:12 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-448539723-725345543-1004UA.job
[2012/01/16 19:01:08 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10211102}.CDF
[2012/01/16 19:00:03 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 18:56:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/16 18:49:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/16 18:15:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-448539723-725345543-1004Core.job
[2012/01/16 18:12:12 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Leo\Desktop\aswMBR.exe
[2012/01/16 12:16:32 | 000,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/16 12:16:32 | 000,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/16 12:16:32 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/16 12:16:32 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/16 12:16:32 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/16 12:13:58 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10211102}.BAK
[2012/01/16 11:23:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leo\Desktop\OTL.exe
[2012/01/15 20:38:32 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\Microsoft Office Word 2003.lnk
[2012/01/15 17:17:51 | 004,423,382 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\google_warning.bmp
[2012/01/15 16:57:59 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\gmer.exe
[2012/01/15 16:56:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Leo\Desktop\dds.scr
[2012/01/15 00:03:42 | 002,159,983 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\InfluencePsychologyPersuasion.rar
[2012/01/14 21:47:38 | 000,000,062 | RH-- | M] () -- C:\Documents and Settings\Leo\Desktop\stinger.opt
[2012/01/14 18:33:05 | 009,027,648 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Leo\Desktop\McAffee Stinger.exe
[2012/01/14 07:08:28 | 000,226,304 | ---- | M] () -- C:\Documents and Settings\Leo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/13 12:50:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 22:56:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/07 17:23:00 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/07 01:17:05 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Leo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/07 01:17:04 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\Google Chrome.lnk
[2012/01/04 16:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/02 12:19:22 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\Microsoft Office Project 2007.lnk
[2011/12/30 01:47:01 | 000,527,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/30 01:47:01 | 000,096,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/21 13:18:41 | 000,255,950 | ---- | M] () -- C:\Documents and Settings\Leo\My Documents\chrome_bookmarks.html
[2011/12/19 13:59:22 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/12/19 13:59:21 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/12/19 13:59:20 | 000,494,816 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/12/19 13:59:19 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/12/19 13:58:56 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/12/19 13:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/12/19 12:56:55 | 000,016,663 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\TA duties DDAH.PDF

========== Files Created - No Company Name ==========

[2012/01/15 17:17:47 | 004,423,382 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\google_warning.bmp
[2012/01/15 00:05:42 | 002,159,886 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\InfluencePsychologyPersuasion.pdf
[2012/01/15 00:03:28 | 002,159,983 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\InfluencePsychologyPersuasion.rar
[2012/01/14 21:47:38 | 000,000,062 | RH-- | C] () -- C:\Documents and Settings\Leo\Desktop\stinger.opt
[2012/01/13 12:50:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 17:23:00 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/04 16:25:42 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\Microsoft Office Project 2007.lnk
[2011/12/21 13:18:41 | 000,255,950 | ---- | C] () -- C:\Documents and Settings\Leo\My Documents\chrome_bookmarks.html
[2011/12/19 12:56:57 | 000,016,663 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\TA duties DDAH.PDF
[2011/06/01 22:27:37 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/02/19 21:27:54 | 003,614,370 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-436374069-448539723-725345543-1004-0.dat
[2011/02/19 21:27:53 | 000,251,838 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/27 23:16:34 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/27 23:16:30 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/27 23:16:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/16 23:33:11 | 001,382,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/20 19:23:07 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2010/01/30 15:52:27 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/05/27 23:06:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/04 11:39:24 | 000,000,560 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/05/04 11:39:02 | 000,001,432 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/05/04 11:32:28 | 000,053,630 | ---- | C] () -- C:\WINDOWS\hppins02.dat
[2009/05/04 11:32:28 | 000,002,037 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat
[2009/03/03 11:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/01/03 18:47:56 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008/12/21 00:03:02 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/10/10 14:15:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/17 08:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/04 20:02:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/05 21:19:38 | 000,220,160 | ---- | C] () -- C:\WINDOWS\PRINTERS.EXE
[2008/04/05 21:19:38 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PRTMATE.DLL
[2008/03/02 01:10:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/02/01 07:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/12/11 21:23:11 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/12/11 21:23:11 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/12/02 13:43:00 | 000,000,057 | ---- | C] () -- C:\WINDOWS\CATT2.INI
[2007/12/02 13:41:13 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\Winsys.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/14 20:22:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2007/08/14 20:22:39 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2007/08/05 17:20:00 | 000,000,601 | ---- | C] () -- C:\WINDOWS\Sin_Setup.INI
[2007/06/24 20:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/03 10:22:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DLL
[2007/06/03 10:22:06 | 000,000,508 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DAT
[2007/05/05 23:07:21 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/05 23:07:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\4319F7B84B.sys
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 11:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 11:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/10/27 10:41:06 | 000,226,304 | ---- | C] () -- C:\Documents and Settings\Leo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/14 23:50:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2006/09/14 23:49:53 | 000,000,551 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2006/09/14 19:14:07 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/09/14 19:14:07 | 000,000,805 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/09/14 17:52:55 | 000,050,410 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/09/14 16:35:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 19:26:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/12 17:50:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/12 17:49:29 | 000,517,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/09/12 10:39:10 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/09/12 10:28:43 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/09/12 10:25:17 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Leo\Local Settings\Application Data\fusioncache.dat
[2006/09/12 10:07:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/09/12 10:03:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/13 16:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,527,380 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,096,728 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/08 11:24:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/12/08 11:06:14 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/12/08 10:59:34 | 000,293,747 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/12/08 10:54:38 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2005/12/08 10:54:20 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/12/08 10:52:38 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/12/08 10:52:30 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2005/12/08 10:52:30 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2005/12/08 10:52:12 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2005/12/08 10:52:12 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/06/16 17:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/03/21 16:56:12 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2001/03/29 01:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/12/22 02:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/04/13 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2007/05/09 21:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/01/06 12:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/01/11 16:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2006/11/09 21:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/05/23 13:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/11/23 22:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011/10/02 15:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2008/05/01 15:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/12/20 00:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2010/01/02 00:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Auslogics
[2010/12/30 17:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Azureus
[2009/04/13 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Bell
[2009/01/05 17:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Bioshock
[2011/05/23 14:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Blackberry Desktop
[2008/12/24 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Command & Conquer 3 Kane's Wrath
[2008/12/21 19:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2011/03/22 21:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\CoreFTP
[2009/01/06 12:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DAEMON Tools
[2009/04/25 19:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DAEMON Tools Lite
[2009/01/06 12:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DAEMON Tools Pro
[2006/09/14 15:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Dev-Cpp
[2010/12/23 14:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Dropbox
[2008/03/02 01:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DWGeditor
[2011/10/02 16:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\EndNote
[2008/01/25 20:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\FileOpen
[2011/01/09 13:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Local
[2008/03/31 16:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Moyea
[2009/12/12 17:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Nitro PDF
[2011/02/19 14:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Nvu
[2007/08/07 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Opera
[2011/12/19 03:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\PrimoPDF
[2009/01/06 13:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Red Alert 3
[2008/12/21 20:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Red Alert 3 Demo
[2011/05/23 13:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Research In Motion
[2009/12/27 21:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\runic games
[2009/12/20 14:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Smart Recorder
[2010/02/18 10:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Thunderbird
[2012/01/14 22:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\uTorrent
[2011/04/24 12:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Windows Desktop Search
[2011/10/10 19:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Windows Search
[2012/01/16 19:18:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >



And now the log for aswMBR. I am using another computer since I do not trust connecting my infected computer to the internet, so I did not download Avast definitions. This was run in normal windows. Log:


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-16 20:52:32
-----------------------------
20:52:32.421 OS Version: Windows 5.1.2600 Service Pack 3
20:52:32.421 Number of processors: 1 586 0x2F02
20:52:32.421 ComputerName: NOAM UserName: Leo
20:52:43.421 Initialize success
20:53:22.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
20:53:22.390 Disk 0 Vendor: Maxtor_6L200R0 BAJ41G20 Size: 194481MB BusType: 3
20:53:22.406 Disk 0 MBR read successfully
20:53:22.406 Disk 0 MBR scan
20:53:22.406 Disk 0 Windows XP default MBR code
20:53:22.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 194466 MB offset 63
20:53:22.437 Disk 0 scanning sectors +398267415
20:53:22.593 Disk 0 scanning C:\WINDOWS\system32\drivers
20:53:58.390 Service scanning
20:54:11.390 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
20:54:11.468 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:54:12.015 Modules scanning
20:54:59.671 Disk 0 trace - called modules:
20:54:59.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spxy.sys >>UNKNOWN [0x8b087938]<<
20:55:00.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b049ab8]
20:55:00.187 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000081[0x8afe2f18]
20:55:00.187 5 ACPI.sys[b7e66620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x8afded98]
20:55:00.187 Scan finished successfully
20:57:24.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Leo\Desktop\MBR.dat"
20:57:24.937 The log file has been saved successfully to "C:\Documents and Settings\Leo\Desktop\aswMBR.txt"


Let me know what to do next. Thanks,

Phebotalus
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The locked file and unknown as reported by aswMBR need a further investigation

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

#5
Phebotalus

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here's the log. It showed two of my e-mails in the LOCKED REGISTRY KEYS section which I put E-MAIL ADDRESS in for privacy reasons, but left the information un-touched.


ComboFix 12-01-17.01 - Leo 01/17/2012 13:36:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1531 [GMT -5:00]
Running from: c:\documents and settings\Leo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Leo\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Leo\Application Data\Local
c:\documents and settings\Leo\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Leo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\Leo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\documents and settings\Leo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\documents and settings\Leo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Leo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\GOS.mp4(2).ddp
c:\documents and settings\Leo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\GOS.mp4.ddp
c:\documents and settings\Leo\WINDOWS
C:\install.exe
C:\Thumbs.db
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Winsys.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-16 23:17 . 2012-01-16 23:17 -------- d-----w- C:\_OTL
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-01-02 17:16 . 2012-01-03 07:40 -------- d-----w- c:\program files\Microsoft Works
2011-12-20 05:14 . 2012-01-02 17:10 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2011-12-20 05:13 . 2011-12-20 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 22:57 . 2011-08-12 21:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 18:59 . 2010-06-01 23:00 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2010-06-01 23:00 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2010-06-04 15:55 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2010-06-01 23:00 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-10-20 22:45 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2010-06-01 23:00 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-10 20:24 . 2009-04-19 18:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 23:28 . 2011-10-21 02:51 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-25 21:57 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-02-28 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2006-02-28 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2006-02-28 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2006-02-28 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 81920]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 77892]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Leo\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Registration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-01-13 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-09-17 01:14 153608 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SolidWorks Licensing Service"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3724:TCP"= 3724:TCP:WOW
"6112:TCP"= 6112:TCP:BlizDown
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/8/2009 11:24 PM 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/26/2006 8:00 PM 721904]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/20/2011 9:51 PM 36000]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [6/10/2011 4:41 PM 86544]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 10:55 AM 494816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 6:00 PM 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 10:42 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/15/2010 10:16 AM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/20/2011 9:51 PM 86224]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [6/10/2011 4:41 PM 1575184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [4/24/2011 12:52 PM 2253120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-7151 v1.10\HwIOctl.sys --> c:\program files\Setup Files\MS-7151 v1.10\HwIOctl.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-448539723-725345543-1004Core.job
- c:\documents and settings\Leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-19 17:54]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-448539723-725345543-1004UA.job
- c:\documents and settings\Leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-19 17:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: DhcpNameServer = 206.248.154.22 206.248.154.170
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AtiExtEvent - (no file)
AddRemove-Dev-C++ 4 - c:\dev-c++\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 13:54
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-436374069-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-436374069-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail\E-MAIL ADDRESS]
"MessageCount"=dword:00000006
"TimeStamp"=hex:34,77,0a,ff,8f,3e,cb,01
"Application"="http://www.hotmail.com/"
.
[HKEY_USERS\S-1-5-21-436374069-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail\E-MAIL ADDRESS]
"MessageCount"=dword:00000000
"TimeStamp"=hex:62,19,b7,64,d0,d3,cc,01
"Application"="\"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe\" -profile \"c:\\Documents and Settings\\Leo\\Application Data\\Thunderbird\\Profiles\\twmebhpw.default\" -mail"
.
[HKEY_USERS\S-1-5-21-436374069-448539723-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:aa,44,32,ba,6f,2a,21,fd,f1,ed,66,55,d4,d9,35,45,20,97,61,ab,ab,
a1,87,52,93,4c,57,8f,7c,65,0d,0a,c2,99,7b,e5,78,4e,4f,c1,ae,88,5f,ad,7b,f9,\
"rkeysecu"=hex:bb,7e,4c,90,e9,de,b4,05,cc,b6,e7,75,96,41,c6,95
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(728)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-01-17 14:01:13
ComboFix-quarantined-files.txt 2012-01-17 19:00
.
Pre-Run: 17,528,795,136 bytes free
Post-Run: 17,468,833,792 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 39A3FF08827E84605F75ED3CD2FF315E
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now run a check for redirects please

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
Phebotalus

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
No malicious items detected!



Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.17.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Leo :: NOAM [administrator]

1/17/2012 3:18:35 PM
mbam-log-2012-01-17 (15-18-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194530
Time elapsed: 19 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
And the redirect issue ?
  • 0

#9
Phebotalus

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Sorry, redirect issue is still present, computer is also running extremely sluggishly still as well.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the redirects only in Chrome ?
  • 0

Advertisements


#11
Phebotalus

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Chrome presents the warning message I originally attached in my first post. If I click "go to the page anyway" I don't actually see the allinfree.net site, I go to the site I roginally intended to go to (address I typed in). So, I assume the malware may be trying to route information past this address.

In Internet Explorer I tried a few sites and didn't see any type of warning message about a re-direct, but I do not know if IE displays this type of message if a re-direct occurs.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it is hiding in a java script somewhere within chrome

So first could you go here and empty all of the caches

Then go here and disable all the extensions temporarily - do the redirects cease ?


Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear.

    Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  • 0

#13
Phebotalus

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Now we're getting somewhere.

First, emptied the cache.

Then I looked at my extensions and noted something about "We-care Reminder Lite". I immediately deleted this because I do not remember installing anything of this nature. Re-directs still occur after un-installing this.

The other extensions are 2 for DivX, 1 for Skype, and 1 for a YouTube extension. I disabled these and the redirects ceased. I am very suspect of the YouTube extension because of the nature of the problem I described in my OP. However, I will wait to delete this one until after your feedback from the scan:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:36 on 17/01/2012 (Leo)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [20:02 06/08/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [21:24 06/10/2007]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [14:58 08/10/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [15:49 13/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [21:50 11/05/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [04:06 11/06/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [15:14 12/10/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [01:00 07/11/2009]

C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\
staged-xpis [00:51 29/11/2009]
[email protected] [05:13 20/12/2011]
{20a82645-c095-46ed-80e3-08825760534b} [18:37 02/09/2009]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [00:51 29/11/2009]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7}-trash [23:49 12/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [17:54 09/04/2009]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video" [18:42 09/01/2011]
"{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa" [18:42 09/01/2011]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [15:14 12/10/2009]

-=E.O.F=-
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK process of elimination now.. I too suspect the youtube one

So re-enable the extensions one at a time and then check for redirects between enabling
As soon as they re-appear disable the one you just started to confirm they have stopped

Once you have confirmation let me know which one it is and I will use OTL to remove it permanently
  • 0

#15
Phebotalus

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
It's definitely the YouTube one.

Could you please help me get rid of it, and also any remnants of the We-Care Reminder lite extension? Perhaps I was a bit too hasty removing it myself, but it just struck me as something too odd to leave.

Let me know as well if I should remove the YouTube extension in the same method as per the We-Care Reminder (i.e. by clicking remove on the Chrome extensions page).
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP