Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How do I get rid of this NTOSKRNL-HOOK trojan [Solved]

Started by Master Spade , Jul 14 2009 03:29 PM

  • This topic is locked This topic is locked

#16
Master Spade
Posted 21 July 2009 - 07:25 PM

Master Spade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
This is the Second report from Step 2:

OTL logfile created on: 7/21/2009 8:11:29 PM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\Jaime\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.26% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 415.03 Gb Free Space | 89.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 293.40 Gb Total Space | 57.53 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAIME-D41F31405
Current User Name: Jaime
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/11/04 18:07:56 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/05 03:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/06/16 06:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/06/18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
PRC - [2005/10/14 11:01:06 | 00,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2006/12/12 10:46:52 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2005/11/08 07:30:46 | 00,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTXFIHLP.EXE
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/12/23 18:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/11/08 07:25:46 | 00,716,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTXFISPI.EXE
PRC - [2008/12/16 15:11:12 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/12/23 18:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2004/06/16 06:03:26 | 00,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/06/16 06:02:54 | 00,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/21 20:06:29 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaime\My Documents\Downloads\OTL.exe
PRC - [2007/11/01 19:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/24 00:09:07 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/09/05 21:25:04 | 00,204,800 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\STacSV.exe -- (STacSV [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/02/04 14:09:06 | 00,380,800 | ---- | M] (Lumanate, Inc.) -- C:\WINDOWS\System32\DRIVERS\Angel2.sys -- (Angel2 [On_Demand | Running])
DRV - [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2008/10/08 01:21:38 | 00,171,032 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT [On_Demand | Stopped])
DRV - [2008/10/08 01:21:38 | 00,171,032 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS [On_Demand | Stopped])
DRV - [2005/11/08 07:14:40 | 00,502,272 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2005/11/08 07:15:38 | 00,439,680 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2005/07/13 04:18:48 | 00,340,704 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2008/10/08 01:21:44 | 01,324,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX [On_Demand | Stopped])
DRV - [2008/10/08 01:21:44 | 01,324,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS [On_Demand | Stopped])
DRV - [2008/10/08 01:21:40 | 00,072,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT [On_Demand | Stopped])
DRV - [2008/10/08 01:21:40 | 00,072,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS [On_Demand | Stopped])
DRV - [2005/11/08 07:15:38 | 00,007,168 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2005/11/08 07:14:46 | 00,143,360 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2005/03/31 17:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2005/11/08 07:14:44 | 00,077,824 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/11/08 07:15:22 | 01,095,680 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha20x2k.sys -- (ha20x2k [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Stopped])
DRV - [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2006/04/26 07:23:52 | 00,250,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor [Boot | Running])
DRV - [2008/04/13 13:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys -- (IrBus [On_Demand | Running])
DRV - [2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2009/04/30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/11/08 07:14:54 | 00,114,688 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/09/05 21:25:30 | 01,246,456 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Stopped])
DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 18:14:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 14:25:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/20 14:59:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/20 14:59:00 | 00,000,000 | ---D | M]

[2008/09/12 01:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Extensions
[2008/09/12 01:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/20 16:50:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions
[2009/06/29 12:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 17:15:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/21 01:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/30 14:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/04/30 14:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/10/25 13:21:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2008/08/31 13:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\[email protected]
[2009/07/20 16:50:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/20 14:59:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/10 00:12:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/10 18:14:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/03 01:51:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/12 18:17:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/20 14:58:55 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/20 14:58:55 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/11/04 11:15:38 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/20 14:58:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/18 14:25:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/18 14:25:01 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/18 14:25:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/18 14:25:02 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/18 14:25:02 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/18 14:25:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/18 14:25:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1241406516140 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1208723630468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1241386971015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/20 02:26:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/21 12:26:21 | 00,000,057 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/17 19:31:55 | 00,000,902 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\mbam-Malware Full Scan log-2009-07-17 (19-31-38)
[2009/07/15 17:35:47 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/15 17:28:16 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/07/15 17:28:04 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\LopSD.exe
[2009/07/15 17:26:38 | 00,000,063 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\OTL.URL
[2009/07/15 16:47:57 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/07/15 16:29:32 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/15 16:29:32 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/15 16:29:32 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/15 16:29:32 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/15 16:29:32 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/15 16:29:32 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/15 16:29:32 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/15 16:29:32 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/15 16:29:32 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/15 16:29:32 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/15 16:29:32 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/15 16:29:32 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/15 16:29:32 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/15 16:29:32 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/15 16:29:32 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/15 16:29:32 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/15 16:29:32 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/15 16:29:32 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/15 16:29:32 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/15 16:29:32 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/15 16:29:32 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/15 16:29:32 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/15 16:29:32 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/15 16:29:32 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/15 16:29:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/15 16:29:32 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/15 16:29:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/15 16:29:32 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/15 16:29:32 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/15 16:29:32 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/15 16:29:32 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/15 16:29:32 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/15 16:29:32 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/15 16:29:32 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/15 16:29:32 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/15 16:29:32 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/15 16:29:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/15 16:26:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/07/15 16:12:33 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/07/15 16:12:26 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/15 16:12:24 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/15 16:07:31 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/15 16:07:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/15 16:07:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/15 16:07:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/15 16:07:31 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/15 16:07:31 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/15 16:07:31 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/15 16:07:31 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/15 16:06:37 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/15 14:45:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/14 16:55:00 | 03,121,979 | R--- | C] () -- C:\Documents and Settings\Jaime\Desktop\Combo-Fix.exe
[2009/07/13 23:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/13 23:24:22 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 23:24:19 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/13 23:24:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaime\Application Data\SUPERAntiSpyware.com
[2009/07/13 22:47:57 | 06,568,480 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\Gogetum.exe
[2009/07/13 18:43:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaime\Application Data\Malwarebytes
[2009/07/13 18:43:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 18:43:12 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 18:43:11 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 18:43:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/13 18:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/13 18:42:11 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaime\Desktop\gogetem.exe
[2009/07/13 18:26:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/07/10 16:35:34 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/07/08 14:04:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaime\Application Data\U3
[2009/06/27 14:24:15 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/06/27 13:41:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/06/27 13:41:55 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/06/27 13:41:50 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/06/27 13:41:13 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/06/27 13:41:13 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/06/27 13:41:13 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/06/27 13:41:13 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/06/27 13:41:13 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/06/27 13:41:12 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/06/27 13:41:12 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/06/27 13:41:11 | 00,000,000 | ---D | C] -- C:\1c1eb82dd82a04c467d64d45f1
[2009/06/22 00:38:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2009/06/20 01:50:10 | 00,933,208 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/05/17 18:34:44 | 00,050,432 | R--- | C] () -- C:\WINDOWS\System32\claptn.ini
[2009/05/17 18:34:44 | 00,000,190 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/05/01 21:16:53 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2009/05/01 21:09:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/03/06 01:17:11 | 00,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/02/03 18:39:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/11 23:13:17 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/10/17 00:58:24 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/17 00:58:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/14 02:48:20 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/07 23:41:40 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/09/11 16:50:49 | 00,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/09/11 16:50:49 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\80EAD07259.sys
[2008/06/22 17:10:55 | 00,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2008/05/07 17:31:10 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2008/05/07 16:59:44 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/05/07 16:59:44 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/05/07 16:59:44 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/05/05 21:27:55 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/23 15:22:51 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/04/20 15:27:53 | 00,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2008/04/20 15:02:55 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/04/20 14:51:07 | 00,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2008/04/20 14:51:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2006/12/12 10:47:24 | 00,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/01/17 09:20:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 07:43:30 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/03/21 04:56:10 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/21 20:03:49 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/21 18:21:41 | 00,029,239 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/21 18:21:41 | 00,024,014 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/21 18:21:34 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/21 18:21:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/21 18:20:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/21 12:00:10 | 00,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/07/21 12:00:10 | 00,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/07/21 12:00:10 | 00,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/07/21 12:00:10 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/07/21 12:00:10 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/07/20 23:30:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/20 15:39:30 | 00,007,269 | ---- | M] () -- C:\Documents and Settings\Jaime\My Documents\2009 Seizures.wpd
[2009/07/20 14:58:49 | 00,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/20 14:58:49 | 00,000,056 | RHS- | M] () -- C:\WINDOWS\System32\80EAD07259.sys
[2009/07/17 19:31:55 | 00,000,902 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\mbam-Malware Full Scan log-2009-07-17 (19-31-38)
[2009/07/16 03:48:40 | 04,845,904 | -H-- | M] () -- C:\Documents and Settings\Jaime\Local Settings\Application Data\IconCache.db
[2009/07/15 17:28:04 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\LopSD.exe
[2009/07/15 17:26:38 | 00,000,063 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\OTL.URL
[2009/07/15 17:06:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/15 17:03:36 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/15 16:12:34 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/07/15 03:01:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 01:30:19 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/14 16:55:00 | 03,121,979 | R--- | M] () -- C:\Documents and Settings\Jaime\Desktop\Combo-Fix.exe
[2009/07/13 23:24:22 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 22:48:08 | 06,568,480 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\Gogetum.exe
[2009/07/13 18:43:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 18:42:15 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaime\Desktop\gogetem.exe
[2009/07/13 18:30:53 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/13 17:19:54 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/10 16:35:34 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/07/07 16:36:51 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/07/07 16:35:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/07 10:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/01 01:00:03 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/30 19:23:33 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/29 18:05:20 | 00,012,122 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\Quotes.rtf
[2009/06/29 13:55:40 | 00,034,760 | ---- | M] () -- C:\Documents and Settings\Jaime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/28 01:17:42 | 00,008,616 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\General.wpd
[2009/06/27 18:15:16 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\McAfee Virtual Technician.lnk
[2009/06/27 13:50:43 | 00,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/27 13:46:32 | 00,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/27 13:46:32 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/27 13:46:32 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >
  • 0

Advertisements

#17
heir
Posted 22 July 2009 - 12:00 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java™ 6 Update 7
BitTorrent
DNA


Optional removals
DNA, BitTorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
CFScript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Folder::
C:\1c1eb82dd82a04c467d64d45f1
c:\documents and settings\Jaime\Application Data\FrostWire
c:\documents and settings\Jaime\Application Data\LimeWire
C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
Dirlook::
c:\documents and settings\Jaime\Incomplete

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3.
OTL-scan:

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad windows with OTL.Txt that's saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 4.
Things I would like to see in your reply:

  • Which P2P softwares were uninstalled in step 1.
  • The content of C:\ComboFix.txt from step 2.
  • The content of OTL.txt from step 3.

  • 0

#18
Master Spade
Posted 22 July 2009 - 01:26 PM

Master Spade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
This is the content of C:\ComboFix.txt from step 2:

ComboFix 09-07-13.01 - Jaime 07/15/2009 16:58.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1699 [GMT -5:00]
Running from: c:\documents and settings\Jaime\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe
c:\windows\system32\drivers\SKYNETjejtydey.sys
c:\windows\system32\mfc45.dll
c:\windows\system32\SKYNETbfoqlxet.dll
c:\windows\system32\SKYNETdgmmjgwy.dat
c:\windows\system32\SKYNETfsodemqs.dll
c:\windows\system32\SKYNETonrevyuu.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETaicrmsoi
-------\Service_SKYNETaicrmsoi


((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-14 21:03 . 2009-07-14 21:08 -------- d-----w- c:\documents and settings\Jaime\Incomplete
2009-07-14 04:26 . 2009-07-15 22:06 117760 ----a-w- c:\documents and settings\Jaime\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-14 04:25 . 2009-07-14 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-14 04:24 . 2009-07-14 04:24 65024 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-07-14 04:24 . 2009-07-14 04:24 18944 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-07-14 04:24 . 2009-07-14 04:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-14 04:24 . 2009-07-14 04:24 -------- d-----w- c:\documents and settings\Jaime\Application Data\SUPERAntiSpyware.com
2009-07-13 23:43 . 2009-07-13 23:43 -------- d-----w- c:\documents and settings\Jaime\Application Data\Malwarebytes
2009-07-13 23:43 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 23:43 . 2009-07-13 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 23:43 . 2009-07-13 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 23:43 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 21:27 . 2009-07-12 21:27 61224 ----a-w- c:\documents and settings\Jaime\GoToAssistDownloadHelper.exe
2009-07-10 21:35 . 2009-07-10 21:35 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-08 20:20 . 2007-10-23 14:27 110592 ----a-w- c:\documents and settings\Jaime\Application Data\U3\temp\cleanup.exe
2009-07-08 19:04 . 2008-05-02 15:41 3493888 ---ha-w- c:\documents and settings\Jaime\Application Data\U3\temp\Launchpad Removal.exe
2009-07-08 19:04 . 2009-07-08 20:20 -------- d-----w- c:\documents and settings\Jaime\Application Data\U3
2009-06-27 23:15 . 2009-06-27 23:15 49152 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-06-27 23:15 . 2009-06-27 23:15 49152 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- c:\program files\MSBuild
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- c:\program files\Reference Assemblies
2009-06-27 18:41 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-27 18:41 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-27 18:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-27 18:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-27 18:41 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-27 18:41 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-27 18:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- C:\1c1eb82dd82a04c467d64d45f1
2009-06-22 05:38 . 2009-06-22 05:38 -------- d-----w- c:\windows\system32\vmm32
2009-06-20 09:15 . 2009-06-20 09:15 518 ----a-w- c:\documents and settings\Jaime\Application Data\iolo\Registry\Last\restore.bat
2009-06-20 09:15 . 2009-06-20 09:15 1479 ----a-w- c:\documents and settings\Jaime\Application Data\iolo\restore.bat
2009-06-20 06:50 . 2009-06-20 06:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-06-20 06:50 . 2009-04-27 20:47 933208 ----a-w- c:\windows\system32\Incinerator.dll
2009-06-20 06:50 . 2009-03-09 21:04 8192 ----a-w- c:\windows\system32\smrgdf.exe
2009-06-20 06:50 . 2009-03-09 21:04 28672 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-06-20 06:50 . 2009-06-20 06:50 -------- d-----w- c:\program files\iolo
2009-06-20 06:48 . 2009-04-28 16:22 16430856 ----a-w- c:\documents and settings\Jaime\Application Data\iolo\Installers\PCTuneUp2.exe
2009-06-20 06:41 . 2009-06-20 08:49 -------- d-----w- c:\documents and settings\Jaime\Application Data\iolo
2009-06-20 06:41 . 2009-06-20 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-06-16 14:36 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 22:03 . 2008-10-25 05:19 -------- d-----w- c:\program files\DNA
2009-07-15 22:03 . 2008-10-25 05:19 -------- d-----w- c:\documents and settings\Jaime\Application Data\DNA
2009-07-15 08:06 . 2009-01-30 01:35 -------- d-----w- c:\documents and settings\Jaime\Application Data\FrostWire
2009-07-14 21:58 . 2008-05-22 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-14 21:10 . 2008-10-25 05:17 -------- d-----w- c:\documents and settings\Jaime\Application Data\BitTorrent
2009-07-14 21:06 . 2008-07-03 00:31 -------- d-----w- c:\program files\Java
2009-07-14 21:04 . 2008-07-03 00:34 -------- d-----w- c:\documents and settings\Jaime\Application Data\LimeWire
2009-07-13 23:30 . 2008-12-31 07:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-09 17:01 . 2008-09-11 21:50 56 --sh--r- c:\windows\system32\80EAD07259.sys
2009-07-09 17:01 . 2008-09-11 21:50 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-29 18:55 . 2008-06-17 20:51 34760 ----a-w- c:\documents and settings\Jaime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 23:15 . 2008-04-21 18:25 -------- d-----w- c:\program files\McAfee
2009-06-27 03:50 . 2008-04-20 17:44 -------- d-----w- c:\program files\Dell
2009-06-16 14:36 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 23:16 . 2009-06-12 23:16 152576 ----a-w- c:\documents and settings\Jaime\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:09 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 07:09 . 2009-05-22 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-22 07:09 . 2009-05-22 07:09 -------- d-----w- c:\program files\iTunes
2009-05-22 07:09 . 2009-05-22 07:09 -------- d-----w- c:\program files\iPod
2009-05-22 07:09 . 2008-04-21 23:54 -------- d-----w- c:\program files\Common Files\Apple
2009-05-22 07:07 . 2009-05-22 07:07 -------- d-----w- c:\program files\Bonjour
2009-05-22 07:06 . 2009-05-22 07:06 -------- d-----w- c:\program files\QuickTime
2009-05-22 07:03 . 2009-05-22 07:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-22 07:02 . 2008-12-18 19:57 -------- d-----w- c:\program files\Safari
2009-05-21 16:33 . 2008-12-10 19:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-21 02:47 . 2009-05-21 02:47 -------- d-----w- c:\program files\Digital Line Detect
2009-05-21 02:47 . 2008-04-20 19:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 00:08 . 2009-05-16 21:08 3344 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-05-17 21:44 . 2008-04-20 19:58 -------- d-----w- c:\program files\Creative
2009-05-17 01:30 . 2008-04-20 20:03 -------- d-----w- c:\documents and settings\Jaime\Application Data\Creative
2009-05-17 01:04 . 2009-05-17 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 21:08 . 2008-08-18 05:33 266400 ----a-r- c:\documents and settings\Jaime\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 05:31 . 2009-05-01 05:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 05:31 . 2009-05-01 05:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 05:31 . 2009-05-01 05:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 05:31 . 2009-05-01 05:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 05:31 . 2009-05-01 05:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 03:02 . 2009-05-01 03:02 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 03:02 . 2009-05-01 03:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 03:02 . 2009-05-01 03:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 03:02 . 2009-05-01 03:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 03:02 . 2009-05-01 03:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 03:02 . 2008-04-20 19:41 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 03:02 . 2008-04-20 19:40 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 03:02 . 2008-04-20 19:40 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 03:02 . 2008-04-20 19:40 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 03:02 . 2008-04-20 19:40 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 03:02 . 2008-04-20 19:40 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-27 08:14 . 2009-04-27 08:14 5856 --sh--w- c:\windows\system32\rigiwoti.exe
2009-04-27 05:42 . 2009-05-13 23:17 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-06-13 01:05 . 2008-09-12 06:51 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-15_21.28.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 22:03 . 2009-07-15 22:03 16384 c:\windows\Temp\Perflib_Perfdata_7f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 04:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2005-11-08 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-20 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn ]
2008-04-14 00:12 92672 ----a-w- c:\windows\system32\wlnotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcods.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-22 05:09]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-21 18:32]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-21 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Jaime\Application Data\Mozilla\Firefox\Profiles\0bakc5pi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 17:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3820)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\CTXFISPI.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-07-15 17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 22:08
ComboFix2.txt 2009-07-15 21:34

Pre-Run: 446,119,624,704 bytes free
Post-Run: 446,084,075,520 bytes free

300 --- E O F --- 2009-07-15 08:01





This is the report for Step 3:



OTL logfile created on: 7/22/2009 2:05:26 PM - Run 2
OTL by OldTimer - Version 3.0.10.0 Folder = C:\Documents and Settings\Jaime\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.25% Memory free
3.85 Gb Paging File | 3.47 Gb Available in Paging File | 90.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 415.09 Gb Free Space | 89.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 293.40 Gb Total Space | 57.53 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAIME-D41F31405
Current User Name: Jaime
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/11/04 18:07:56 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/05 03:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/06/16 06:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/11/08 07:25:46 | 00,716,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTXFISPI.EXE
PRC - [2005/10/14 11:01:06 | 00,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/12/23 18:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/12/23 18:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/07/22 14:02:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaime\My Documents\Downloads\OTL(2).exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/24 00:09:07 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/09/05 21:25:04 | 00,204,800 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\STacSV.exe -- (STacSV [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/02/04 14:09:06 | 00,380,800 | ---- | M] (Lumanate, Inc.) -- C:\WINDOWS\System32\DRIVERS\Angel2.sys -- (Angel2 [On_Demand | Running])
DRV - [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2008/10/08 01:21:38 | 00,171,032 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT [On_Demand | Stopped])
DRV - [2008/10/08 01:21:38 | 00,171,032 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS [On_Demand | Stopped])
DRV - [2005/11/08 07:14:40 | 00,502,272 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2005/11/08 07:15:38 | 00,439,680 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2005/07/13 04:18:48 | 00,340,704 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2008/10/08 01:21:44 | 01,324,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX [On_Demand | Stopped])
DRV - [2008/10/08 01:21:44 | 01,324,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS [On_Demand | Stopped])
DRV - [2008/10/08 01:21:40 | 00,072,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT [On_Demand | Stopped])
DRV - [2008/10/08 01:21:40 | 00,072,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS [On_Demand | Stopped])
DRV - [2005/11/08 07:15:38 | 00,007,168 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2005/11/08 07:14:46 | 00,143,360 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2005/03/31 17:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2005/11/08 07:14:44 | 00,077,824 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/11/08 07:15:22 | 01,095,680 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha20x2k.sys -- (ha20x2k [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Stopped])
DRV - [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2006/04/26 07:23:52 | 00,250,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor [Boot | Running])
DRV - [2008/04/13 13:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys -- (IrBus [On_Demand | Running])
DRV - [2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2009/04/30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/11/08 07:14:54 | 00,114,688 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/09/05 21:25:30 | 01,246,456 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Stopped])
DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 18:14:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 14:25:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/20 14:59:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/22 13:44:25 | 00,000,000 | ---D | M]

[2008/09/12 01:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Extensions
[2008/09/12 01:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/21 20:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions
[2009/06/29 12:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 17:15:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/21 01:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/30 14:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/04/30 14:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/10/25 13:21:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2008/08/31 13:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\[email protected]
[2009/07/22 13:59:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/20 14:59:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 18:14:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/03 01:51:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/12 18:17:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/20 14:58:55 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/20 14:58:55 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/11/04 11:15:38 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/20 14:58:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/18 14:25:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/18 14:25:01 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/18 14:25:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/18 14:25:02 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/18 14:25:02 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/18 14:25:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/18 14:25:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1241406516140 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1208723630468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1241386971015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/20 02:26:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/21 12:26:21 | 00,000,057 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9589197c-0f17-11dd-83d9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{9589197c-0f17-11dd-83d9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9589197c-0f17-11dd-83d9-806d6172696f}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- [2006/02/27 09:15:50 | 01,662,976 | R--- | M] (Bethesda Softworks)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/22 13:53:41 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF13998.exe
[2009/07/22 13:53:41 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/07/17 19:31:55 | 00,000,902 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\mbam-Malware Full Scan log-2009-07-17 (19-31-38)
[2009/07/15 17:35:47 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/15 17:28:16 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/07/15 17:28:04 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\LopSD.exe
[2009/07/15 17:26:38 | 00,000,063 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\OTL.URL
[2009/07/15 16:29:32 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/15 16:29:32 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/15 16:29:32 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/15 16:29:32 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/15 16:29:32 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/15 16:29:32 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/15 16:29:32 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/15 16:29:32 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/15 16:29:32 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/15 16:29:32 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/15 16:29:32 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/15 16:29:32 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/15 16:29:32 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/15 16:29:32 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/15 16:29:32 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/15 16:29:32 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/15 16:29:32 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/15 16:29:32 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/15 16:29:32 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/15 16:29:32 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/15 16:29:32 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/15 16:29:32 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/15 16:29:32 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/15 16:29:32 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/15 16:29:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/15 16:29:32 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/15 16:29:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/15 16:29:32 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/15 16:29:32 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/15 16:29:32 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/15 16:29:32 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/15 16:29:32 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/15 16:29:32 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/15 16:29:32 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/15 16:29:32 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/15 16:29:32 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/15 16:29:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/15 16:26:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/07/15 16:12:33 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/07/15 16:12:26 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/15 16:12:24 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/15 16:07:31 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/15 16:07:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/15 16:07:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/15 16:07:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/15 16:07:31 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/15 16:07:31 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/15 16:07:31 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/15 16:07:31 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/15 16:06:37 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/15 14:45:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/14 16:55:00 | 03,121,979 | R--- | C] () -- C:\Documents and Settings\Jaime\Desktop\Combo-Fix.exe
[2009/07/13 23:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/13 23:24:22 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 23:24:19 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/13 23:24:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaime\Application Data\SUPERAntiSpyware.com
[2009/07/13 22:47:57 | 06,568,480 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\Gogetum.exe
[2009/07/13 18:43:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaime\Application Data\Malwarebytes
[2009/07/13 18:43:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 18:43:12 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 18:43:11 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 18:43:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/13 18:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/13 18:42:11 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaime\Desktop\gogetem.exe
[2009/07/13 18:26:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/07/10 16:35:34 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/07/08 14:04:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaime\Application Data\U3
[2009/06/27 14:24:15 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/06/27 13:41:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/06/27 13:41:55 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/06/27 13:41:50 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/06/27 13:41:13 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/06/27 13:41:13 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/06/27 13:41:13 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/06/27 13:41:13 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/06/27 13:41:13 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/06/27 13:41:12 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/06/27 13:41:12 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/06/27 13:41:11 | 00,000,000 | ---D | C] -- C:\1c1eb82dd82a04c467d64d45f1
[2009/06/20 01:50:10 | 00,933,208 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/05/17 18:34:44 | 00,050,432 | R--- | C] () -- C:\WINDOWS\System32\claptn.ini
[2009/05/17 18:34:44 | 00,000,190 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/05/01 21:16:53 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2009/05/01 21:09:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/03/06 01:17:11 | 00,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/02/03 18:39:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/11 23:13:17 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/10/17 00:58:24 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/17 00:58:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/14 02:48:20 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/07 23:41:40 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/09/11 16:50:49 | 00,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/09/11 16:50:49 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\80EAD07259.sys
[2008/06/22 17:10:55 | 00,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2008/05/07 17:31:10 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2008/05/07 16:59:44 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/05/07 16:59:44 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/05/07 16:59:44 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/05/05 21:27:55 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/23 15:22:51 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/04/20 15:27:53 | 00,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2008/04/20 15:02:55 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/04/20 14:51:07 | 00,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2008/04/20 14:51:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2006/12/12 10:47:24 | 00,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/01/17 09:20:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 07:43:30 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/03/21 04:56:10 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/22 13:54:51 | 00,024,014 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/22 13:53:03 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF13998.exe
[2009/07/22 12:55:02 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/22 12:54:34 | 00,029,239 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/22 12:54:31 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/22 12:54:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/22 12:54:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/22 01:02:17 | 00,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/07/22 01:02:17 | 00,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/07/22 01:02:17 | 00,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/07/22 01:02:17 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/07/22 01:02:17 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/07/22 00:29:30 | 00,012,873 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\Quotes.rtf
[2009/07/20 23:30:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/20 15:39:30 | 00,007,269 | ---- | M] () -- C:\Documents and Settings\Jaime\My Documents\2009 Seizures.wpd
[2009/07/20 14:58:49 | 00,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/20 14:58:49 | 00,000,056 | RHS- | M] () -- C:\WINDOWS\System32\80EAD07259.sys
[2009/07/17 19:31:55 | 00,000,902 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\mbam-Malware Full Scan log-2009-07-17 (19-31-38)
[2009/07/16 03:48:40 | 04,845,904 | -H-- | M] () -- C:\Documents and Settings\Jaime\Local Settings\Application Data\IconCache.db
[2009/07/15 17:28:04 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\LopSD.exe
[2009/07/15 17:26:38 | 00,000,063 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\OTL.URL
[2009/07/15 17:06:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/15 17:03:36 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/15 16:12:34 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/07/15 03:01:55 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 01:30:19 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/14 16:55:00 | 03,121,979 | R--- | M] () -- C:\Documents and Settings\Jaime\Desktop\Combo-Fix.exe
[2009/07/13 23:24:22 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 22:48:08 | 06,568,480 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\Gogetum.exe
[2009/07/13 18:43:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 18:42:15 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaime\Desktop\gogetem.exe
[2009/07/13 18:30:53 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/13 17:19:54 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/10 16:35:34 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/07/07 16:36:51 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/07/07 16:35:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/07 10:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/01 01:00:03 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/30 19:23:33 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/29 13:55:40 | 00,034,760 | ---- | M] () -- C:\Documents and Settings\Jaime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/28 01:17:42 | 00,008,616 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\General.wpd
[2009/06/27 18:15:16 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\McAfee Virtual Technician.lnk
[2009/06/27 13:50:43 | 00,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/27 13:46:32 | 00,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/27 13:46:32 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/27 13:46:32 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >
  • 0

#19
Master Spade
Posted 22 July 2009 - 01:33 PM

Master Spade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I have a question about removing Programs. I did remove Bittorrent and the other 2 things in that first step. I to Start > Control Panel > Add/Remove Programs and removed those things. But when the I got done with Step 3, I noticed it says Bittorrent in one of the logs. So I clicked My Computer, clicked C:, and Program Files, and Bittorrent is still there??


Another question is about that Java Update. Do I have to save Every update for all programs, or can I delete older ones and only need the newest one? That Java one is an example, If I have Update 10 let's say, do I need to keep Update 9, 8, 7, etc? Or can I just delete those older ones?


Thanks!
  • 0

#20
heir
Posted 22 July 2009 - 01:54 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

I have a question about removing Programs. I did remove Bittorrent and the other 2 things in that first step. I to Start > Control Panel > Add/Remove Programs and removed those things. But when the I got done with Step 3, I noticed it says Bittorrent in one of the logs. So I clicked My Computer, clicked C:, and Program Files, and Bittorrent is still there??

The program has been removed but the folder is still there. Some softwares leave stuff behind. I'll take care of this later

Another question is about that Java Update. Do I have to save Every update for all programs, or can I delete older ones and only need the newest one? That Java one is an example, If I have Update 10 let's say, do I need to keep Update 9, 8, 7, etc? Or can I just delete those older ones?

The aren't any general rule for this. It applies to Java though (that is if your not a software developer that needs to to check which versions your software is compatible with)

You didn't perform step 2 as requested. (The log you posted is from the previous run)

Please follow the instructions in step 2 and 3 again.
  • 0

#21
Master Spade
Posted 22 July 2009 - 02:42 PM

Master Spade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Results for Step 3:



OTL logfile created on: 7/22/2009 3:34:49 PM - Run 3
OTL by OldTimer - Version 3.0.10.0 Folder = C:\Documents and Settings\Jaime\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 68.83% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 86.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 415.18 Gb Free Space | 89.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 293.40 Gb Total Space | 57.53 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAIME-D41F31405
Current User Name: Jaime
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/11/04 18:07:56 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/05 03:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/06/16 06:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/11/08 07:25:46 | 00,716,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTXFISPI.EXE
PRC - [2005/10/14 11:01:06 | 00,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/12/23 18:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/12/23 18:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2007/11/01 19:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/07/20 14:58:56 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/22 15:31:42 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaime\My Documents\Downloads\OTL(3).exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/24 00:09:07 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/09/05 21:25:04 | 00,204,800 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\STacSV.exe -- (STacSV [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/02/04 14:09:06 | 00,380,800 | ---- | M] (Lumanate, Inc.) -- C:\WINDOWS\System32\DRIVERS\Angel2.sys -- (Angel2 [On_Demand | Running])
DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2008/10/08 01:21:38 | 00,171,032 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT [On_Demand | Stopped])
DRV - [2008/10/08 01:21:38 | 00,171,032 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS [On_Demand | Stopped])
DRV - [2005/11/08 07:14:40 | 00,502,272 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2005/11/08 07:15:38 | 00,439,680 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2005/07/13 04:18:48 | 00,340,704 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2008/10/08 01:21:44 | 01,324,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX [On_Demand | Stopped])
DRV - [2008/10/08 01:21:44 | 01,324,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS [On_Demand | Stopped])
DRV - [2008/10/08 01:21:40 | 00,072,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT [On_Demand | Stopped])
DRV - [2008/10/08 01:21:40 | 00,072,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS [On_Demand | Stopped])
DRV - [2005/11/08 07:15:38 | 00,007,168 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2005/11/08 07:14:46 | 00,143,360 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2005/03/31 17:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2005/11/08 07:14:44 | 00,077,824 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/11/08 07:15:22 | 01,095,680 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha20x2k.sys -- (ha20x2k [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Stopped])
DRV - [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2006/04/26 07:23:52 | 00,250,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor [Boot | Running])
DRV - [2008/04/13 13:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys -- (IrBus [On_Demand | Running])
DRV - [2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2009/04/30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/11/08 07:14:54 | 00,114,688 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/09/05 21:25:30 | 01,246,456 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Stopped])
DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 18:14:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 14:25:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/20 14:59:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/22 13:44:25 | 00,000,000 | ---D | M]

[2008/09/12 01:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Extensions
[2008/09/12 01:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/21 20:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions
[2009/06/29 12:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 17:15:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/21 01:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/30 14:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/04/30 14:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/10/25 13:21:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2008/08/31 13:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jaime\Application Data\mozilla\Firefox\Profiles\0bakc5pi.default\extensions\[email protected]
[2009/07/22 13:59:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/20 14:59:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 18:14:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/03 01:51:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/12 18:17:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/20 14:58:55 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/20 14:58:55 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/11/04 11:15:38 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/20 14:58:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/22 02:06:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/18 14:25:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/18 14:25:01 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/18 14:25:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/18 14:25:02 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/18 14:25:02 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/18 14:25:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/18 14:25:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1241406516140 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1208723630468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1241386971015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/20 02:26:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/21 12:26:21 | 00,000,057 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/22 15:26:23 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/07/22 15:26:23 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/07/22 15:19:36 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/07/17 19:31:55 | 00,000,902 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\mbam-Malware Full Scan log-2009-07-17 (19-31-38)
[2009/07/15 17:28:16 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/07/15 17:28:04 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\LopSD.exe
[2009/07/15 17:26:38 | 00,000,063 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\OTL.URL
[2009/07/15 16:29:32 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/15 16:29:32 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/15 16:29:32 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/15 16:29:32 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/15 16:29:32 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/15 16:29:32 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/15 16:29:32 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/15 16:29:32 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/15 16:29:32 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/15 16:29:32 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/15 16:29:32 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/15 16:29:32 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/15 16:29:32 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/15 16:29:32 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/15 16:29:32 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/15 16:29:32 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/15 16:29:32 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/15 16:29:32 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/15 16:29:32 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/15 16:29:32 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/15 16:29:32 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/15 16:29:32 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/15 16:29:32 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/15 16:29:32 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/15 16:29:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/15 16:29:32 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/15 16:29:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/15 16:29:32 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/15 16:29:32 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/15 16:29:32 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/15 16:29:32 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/15 16:29:32 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/15 16:29:32 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/15 16:29:32 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/15 16:29:32 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/15 16:29:32 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/15 16:29:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/15 16:26:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/07/15 16:12:33 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/07/15 16:12:26 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/15 16:12:24 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/15 16:07:31 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/15 16:07:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/15 16:07:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/15 16:07:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/15 16:07:31 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/15 16:07:31 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/15 16:07:31 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/15 16:07:31 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/15 16:06:37 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/15 14:45:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/14 16:55:00 | 03,149,078 | R--- | C] () -- C:\Documents and Settings\Jaime\Desktop\Combo-Fix.exe
[2009/07/13 23:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/13 23:24:22 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 23:24:19 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/13 23:24:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaime\Application Data\SUPERAntiSpyware.com
[2009/07/13 22:47:57 | 06,568,480 | ---- | C] () -- C:\Documents and Settings\Jaime\Desktop\Gogetum.exe
[2009/07/13 18:43:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaime\Application Data\Malwarebytes
[2009/07/13 18:43:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 18:43:12 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 18:43:11 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 18:43:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/13 18:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/13 18:42:11 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaime\Desktop\gogetem.exe
[2009/07/13 18:26:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/07/10 16:35:34 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/07/08 14:04:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaime\Application Data\U3
[2009/06/27 14:24:15 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/06/27 13:41:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/06/27 13:41:55 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/06/27 13:41:50 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/06/27 13:41:13 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/06/27 13:41:13 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/06/27 13:41:13 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/06/27 13:41:13 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/06/27 13:41:13 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/06/27 13:41:12 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/06/27 13:41:12 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/06/20 01:50:10 | 00,933,208 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/05/17 18:34:44 | 00,050,432 | R--- | C] () -- C:\WINDOWS\System32\claptn.ini
[2009/05/17 18:34:44 | 00,000,190 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/05/01 21:16:53 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2009/05/01 21:09:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/03/06 01:17:11 | 00,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/02/03 18:39:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/11 23:13:17 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/10/17 00:58:24 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/17 00:58:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/14 02:48:20 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/07 23:41:40 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/09/11 16:50:49 | 00,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/09/11 16:50:49 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\80EAD07259.sys
[2008/06/22 17:10:55 | 00,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2008/05/07 17:31:10 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2008/05/07 16:59:44 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/05/07 16:59:44 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/05/07 16:59:44 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/05/05 21:27:55 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/23 15:22:51 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/04/20 15:27:53 | 00,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2008/04/20 15:02:55 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/04/20 14:51:07 | 00,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2008/04/20 14:51:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2006/12/12 10:47:24 | 00,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/01/17 09:20:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 07:43:30 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/03/21 04:56:10 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/22 15:27:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/22 15:25:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/22 15:18:03 | 03,149,078 | R--- | M] () -- C:\Documents and Settings\Jaime\Desktop\Combo-Fix.exe
[2009/07/22 15:15:45 | 00,024,158 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/22 14:50:35 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/22 14:20:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/22 12:54:34 | 00,029,239 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/22 12:54:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/22 01:02:17 | 00,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/07/22 01:02:17 | 00,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/07/22 01:02:17 | 00,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/07/22 01:02:17 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/07/22 01:02:17 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/07/22 00:29:30 | 00,012,873 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\Quotes.rtf
[2009/07/20 23:30:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/20 15:39:30 | 00,007,269 | ---- | M] () -- C:\Documents and Settings\Jaime\My Documents\2009 Seizures.wpd
[2009/07/20 14:58:49 | 00,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/20 14:58:49 | 00,000,056 | RHS- | M] () -- C:\WINDOWS\System32\80EAD07259.sys
[2009/07/17 19:31:55 | 00,000,902 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\mbam-Malware Full Scan log-2009-07-17 (19-31-38)
[2009/07/16 03:48:40 | 04,845,904 | -H-- | M] () -- C:\Documents and Settings\Jaime\Local Settings\Application Data\IconCache.db
[2009/07/15 17:28:04 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\LopSD.exe
[2009/07/15 17:26:38 | 00,000,063 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\OTL.URL
[2009/07/15 17:03:36 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/15 16:12:34 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/07/15 03:01:55 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 01:30:19 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/13 23:24:22 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 22:48:08 | 06,568,480 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\Gogetum.exe
[2009/07/13 18:43:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 18:42:15 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jaime\Desktop\gogetem.exe
[2009/07/13 18:30:53 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/13 17:19:54 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/10 16:35:34 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/07/07 16:36:51 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/07/07 16:35:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/07 10:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/01 01:00:03 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/30 19:23:33 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/29 13:55:40 | 00,034,760 | ---- | M] () -- C:\Documents and Settings\Jaime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/28 01:17:42 | 00,008,616 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\General.wpd
[2009/06/27 18:15:16 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\Jaime\Desktop\McAfee Virtual Technician.lnk
[2009/06/27 13:50:43 | 00,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/27 13:46:32 | 00,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/27 13:46:32 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/27 13:46:32 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >
  • 0

#22
Master Spade
Posted 22 July 2009 - 02:43 PM

Master Spade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
This is from Step 2:





ComboFix 09-07-22.01 - Jaime 07/22/2009 15:22.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1575 [GMT -5:00]
Running from: c:\documents and settings\Jaime\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jaime\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1c1eb82dd82a04c467d64d45f1
c:\1c1eb82dd82a04c467d64d45f1\amd64\filterpipelineprintproc.dll
c:\1c1eb82dd82a04c467d64d45f1\amd64\msxpsdrv.cat
c:\1c1eb82dd82a04c467d64d45f1\amd64\msxpsdrv.inf
c:\1c1eb82dd82a04c467d64d45f1\amd64\msxpsinc.gpd
c:\1c1eb82dd82a04c467d64d45f1\amd64\msxpsinc.ppd
c:\1c1eb82dd82a04c467d64d45f1\amd64\mxdwdrv.dll
c:\1c1eb82dd82a04c467d64d45f1\amd64\xpssvcs.dll
c:\1c1eb82dd82a04c467d64d45f1\i386\filterpipelineprintproc.dll
c:\1c1eb82dd82a04c467d64d45f1\i386\msxpsdrv.cat
c:\1c1eb82dd82a04c467d64d45f1\i386\msxpsdrv.inf
c:\1c1eb82dd82a04c467d64d45f1\i386\msxpsinc.gpd
c:\1c1eb82dd82a04c467d64d45f1\i386\msxpsinc.ppd
c:\1c1eb82dd82a04c467d64d45f1\i386\mxdwdrv.dll
c:\1c1eb82dd82a04c467d64d45f1\i386\xpssvcs.dll
c:\documents and settings\Jaime\Application Data\FrostWire
c:\documents and settings\Jaime\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\documents and settings\Jaime\Application Data\FrostWire\checkandupdate.txt
c:\documents and settings\Jaime\Application Data\FrostWire\createtimes.cache
c:\documents and settings\Jaime\Application Data\FrostWire\downloads.dat
c:\documents and settings\Jaime\Application Data\FrostWire\fileurns.bak
c:\documents and settings\Jaime\Application Data\FrostWire\fileurns.cache
c:\documents and settings\Jaime\Application Data\FrostWire\filters.props
c:\documents and settings\Jaime\Application Data\FrostWire\frostwire.props
c:\documents and settings\Jaime\Application Data\FrostWire\gnutella.net
c:\documents and settings\Jaime\Application Data\FrostWire\installation.props
c:\documents and settings\Jaime\Application Data\FrostWire\intent.props
c:\documents and settings\Jaime\Application Data\FrostWire\library.dat
c:\documents and settings\Jaime\Application Data\FrostWire\mojito.props
c:\documents and settings\Jaime\Application Data\FrostWire\overlays.dat
c:\documents and settings\Jaime\Application Data\FrostWire\overlays\did_you_pay.gif
c:\documents and settings\Jaime\Application Data\FrostWire\overlays\fhernando_sweetaddiction_overlay.jpg
c:\documents and settings\Jaime\Application Data\FrostWire\questions.props
c:\documents and settings\Jaime\Application Data\FrostWire\responses.cache
c:\documents and settings\Jaime\Application Data\FrostWire\seenMessages.dat
c:\documents and settings\Jaime\Application Data\FrostWire\simpp.xml
c:\documents and settings\Jaime\Application Data\FrostWire\spam.dat
c:\documents and settings\Jaime\Application Data\FrostWire\tables.props
c:\documents and settings\Jaime\Application Data\FrostWire\themes\frostwirePro_theme.fwtp
c:\documents and settings\Jaime\Application Data\FrostWire\themes\frostwirePro_theme\theme.txt
c:\documents and settings\Jaime\Application Data\FrostWire\themes\frostwirePro_theme\version.txt
c:\documents and settings\Jaime\Application Data\FrostWire\ttrees.cache
c:\documents and settings\Jaime\Application Data\FrostWire\ttroot.cache
c:\documents and settings\Jaime\Application Data\FrostWire\version.xml
c:\documents and settings\Jaime\Application Data\FrostWire\xml\data\audio.sxml2
c:\documents and settings\Jaime\Application Data\LimeWire
c:\documents and settings\Jaime\Application Data\LimeWire\active.mojito
c:\documents and settings\Jaime\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Jaime\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Jaime\Application Data\LimeWire\downloads.dat
c:\documents and settings\Jaime\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Jaime\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Jaime\Application Data\LimeWire\filters.props
c:\documents and settings\Jaime\Application Data\LimeWire\gnutella.net
c:\documents and settings\Jaime\Application Data\LimeWire\installation.props
c:\documents and settings\Jaime\Application Data\LimeWire\library.dat
c:\documents and settings\Jaime\Application Data\LimeWire\limewire.props
c:\documents and settings\Jaime\Application Data\LimeWire\mojito.props
c:\documents and settings\Jaime\Application Data\LimeWire\passive.mojito
c:\documents and settings\Jaime\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Jaime\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Jaime\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Jaime\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Jaime\Application Data\LimeWire\questions.props
c:\documents and settings\Jaime\Application Data\LimeWire\responses.cache
c:\documents and settings\Jaime\Application Data\LimeWire\simpp.xml
c:\documents and settings\Jaime\Application Data\LimeWire\spam.dat
c:\documents and settings\Jaime\Application Data\LimeWire\tables.props
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Jaime\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Jaime\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Jaime\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Jaime\Application Data\LimeWire\version.xml
c:\documents and settings\Jaime\Application Data\LimeWire\versions.props
c:\documents and settings\Jaime\Application Data\LimeWire\xml\data\audio.sxml2

.
((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.

2009-07-15 22:28 . 2009-07-15 22:34 -------- d-----w- C:\Lop SD
2009-07-14 21:03 . 2009-07-14 21:08 -------- d-----w- c:\documents and settings\Jaime\Incomplete
2009-07-14 04:26 . 2009-07-22 17:54 117760 ----a-w- c:\documents and settings\Jaime\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-14 04:25 . 2009-07-14 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-14 04:24 . 2009-07-14 04:24 65024 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-07-14 04:24 . 2009-07-14 04:24 18944 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-07-14 04:24 . 2009-07-14 04:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-14 04:24 . 2009-07-14 04:24 -------- d-----w- c:\documents and settings\Jaime\Application Data\SUPERAntiSpyware.com
2009-07-13 23:43 . 2009-07-13 23:43 -------- d-----w- c:\documents and settings\Jaime\Application Data\Malwarebytes
2009-07-13 23:43 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 23:43 . 2009-07-13 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 23:43 . 2009-07-13 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 23:43 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 21:27 . 2009-07-12 21:27 61224 ----a-w- c:\documents and settings\Jaime\GoToAssistDownloadHelper.exe
2009-07-10 21:35 . 2009-07-10 21:35 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-08 20:20 . 2007-10-23 14:27 110592 ----a-w- c:\documents and settings\Jaime\Application Data\U3\temp\cleanup.exe
2009-07-08 19:04 . 2008-05-02 15:41 3493888 ---ha-w- c:\documents and settings\Jaime\Application Data\U3\temp\Launchpad Removal.exe
2009-07-08 19:04 . 2009-07-08 20:20 -------- d-----w- c:\documents and settings\Jaime\Application Data\U3
2009-06-27 23:15 . 2009-06-27 23:15 49152 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-06-27 23:15 . 2009-06-27 23:15 49152 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- c:\program files\MSBuild
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- c:\program files\Reference Assemblies
2009-06-27 18:41 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-27 18:41 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-27 18:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-27 18:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-27 18:41 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-27 18:41 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-27 18:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 18:45 . 2008-10-25 05:17 -------- d-----w- c:\documents and settings\Jaime\Application Data\BitTorrent
2009-07-22 18:44 . 2008-10-25 05:15 -------- d-----w- c:\program files\BitTorrent
2009-07-22 18:43 . 2008-07-03 00:31 -------- d-----w- c:\program files\Java
2009-07-21 23:21 . 2008-05-22 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-20 19:58 . 2008-09-11 21:50 56 --sh--r- c:\windows\system32\80EAD07259.sys
2009-07-20 19:58 . 2008-09-11 21:50 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-13 23:30 . 2008-12-31 07:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-29 18:55 . 2008-06-17 20:51 34760 ----a-w- c:\documents and settings\Jaime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 23:15 . 2008-04-21 18:25 -------- d-----w- c:\program files\McAfee
2009-06-27 03:50 . 2008-04-20 17:44 -------- d-----w- c:\program files\Dell
2009-06-20 09:15 . 2009-06-20 09:15 518 ----a-w- c:\documents and settings\Jaime\Application Data\iolo\Registry\Last\restore.bat
2009-06-20 09:15 . 2009-06-20 09:15 1479 ----a-w- c:\documents and settings\Jaime\Application Data\iolo\restore.bat
2009-06-20 08:49 . 2009-06-20 06:41 -------- d-----w- c:\documents and settings\Jaime\Application Data\iolo
2009-06-20 08:49 . 2009-06-20 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-06-20 06:50 . 2009-06-20 06:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-06-20 06:50 . 2009-06-20 06:50 -------- d-----w- c:\program files\iolo
2009-06-16 14:36 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 23:16 . 2009-06-12 23:16 152576 ----a-w- c:\documents and settings\Jaime\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:09 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 07:03 . 2009-05-22 07:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-21 16:33 . 2008-12-10 19:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 21:08 . 2008-08-18 05:33 266400 ----a-r- c:\documents and settings\Jaime\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 05:31 . 2009-05-01 05:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 05:31 . 2009-05-01 05:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 05:31 . 2009-05-01 05:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 05:31 . 2009-05-01 05:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 05:31 . 2009-05-01 05:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 03:02 . 2009-05-01 03:02 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 03:02 . 2009-05-01 03:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 03:02 . 2009-05-01 03:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 03:02 . 2009-05-01 03:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 03:02 . 2009-05-01 03:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 03:02 . 2008-04-20 19:41 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 03:02 . 2008-04-20 19:40 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 03:02 . 2008-04-20 19:40 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 03:02 . 2008-04-20 19:40 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 03:02 . 2008-04-20 19:40 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 03:02 . 2008-04-20 19:40 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-28 16:22 . 2009-06-20 06:48 16430856 ----a-w- c:\documents and settings\Jaime\Application Data\iolo\Installers\PCTuneUp2.exe
2009-04-27 20:47 . 2009-06-20 06:50 933208 ----a-w- c:\windows\system32\Incinerator.dll
2009-04-27 08:14 . 2009-04-27 08:14 5856 --sh--w- c:\windows\system32\rigiwoti.exe
2009-04-27 05:42 . 2009-05-13 23:17 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-20 19:58 . 2008-09-12 06:51 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Jaime\Incomplete ----

2009-07-14 21:08 . 2009-07-14 21:08 275 ----a-w- c:\documents and settings\Jaime\Incomplete\downloads.dat


((((((((((((((((((((((((((((( SnapShot@2009-07-15_21.28.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-22 17:54 . 2009-07-22 17:54 16384 c:\windows\Temp\Perflib_Perfdata_678.dat
+ 2008-04-20 07:29 . 2009-07-22 18:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-20 07:29 . 2009-07-15 21:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-20 07:29 . 2009-07-22 18:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-20 07:29 . 2009-07-15 21:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-20 07:29 . 2009-07-22 18:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-04-20 07:29 . 2009-07-15 21:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 04:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2005-11-08 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-20 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn ]
2008-04-14 00:12 92672 ----a-w- c:\windows\system32\wlnotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcods.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-22 05:09]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-21 18:32]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-21 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Jaime\Application Data\Mozilla\Firefox\Profiles\0bakc5pi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 15:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-07-22 15:27
ComboFix-quarantined-files.txt 2009-07-22 20:27
ComboFix2.txt 2009-07-15 22:08
ComboFix3.txt 2009-07-15 21:34

Pre-Run: 445,675,622,400 bytes free
Post-Run: 445,773,651,968 bytes free

385 --- E O F --- 2009-07-15 08:01
  • 0

#23
heir
Posted 22 July 2009 - 02:54 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's remove some leftovers from the uninstall then and do a couple of scans

Step 1.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
:Files
C:\DOCUME~1\Jaime\APPLIC~1\<DIR> BitTorrent
C:\DOCUME~1\Jaime\APPLIC~1\<DIR> DNA
C:\Program Files\<DIR> BitTorrent
C:\Program Files\<DIR> DNA
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog

Step 2.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 14.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u14-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586-p.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

  • The content of the report from MBAM from Step 2.
  • The content of the report from Kaspersky Online Scanner from Step 3.

  • 0

#24
Master Spade
Posted 22 July 2009 - 07:28 PM

Master Spade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
When I did that first step, the PC Desktop stops showing the shortcuts for everything and then just freezes. I tried it twice, with the same result. What should I do?


Also, step 3 found an infected file. Did it remove it, or do I have to do something else to remove it?





Step 2 results:



Malwarebytes' Anti-Malware 1.39
Database version: 2453
Windows 5.1.2600 Service Pack 3

7/22/2009 4:30:05 PM
mbam-log-2009-07-22 (16-30-05).txt

Scan type: Quick Scan
Objects scanned: 92273
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)








Step 3 took over 3 hours, is that normal?:




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 22, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 22, 2009 23:38:49
Records in database: 2515919
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 177800
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:09:53


File name / Threat name / Threats count
F:\Documents and Settings\Jazmin\Local Settings\Temporary Internet Files\Content.IE5\39KJJ7CE\00000000[1].htm Infected: Trojan.HTML.Agent.e 1

The selected area was scanned.

Edited by Master Spade, 22 July 2009 - 07:34 PM.

  • 0

#25
heir
Posted 23 July 2009 - 12:13 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

When I did that first step, the PC Desktop stops showing the shortcuts for everything and then just freezes. I tried it twice, with the same result. What should I do?

Sorry my mistake, I'll correct it here.

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
:Files
C:\DOCUME~1\Jaime\APPLIC~1\BitTorrent
C:\DOCUME~1\Jaime\APPLIC~1\DNA
C:\Program Files\BitTorrent
C:\Program Files\DNA
F:\Documents and Settings\Jazmin\Local Settings\Temporary Internet Files\Content.IE5\39KJJ7CE\00000000[1].htm
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog


How is your computer running now?
  • 0

Advertisements

#26
Master Spade
Posted 23 July 2009 - 03:16 PM

Master Spade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I tried that OTL thing again, with the same results. For some reason, after I click the "Run Fix" Button, all the shortcuts disappear. Then nothing happens. The Screen just shows the screen saver. I can move the Curser, but Nothing is happening.I waited at least 6 minutes just to see if something would happen, however slow........but nothing. I tried it twice again with no success.
  • 0

#27
heir
Posted 23 July 2009 - 11:01 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Do it like this then

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
:Files
C:\DOCUME~1\Jaime\APPLIC~1\BitTorrent
C:\DOCUME~1\Jaime\APPLIC~1\DNA
C:\Program Files\BitTorrent
C:\Program Files\DNA
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog


How is your computer running now?
  • 0

#28
Master Spade
Posted 24 July 2009 - 01:08 PM

Master Spade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I tried it again, with the same result. The Shortcuts to everything disappear, but after that nothing happens.
  • 0

#29
heir
Posted 24 July 2009 - 01:34 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Make sure that you only copy the content inside the code box (starting with :OTL and ending with [reboot]

Have you done that?
If not, do that.
  • 0

#30
Master Spade
Posted 24 July 2009 - 01:37 PM

Master Spade

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I tried it like that, but I'll try it again right now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP