Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Symantec Antivirus won't run a scan and mouse double clicks


  • Please log in to reply

#1
Kane.D

Kane.D

    Member

  • Member
  • PipPip
  • 58 posts
Okay this pc is used by my family and for awhile now it has had problems with not being able to run the antivirus scan every time they try it stops and says stopped by user. The mouse double clicks as well even if you just click once making it troublesome to do work.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4290

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-07-07 18:51:09
mbam-log-2010-07-07 (18-51-09).txt

Scan type: Quick scan
Objects scanned: 134110
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-07 20:01:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Mark\LOCALS~1\Temp\kxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF5D16950]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF8007360, 0x24BB1D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\Washer\WasherSvc.exe[288] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2228] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0008F31D C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer Client Executable/Webroot Software, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\FrontPage.Application@ Microsoft FrontPage Application
Reg HKLM\SOFTWARE\Classes\FrontPage.Application\CLSID
Reg HKLM\SOFTWARE\Classes\FrontPage.Application\CLSID@ {04DF1015-7007-11D1-83BC-006097ABE675}
Reg HKLM\SOFTWARE\Classes\FrontPage.Application\CurVer
Reg HKLM\SOFTWARE\Classes\FrontPage.Application\CurVer@ FrontPage.Application.4

---- EOF - GMER 1.0.15 ----




OTL logfile created on: 2010-07-07 20:03:58 - Run 1
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format: yyyy-MM-dd

511.00 Mb Total Physical Memory | 208.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.75 Gb Free Space | 36.91% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK-0
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-07-07 20:01:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
PRC - [2010-05-21 22:10:16 | 002,017,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010-03-26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-04-13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-11-26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007-11-26 15:47:30 | 001,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2007-03-19 08:58:47 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxctcoms.exe
PRC - [2007-03-19 08:58:20 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5400 Series\ezprint.exe
PRC - [2007-03-19 08:58:17 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
PRC - [2006-09-01 11:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006-05-15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2002-07-30 11:36:00 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2002-07-30 11:35:04 | 000,077,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2002-04-12 05:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001-12-13 05:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe
PRC - [2001-08-17 18:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010-07-07 20:01:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
MOD - [2010-04-01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008-04-13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\004422~1.EXE -- (0044221272328183mcinstcleanup) McAfee Application Installer Cleanup (0044221272328183)
SRV - [2010-03-26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007-11-26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007-03-19 08:58:47 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxctcoms.exe -- (lxct_device)
SRV - [2006-05-15 18:24:33 | 002,086,592 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006-05-15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005-08-30 15:00:50 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005-08-30 14:55:18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005-08-30 14:49:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2002-07-30 11:40:44 | 000,573,440 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002-07-30 11:36:00 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2002-04-12 05:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\PsSdk23.drv -- (PSSdk23)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Lvckap.sys -- (Lvckap)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-05-28 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100528.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-05-28 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100528.002\NAVENG.SYS -- (NAVENG)
DRV - [2010-05-21 22:10:16 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-04-01 17:59:44 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010-04-01 17:59:44 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008-04-13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008-04-13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008-04-13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007-07-19 00:44:02 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-07-19 00:39:16 | 001,278,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006-10-22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-10-06 17:34:14 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005-04-25 12:10:20 | 000,033,538 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2003-09-25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003-03-14 05:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2002-06-19 20:57:14 | 000,029,184 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2002-06-19 20:57:12 | 000,218,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2001-08-17 15:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001-08-17 15:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001-08-17 15:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001-08-17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001-08-17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001-08-17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001-08-17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001-08-17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001-01-02 23:53:30 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xbreader.sys -- (xbreader) MaxDrive XBox Driver (xbreader.sys)
DRV - [1999-09-10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {27a03cf3-856f-46b8-91cb-7289f58c7e6e}:1.314
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.99

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010-06-04 20:38:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-07 15:35:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-07 15:35:10 | 000,000,000 | ---D | M]

[2008-10-21 07:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
[2010-07-07 18:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions
[2010-07-07 15:29:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2008-10-21 07:26:00 | 000,000,000 | ---D | M] (Finjan Secure Browsing) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{27a03cf3-856f-46b8-91cb-7289f58c7e6e}
[2010-07-07 18:23:14 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010-07-07 15:29:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010-07-07 15:29:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2008-04-12 03:37:03 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2010-07-07 18:22:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-07-07 15:29:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010-07-07 18:21:36 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010-07-07 15:29:35 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}(2)
[2009-12-25 13:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\[email protected]
[2008-04-13 19:33:45 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\searchplugins\siteadvisor.xml
[2010-07-07 18:22:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-11-28 16:55:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-04-25 23:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-04-25 23:58:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008-10-22 15:01:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by140fd.bay14...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} http://swgbetareg.st.../soesysinfo.cab (SOESysInfo Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (hsaahdv.exe) - File not found
O20 - HKLM Winlogon: UserInit - (ddjfihw.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010-07-07 20:01:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2010-07-07 18:31:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-07-07 18:31:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-07-07 18:30:52 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark\Desktop\mbam-setup.exe
[2010-07-07 18:30:15 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\TFC.exe
[2010-07-05 18:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-07-05 17:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-04-15 09:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2008-01-21 20:18:49 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2008-01-21 20:18:49 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCThcp.dll
[2008-01-21 20:18:48 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2008-01-21 20:18:47 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2008-01-21 20:18:47 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2008-01-21 20:18:47 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2008-01-21 20:18:46 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2008-01-21 20:18:46 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2008-01-21 20:18:46 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2008-01-21 20:18:44 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2008-01-21 20:18:42 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2008-01-21 20:18:42 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-07-07 20:01:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2010-07-07 18:55:06 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-07-07 18:55:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-07 18:53:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-07 18:53:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-07 18:52:20 | 007,856,128 | ---- | M] () -- C:\Documents and Settings\Mark\ntuser.dat
[2010-07-07 18:52:20 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mark\ntuser.ini
[2010-07-07 18:52:13 | 006,389,182 | -H-- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\IconCache.db
[2010-07-07 18:31:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-07-07 18:30:58 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark\Desktop\mbam-setup.exe
[2010-07-07 18:30:16 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\TFC.exe
[2010-07-07 15:37:39 | 000,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-07-07 13:53:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-06-27 23:05:17 | 000,060,702 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\17869_292487092188_525562188_4522587_3814356_n.jpg
[2010-06-23 03:09:00 | 000,441,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-23 03:09:00 | 000,071,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-13 23:17:40 | 000,321,876 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Phase Three.mht
[2010-06-13 23:15:54 | 000,139,400 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Food List for Phase 2.mht
[2010-06-13 23:15:12 | 000,132,623 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Food List for Phase 1.mht
[2010-06-13 22:29:02 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\Benifits of Speaking In Tongues!.doc
[2010-06-12 03:26:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-05-31 19:35:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-05-09 16:42:44 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-25 04:07:57 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Name Jacob Ryan Church.doc
[2010-04-22 22:56:07 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\Name Jacob Ryan Church.doc
[2010-04-21 05:58:11 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\In House Dog Training Contract.doc
[2010-04-14 22:44:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\index.html
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-07 18:31:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-06-27 23:05:14 | 000,060,702 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\17869_292487092188_525562188_4522587_3814356_n.jpg
[2010-06-13 23:17:40 | 000,321,876 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Phase Three.mht
[2010-06-13 23:15:53 | 000,139,400 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Food List for Phase 2.mht
[2010-06-13 23:15:09 | 000,132,623 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Food List for Phase 1.mht
[2010-06-01 10:43:26 | 007,856,128 | ---- | C] () -- C:\Documents and Settings\Mark\ntuser.dat
[2010-04-22 22:58:22 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Name Jacob Ryan Church.doc
[2010-04-21 19:45:14 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\Name Jacob Ryan Church.doc
[2010-04-14 22:44:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\index.html
[2010-04-13 15:10:35 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\In House Dog Training Contract.doc
[2008-07-20 14:52:30 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008-02-11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008-02-11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008-02-08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008-01-21 20:29:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2008-01-21 20:29:10 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2008-01-21 20:28:27 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2008-01-21 20:28:27 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2008-01-21 20:28:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2008-01-21 20:27:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2008-01-21 20:27:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2008-01-21 20:18:49 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2008-01-21 20:18:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2008-01-09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007-12-29 20:14:23 | 000,000,084 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007-08-13 17:33:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007-07-27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007-07-27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007-07-20 17:38:46 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007-07-20 17:38:45 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007-07-20 17:38:45 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007-07-20 17:38:45 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007-07-18 23:54:18 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007-07-14 06:45:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2007-07-14 06:37:16 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ampl32.ini
[2007-04-28 11:58:25 | 000,000,519 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007-04-07 20:17:06 | 000,000,051 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007-03-12 16:44:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006-10-22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006-10-07 13:14:28 | 000,001,005 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006-10-07 11:51:20 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-10-06 18:23:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006-06-16 00:34:30 | 000,000,214 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2006-03-08 16:12:23 | 000,000,480 | ---- | C] () -- C:\WINDOWS\ytite.dll
[2006-03-08 14:34:56 | 000,000,611 | ---- | C] () -- C:\WINDOWS\fijyn.dll
[2006-03-06 18:03:50 | 000,000,059 | ---- | C] () -- C:\WINDOWS\XUnleashed.ini
[2005-12-29 15:54:59 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005-12-05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005-12-05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005-08-11 16:57:53 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005-07-30 01:51:14 | 000,009,738 | ---- | C] () -- C:\WINDOWS\cfgmgr52.ini
[2005-07-30 01:27:18 | 000,000,045 | ---- | C] () -- C:\WINDOWS\AHDDGIN.ini
[2004-12-14 11:20:59 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2004-12-14 11:20:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2004-12-14 11:20:59 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2004-12-14 11:20:31 | 000,002,188 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2004-09-22 23:35:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003-07-28 15:19:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003-07-28 15:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002-09-05 16:12:26 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\X3Dview.dll
[2002-07-30 11:33:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[1999-07-23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999-07-23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999-01-27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999-01-22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997-06-13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008-01-21 20:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2006-10-06 17:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007-05-15 16:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2006-10-10 18:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007-07-20 00:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008-02-12 07:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2006-03-04 17:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009-07-12 17:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008-07-28 16:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2007-02-09 18:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006-11-02 18:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2009-03-02 13:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\5400 Series
[2005-12-28 11:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Aim
[2009-08-27 15:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\ICAClient
[2009-11-21 14:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\MoveFab
[2008-05-08 11:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\MP3Rocket
[2006-11-02 18:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\MSNInstaller
[2006-11-02 18:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Seven Zip
[2008-02-12 19:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Sony
[2010-02-23 03:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\SystemRequirementsLab
[2006-03-06 02:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Ulead Systems
[2009-08-16 13:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Vso
[2010-01-02 00:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\W Photo Studio
[2008-07-28 16:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\W Photo Studio Viewer
[2008-07-28 16:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Walgreens
[2010-07-07 13:53:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009-07-16 09:11:03 | 000,005,754 | ---- | M] () -- C:\aaw7boot.log
[2007-09-20 05:56:24 | 002,066,944 | ---- | M] () -- C:\AppleSoftwareUpdate.msi
[2005-08-03 11:24:28 | 001,852,554 | RHS- | M] () -- C:\avg7db_f.dat.install_backup
[2005-08-03 10:41:13 | 012,283,633 | ---- | M] () -- C:\avg7qt.dat.install_backup
[2007-07-20 17:43:12 | 000,015,970 | ---- | M] () -- C:\avi_log.txt
[2006-10-06 17:12:52 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2008-10-21 13:11:06 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004-12-17 02:08:02 | 000,033,280 | ---- | M] () -- C:\chapter_8_section_1.doc
[2004-08-03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2004-09-21 13:21:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-08-16 12:47:29 | 012,709,616 | ---- | M] (Fengtao Software Inc. ) -- C:\DVDFab6040.exe
[2007-07-20 00:35:03 | 000,018,224 | ---- | M] () -- C:\dvdfabexpress_burn.log
[2008-03-08 15:07:55 | 000,038,171 | ---- | M] () -- C:\dvdfab_burn.log
[2009-03-02 13:15:09 | 000,000,000 | ---- | M] () -- C:\faxendPdoc.log
[2005-06-20 04:03:34 | 000,000,185 | ---- | M] () -- C:\Install.log
[2004-09-21 13:21:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005-12-24 17:07:40 | 000,000,497 | -H-- | M] () -- C:\IPH.PH
[2008-10-24 10:28:38 | 000,009,267 | ---- | M] () -- C:\JavaRa.log
[2006-10-12 17:24:00 | 000,001,415 | ---- | M] () -- C:\log.txt
[2007-07-29 17:51:18 | 000,002,371 | ---- | M] () -- C:\logfile
[2010-04-01 04:55:22 | 000,000,147 | ---- | M] () -- C:\lxct.log
[2004-09-21 13:21:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-08-08 11:10:31 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010-07-07 18:53:35 | 803,753,984 | -HS- | M] () -- C:\pagefile.sys
[2006-10-06 17:34:15 | 000,016,846 | ---- | M] () -- C:\PkgClnup.log
[2004-09-25 14:21:46 | 006,811,656 | ---- | M] (Adobe Systems, Inc. ) -- C:\psa201se_us.exe
[2007-07-20 00:48:51 | 000,000,056 | -HS- | M] () -- C:\redir.sys
[2005-10-13 08:52:02 | 000,002,292 | ---- | M] () -- C:\Rescued document.txt
[2004-12-17 02:08:43 | 000,020,992 | ---- | M] () -- C:\Science is an organized way of using evidence to learn about the natural world.doc
[2006-03-16 16:38:55 | 000,000,367 | ---- | M] () -- C:\session.log
[2008-01-29 03:41:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008-01-29 03:42:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008-01-29 03:43:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008-01-30 09:17:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008-01-30 22:06:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008-01-31 07:34:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008-01-31 07:34:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008-01-31 07:34:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2008-02-01 10:59:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008-02-01 11:00:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2008-02-01 11:00:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008-02-01 11:04:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008-02-02 10:51:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008-02-02 10:51:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008-02-02 10:55:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008-02-02 10:56:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008-02-02 10:56:33 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008-01-29 03:38:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008-01-29 03:39:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008-01-29 03:40:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008-01-29 03:41:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008-01-29 03:42:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008-01-29 03:43:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008-01-30 09:17:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008-01-30 22:06:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008-01-31 07:34:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008-01-31 07:34:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008-01-31 07:34:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008-02-01 10:59:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008-02-01 11:00:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008-02-01 11:00:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008-02-01 11:04:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008-02-02 10:51:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008-02-02 10:51:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008-02-02 10:55:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008-02-02 10:56:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008-02-02 10:56:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008-01-29 03:38:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008-01-29 03:39:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008-01-29 03:40:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005-08-06 04:02:34 | 000,000,104 | ---- | M] () -- C:\stats.mst
[2005-03-29 11:20:00 | 000,028,160 | ---- | M] () -- C:\student_notes_for_chapter_18.doc
[2004-09-25 14:12:17 | 000,016,095 | ---- | M] () -- C:\Webapp.pdf
[2007-01-24 22:53:54 | 000,000,150 | ---- | M] () -- C:\YServer.txt
[2006-10-06 17:44:14 | 000,023,499 | -H-- | M] () -- C:\_NavCClt.Log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004-09-21 13:21:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003-05-15 05:00:00 | 000,027,309 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll
[2008-07-06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-01-17 21:25:06 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxctdrpp.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2002-09-05 16:12:26 | 000,122,880 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\X3Dview.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004-09-21 05:52:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004-09-21 05:52:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004-09-21 05:52:06 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008-04-13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008-04-13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008-04-13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-26 07:00:42

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Mark\Desktop\iTunesSetup.exe:SummaryInformation
< End of report >


OTL Extras logfile created on: 2010-07-07 20:03:58 - Run 1
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format: yyyy-MM-dd

511.00 Mb Total Physical Memory | 208.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.75 Gb Free Space | 36.91% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK-0
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1128724321\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1128724321\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Common Files\AOL\1128780009\ee\aolservicehost.exe" = C:\Program Files\Common Files\AOL\1128780009\ee\aolservicehost.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe" = C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\Sony\Station\Launchpad\_aunchPad.exe" = C:\Program Files\Sony\Station\Launchpad\_aunchPad.exe:*:Enabled:_aunchPad -- ()
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\MP3 Rocket\MP3Rocket.exe" = C:\Program Files\MP3 Rocket\MP3Rocket.exe:*:Enabled:MP3 Rocket 4.9.7 -- ()
"C:\Program Files\MP3 Rocket\MP3Rocket_on_startup.exe" = C:\Program Files\MP3 Rocket\MP3Rocket_on_startup.exe:*:Disabled:MP3 Rocket (silent) -- ()
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe" = C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher -- (MAIET entertainment)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Documents and Settings\Mark\Local Settings\temp\RarSFX0\Setup.exe" = C:\Documents and Settings\Mark\Local Settings\temp\RarSFX0\Setup.exe:*:Enabled:Setup -- File not found
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}" = Backup Dell-Installed Programs
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63391350-41D4-4181-9D68-038777020C38}" = System Requirements Lab
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34E19B2-F4D4-4C1F-A565-BA92627178D8}" = Sony Media Manager 2.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC53BB56-FBB5-47BE-B342-E43CC83C0ECF}" = Sony Vegas 6.0c
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"6th" = Algebra 1 6.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"AviSynth" = AviSynth 2.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"EsetOnlineScanner" = ESET Online Scanner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"Lexmark 5400 Series" = Lexmark 5400 Series
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"MP3 Rocket" = MP3 Rocket
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SystemRequirementsLab" = System Requirements Lab
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GCalc 3" = GCalc 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-07-07 15:51:47 | Computer Name = MARK-0 | Source = Application Error | ID = 1000
Description = Faulting application vpc32.exe, version 8.0.0.9374, faulting module
webshell.dll, version 8.0.0.9374, fault address 0x0000168d.

Error - 2010-07-07 15:51:56 | Computer Name = MARK-0 | Source = Application Error | ID = 1001
Description = Fault bucket 20858171.

Error - 2010-07-07 16:01:53 | Computer Name = MARK-0 | Source = Application Error | ID = 1000
Description = Faulting application vpc32.exe, version 8.0.0.9374, faulting module
webshell.dll, version 8.0.0.9374, fault address 0x0000168d.

Error - 2010-07-07 16:02:18 | Computer Name = MARK-0 | Source = Application Error | ID = 1000
Description = Faulting application vpc32.exe, version 8.0.0.9374, faulting module
webshell.dll, version 8.0.0.9374, fault address 0x0000168d.

Error - 2010-07-07 16:05:52 | Computer Name = MARK-0 | Source = Application Error | ID = 1000
Description = Faulting application vpc32.exe, version 8.0.0.9374, faulting module
webshell.dll, version 8.0.0.9374, fault address 0x0000168d.

Error - 2010-07-07 16:06:54 | Computer Name = MARK-0 | Source = Application Error | ID = 1000
Description = Faulting application vpc32.exe, version 8.0.0.9374, faulting module
webshell.dll, version 8.0.0.9374, fault address 0x0000168d.

Error - 2010-07-07 16:08:04 | Computer Name = MARK-0 | Source = Application Error | ID = 1000
Description = Faulting application vpc32.exe, version 8.0.0.9374, faulting module
webshell.dll, version 8.0.0.9374, fault address 0x0000168d.

Error - 2010-07-07 16:08:06 | Computer Name = MARK-0 | Source = Application Error | ID = 1001
Description = Fault bucket 20858171.

Error - 2010-07-07 18:36:30 | Computer Name = MARK-0 | Source = Norton AntiVirus | ID = 16711694
Description = Symantec AntiVirus services failed to start. Virus definition file
is invalid. (CC001000)

Error - 2010-07-07 18:54:02 | Computer Name = MARK-0 | Source = Norton AntiVirus | ID = 16711694
Description = Symantec AntiVirus services failed to start. Virus definition file
is invalid. (CC001000)

[ System Events ]
Error - 2010-07-07 18:32:43 | Computer Name = MARK-0 | Source = Service Control Manager | ID = 7034
Description = The DefWatch service terminated unexpectedly. It has done this 1
time(s).

Error - 2010-07-07 18:32:43 | Computer Name = MARK-0 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2010-07-07 18:32:44 | Computer Name = MARK-0 | Source = Service Control Manager | ID = 7034
Description = The lxct_device service terminated unexpectedly. It has done this
1 time(s).

Error - 2010-07-07 18:32:44 | Computer Name = MARK-0 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2010-07-07 18:32:44 | Computer Name = MARK-0 | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2010-07-07 18:32:44 | Computer Name = MARK-0 | Source = Service Control Manager | ID = 7034
Description = The Window Washer Engine service terminated unexpectedly. It has
done this 1 time(s).

Error - 2010-07-07 18:36:35 | Computer Name = MARK-0 | Source = Service Control Manager | ID = 7023
Description = The Symantec AntiVirus Client service terminated with the following
error: %%10

Error - 2010-07-07 18:36:38 | Computer Name = MARK-0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep Lbd

Error - 2010-07-07 18:54:06 | Computer Name = MARK-0 | Source = Service Control Manager | ID = 7023
Description = The Symantec AntiVirus Client service terminated with the following
error: %%10

Error - 2010-07-07 18:54:07 | Computer Name = MARK-0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep Lbd


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Rerun Malwarebytes' Anti-Malware as before but this time don't forget to:

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected. <==You skipped this step!!!


Copy the text between the lines of stars by highlighting and Ctrl + c
********************************************************************************

:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\004422~1.EXE -- (0044221272328183mcinstcleanup) McAfee Application Installer Cleanup (0044221272328183)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\PsSdk23.drv -- (PSSdk23)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Lvckap.sys -- (Lvckap)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
O20 - HKLM Winlogon: UserInit - (hsaahdv.exe) - File not found
O20 - HKLM Winlogon: UserInit - (ddjfihw.exe) - File not found

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Start >All Programs> Accessories> Command Prompt. Copythe following bolded command, then right click and Paste then hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Your event logs are showing a lot of these:

"Error - 2010-07-07 15:51:47 | Computer Name = MARK-0 | Source = Application Error | ID = 1000
Description = Faulting application vpc32.exe, version 8.0.0.9374, faulting module
webshell.dll, version 8.0.0.9374, fault address 0x0000168d."

Which appears to be the bug reported here:
http://service1.syma...004031612511348


Ron

Edited by RKinner, 09 July 2010 - 12:55 AM.

  • 0

#3
Kane.D

Kane.D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hey Ron thanks for the quick reply here are the logs


OTL logfile created on: 2010-07-09 05:18:07 - Run 2
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format: yyyy-MM-dd

511.00 Mb Total Physical Memory | 246.00 Mb Available Physical Memory | 48.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.27 Gb Free Space | 35.62% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK-0
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-07-07 20:01:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
PRC - [2010-03-26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008-04-13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-11-26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007-11-26 15:47:30 | 001,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2007-03-19 08:58:47 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxctcoms.exe
PRC - [2007-03-19 08:58:20 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5400 Series\ezprint.exe
PRC - [2007-03-19 08:58:17 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
PRC - [2006-09-01 11:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006-05-15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2002-07-30 11:36:00 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2002-07-30 11:35:04 | 000,077,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2002-04-12 05:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001-12-13 05:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe
PRC - [2001-08-17 18:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010-07-07 20:01:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
MOD - [2008-04-13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\004422~1.EXE -- (0044221272328183mcinstcleanup) McAfee Application Installer Cleanup (0044221272328183)
SRV - [2010-03-26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007-11-26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007-03-19 08:58:47 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxctcoms.exe -- (lxct_device)
SRV - [2006-05-15 18:24:33 | 002,086,592 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006-05-15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005-08-30 15:00:50 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005-08-30 14:55:18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005-08-30 14:49:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2002-07-30 11:40:44 | 000,573,440 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002-07-30 11:36:00 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2002-04-12 05:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2010-05-28 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100528.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-05-28 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100528.002\NAVENG.SYS -- (NAVENG)
DRV - [2010-05-21 22:10:16 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-04-01 17:59:44 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010-04-01 17:59:44 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008-04-13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008-04-13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008-04-13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007-07-19 00:44:02 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-07-19 00:39:16 | 001,278,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006-10-22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-10-06 17:34:14 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005-04-25 12:10:20 | 000,033,538 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2003-09-25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003-03-14 05:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2002-06-19 20:57:14 | 000,029,184 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2002-06-19 20:57:12 | 000,218,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2001-08-17 15:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001-08-17 15:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001-08-17 15:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001-08-17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001-08-17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001-08-17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001-08-17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001-08-17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001-01-02 23:53:30 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xbreader.sys -- (xbreader) MaxDrive XBox Driver (xbreader.sys)
DRV - [1999-09-10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {27a03cf3-856f-46b8-91cb-7289f58c7e6e}:1.314
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.99

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010-06-04 20:38:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-08 11:46:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-08 11:46:26 | 000,000,000 | ---D | M]

[2008-10-21 07:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
[2010-07-07 21:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions
[2010-07-07 15:29:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2008-10-21 07:26:00 | 000,000,000 | ---D | M] (Finjan Secure Browsing) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{27a03cf3-856f-46b8-91cb-7289f58c7e6e}
[2010-07-07 18:23:14 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010-07-07 15:29:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010-07-07 15:29:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2008-04-12 03:37:03 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2010-07-07 18:22:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-07-07 15:29:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010-07-07 18:21:36 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010-07-07 15:29:35 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}(2)
[2009-12-25 13:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\[email protected]
[2008-04-13 19:33:45 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\searchplugins\siteadvisor.xml
[2010-07-07 21:44:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-11-28 16:55:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-04-25 23:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-04-25 23:58:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008-10-22 15:01:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by140fd.bay14...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} http://swgbetareg.st.../soesysinfo.cab (SOESysInfo Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010-07-09 05:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\vtexts
[2010-07-09 05:13:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-07-09 05:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-07-09 05:09:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Mark\Desktop\erunt_setup.exe
[2010-07-07 20:01:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2010-07-07 18:31:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-07-07 18:31:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-07-07 18:30:52 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark\Desktop\mbam-setup.exe
[2010-07-07 18:30:15 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\TFC.exe
[2010-07-05 18:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-07-05 17:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-04-15 09:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2008-01-21 20:18:49 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2008-01-21 20:18:49 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCThcp.dll
[2008-01-21 20:18:48 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2008-01-21 20:18:47 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2008-01-21 20:18:47 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2008-01-21 20:18:47 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2008-01-21 20:18:46 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2008-01-21 20:18:46 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2008-01-21 20:18:46 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2008-01-21 20:18:44 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2008-01-21 20:18:42 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2008-01-21 20:18:42 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-07-09 05:16:29 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-07-09 05:16:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-09 05:15:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-09 05:15:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-09 05:14:10 | 007,856,128 | ---- | M] () -- C:\Documents and Settings\Mark\ntuser.dat
[2010-07-09 05:14:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mark\ntuser.ini
[2010-07-09 05:10:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\NTREGOPT.lnk
[2010-07-09 05:10:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\ERUNT.lnk
[2010-07-09 05:09:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Mark\Desktop\erunt_setup.exe
[2010-07-09 04:53:43 | 006,389,382 | -H-- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\IconCache.db
[2010-07-08 03:49:11 | 000,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-07-08 03:32:00 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-07-08 03:26:47 | 000,545,306 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-08 03:26:47 | 000,471,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-08 03:26:47 | 000,083,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-07 20:01:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2010-07-07 18:31:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-07-07 18:30:58 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark\Desktop\mbam-setup.exe
[2010-07-07 18:30:16 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\TFC.exe
[2010-07-07 13:53:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-06-27 23:05:17 | 000,060,702 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\17869_292487092188_525562188_4522587_3814356_n.jpg
[2010-06-13 23:17:40 | 000,321,876 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Phase Three.mht
[2010-06-13 23:15:54 | 000,139,400 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Food List for Phase 2.mht
[2010-06-13 23:15:12 | 000,132,623 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Food List for Phase 1.mht
[2010-06-13 22:29:02 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\Benifits of Speaking In Tongues!.doc
[2010-05-31 19:35:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-05-09 16:42:44 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-25 04:07:57 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Name Jacob Ryan Church.doc
[2010-04-22 22:56:07 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\Name Jacob Ryan Church.doc
[2010-04-21 05:58:11 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\In House Dog Training Contract.doc
[2010-04-14 22:44:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\index.html
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-09 05:10:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\NTREGOPT.lnk
[2010-07-09 05:10:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\ERUNT.lnk
[2010-07-07 18:31:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-06-27 23:05:14 | 000,060,702 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\17869_292487092188_525562188_4522587_3814356_n.jpg
[2010-06-13 23:17:40 | 000,321,876 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Phase Three.mht
[2010-06-13 23:15:53 | 000,139,400 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Food List for Phase 2.mht
[2010-06-13 23:15:09 | 000,132,623 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\South Beach Diet Food List for Phase 1.mht
[2010-06-01 10:43:26 | 007,856,128 | ---- | C] () -- C:\Documents and Settings\Mark\ntuser.dat
[2010-04-22 22:58:22 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Name Jacob Ryan Church.doc
[2010-04-21 19:45:14 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\Name Jacob Ryan Church.doc
[2010-04-14 22:44:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\index.html
[2010-04-13 15:10:35 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\In House Dog Training Contract.doc
[2008-07-20 14:52:30 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008-02-11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008-02-11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008-02-08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008-01-21 20:29:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2008-01-21 20:29:10 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2008-01-21 20:28:27 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2008-01-21 20:28:27 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2008-01-21 20:28:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2008-01-21 20:27:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2008-01-21 20:27:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2008-01-21 20:18:49 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2008-01-21 20:18:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2008-01-09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007-12-29 20:14:23 | 000,000,084 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007-08-13 17:33:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007-07-27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007-07-27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007-07-20 17:38:46 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007-07-20 17:38:45 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007-07-20 17:38:45 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007-07-20 17:38:45 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007-07-18 23:54:18 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007-07-14 06:45:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2007-07-14 06:37:16 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ampl32.ini
[2007-04-28 11:58:25 | 000,000,519 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007-04-07 20:17:06 | 000,000,051 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007-03-12 16:44:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006-10-22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006-10-07 13:14:28 | 000,001,005 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006-10-07 11:51:20 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-10-06 18:23:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006-06-16 00:34:30 | 000,000,214 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2006-03-08 16:12:23 | 000,000,480 | ---- | C] () -- C:\WINDOWS\ytite.dll
[2006-03-08 14:34:56 | 000,000,611 | ---- | C] () -- C:\WINDOWS\fijyn.dll
[2006-03-06 18:03:50 | 000,000,059 | ---- | C] () -- C:\WINDOWS\XUnleashed.ini
[2005-12-29 15:54:59 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005-12-05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005-12-05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005-08-11 16:57:53 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005-07-30 01:51:14 | 000,009,738 | ---- | C] () -- C:\WINDOWS\cfgmgr52.ini
[2005-07-30 01:27:18 | 000,000,045 | ---- | C] () -- C:\WINDOWS\AHDDGIN.ini
[2004-12-14 11:20:59 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2004-12-14 11:20:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2004-12-14 11:20:59 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2004-12-14 11:20:31 | 000,002,188 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2004-09-22 23:35:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003-07-28 15:19:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003-07-28 15:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002-09-05 16:12:26 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\X3Dview.dll
[2002-07-30 11:33:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[1999-07-23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999-07-23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999-01-27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999-01-22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997-06-13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008-01-21 20:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2006-10-06 17:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007-05-15 16:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2006-10-10 18:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007-07-20 00:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008-02-12 07:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2006-03-04 17:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009-07-12 17:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008-07-28 16:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2007-02-09 18:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006-11-02 18:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2009-03-02 13:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\5400 Series
[2005-12-28 11:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Aim
[2009-08-27 15:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\ICAClient
[2009-11-21 14:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\MoveFab
[2008-05-08 11:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\MP3Rocket
[2006-11-02 18:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\MSNInstaller
[2006-11-02 18:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Seven Zip
[2008-02-12 19:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Sony
[2010-02-23 03:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\SystemRequirementsLab
[2006-03-06 02:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Ulead Systems
[2009-08-16 13:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Vso
[2010-01-02 00:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\W Photo Studio
[2008-07-28 16:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\W Photo Studio Viewer
[2008-07-28 16:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Walgreens
[2010-07-07 13:53:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Mark\Desktop\iTunesSetup.exe:SummaryInformation
< End of report >


ComboFix 10-07-08.02 - Mark 2010-07-09 5:59.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.172 [GMT -4:00]
Running from: c:\documents and settings\Mark\Desktop\george.exe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mark\Application Data\inst.exe
c:\documents and settings\Mark\g2mdlhlpx.exe
c:\windows\Fonts\acrsec.fon
c:\windows\patch.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-09 09:13 . 2010-07-09 09:13 -------- dc----w- C:\_OTL
2010-07-09 09:10 . 2010-07-09 09:10 -------- d-----w- c:\program files\ERUNT
2010-07-07 22:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 22:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 19:58 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-07 19:36 . 2010-07-07 19:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-05 22:34 . 2010-07-05 22:34 -------- d-----w- c:\program files\ESET
2010-07-05 21:05 . 2010-07-07 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 09:16 . 2008-01-22 00:30 -------- d-----w- c:\program files\Lx_cats
2010-07-07 19:35 . 2004-09-21 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-07 19:35 . 2009-06-16 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-31 23:35 . 2007-02-24 00:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-24 23:36 . 2010-05-24 23:36 503808 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32be4d61-n\msvcp71.dll
2010-05-24 23:36 . 2010-05-24 23:36 499712 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32be4d61-n\jmc.dll
2010-05-24 23:36 . 2010-05-24 23:36 61440 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-443b74ca-n\decora-sse.dll
2010-05-24 23:36 . 2010-05-24 23:36 348160 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32be4d61-n\msvcr71.dll
2010-05-24 23:36 . 2010-05-24 23:36 12800 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-443b74ca-n\decora-d3d.dll
2010-05-22 02:11 . 2010-05-04 01:12 63488 ----a-w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-22 02:11 . 2009-06-16 20:01 117760 ----a-w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-26 03:59 . 2010-04-26 03:59 61440 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-733434cb-n\decora-sse.dll
2010-04-26 03:59 . 2010-04-26 03:59 503808 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ae179fe-n\msvcp71.dll
2010-04-26 03:59 . 2010-04-26 03:59 499712 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ae179fe-n\jmc.dll
2010-04-26 03:59 . 2010-04-26 03:59 348160 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ae179fe-n\msvcr71.dll
2010-04-26 03:59 . 2010-04-26 03:59 12800 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-733434cb-n\decora-d3d.dll
2010-04-26 03:58 . 2010-04-26 03:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd(2).dll
2010-04-13 07:02 . 2010-04-15 13:45 922400 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\JRERunOnce.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-22 2017280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-2-9 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 23:06 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\_aunchPad.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket_on_startup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-05-26 68168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-31 93320]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-02-18 598856]
S2 0044221272328183mcinstcleanup;McAfee Application Installer Cleanup (0044221272328183);c:\windows\TEMP\004422~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\004422~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2004-12-14 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2003-03-14 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2004-12-14 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2004-12-14 10368]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 12872]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-01-02 19677]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://swgbetareg.station.sony.com/soesysinfo.cab
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe Photoshop 7.0.1 - c:\program files\Adobe\Photoshop 7.0\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 06:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-09 06:13:37
ComboFix-quarantined-files.txt 2010-07-09 10:13

Pre-Run: 14,174,826,496 bytes free
Post-Run: 14,147,973,120 bytes free

- - End Of File - - FB78299A3975E4F283BAFA6E8E6E1AB5




06:21:40:375 2980 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
06:21:40:375 2980 ================================================================================
06:21:40:375 2980 SystemInfo:

06:21:40:375 2980 OS Version: 5.1.2600 ServicePack: 3.0
06:21:40:375 2980 Product type: Workstation
06:21:40:375 2980 ComputerName: MARK-0
06:21:40:375 2980 UserName: Mark
06:21:40:375 2980 Windows directory: C:\WINDOWS
06:21:40:375 2980 System windows directory: C:\WINDOWS
06:21:40:375 2980 Processor architecture: Intel x86
06:21:40:375 2980 Number of processors: 1
06:21:40:375 2980 Page size: 0x1000
06:21:40:390 2980 Boot type: Normal boot
06:21:40:390 2980 ================================================================================
06:21:40:937 2980 Initialize success
06:21:40:937 2980
06:21:40:937 2980 Scanning Services ...
06:21:41:625 2980 Raw services enum returned 355 services
06:21:41:640 2980
06:21:41:640 2980 Scanning Drivers ...
06:21:44:000 2980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:21:44:109 2980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:21:44:250 2980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:21:44:359 2980 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
06:21:44:531 2980 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:21:45:343 2980 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
06:21:45:421 2980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:21:45:625 2980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:21:45:812 2980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:21:45:968 2980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:21:46:265 2980 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
06:21:46:359 2980 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
06:21:46:484 2980 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
06:21:46:625 2980 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
06:21:46:937 2980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:21:47:140 2980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:21:47:406 2980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:21:47:546 2980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:21:47:718 2980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:21:48:234 2980 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
06:21:48:625 2980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:21:48:828 2980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:21:49:015 2980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:21:49:156 2980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:21:49:281 2980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:21:49:375 2980 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
06:21:49:531 2980 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
06:21:49:828 2980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:21:50:031 2980 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
06:21:50:312 2980 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
06:21:50:500 2980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:21:50:656 2980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:21:50:812 2980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:21:50:968 2980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:21:51:171 2980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:21:51:343 2980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:21:51:609 2980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:21:51:953 2980 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
06:21:52:156 2980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:21:52:281 2980 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
06:21:52:562 2980 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
06:21:52:843 2980 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:21:53:328 2980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:21:53:859 2980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:21:54:031 2980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:21:54:265 2980 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:21:54:359 2980 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:21:54:531 2980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:21:54:734 2980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:21:54:937 2980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:21:55:734 2980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:21:56:250 2980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:21:56:390 2980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:21:56:625 2980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:21:56:796 2980 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
06:21:57:015 2980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:21:57:187 2980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:21:57:562 2980 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
06:21:57:765 2980 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
06:21:58:015 2980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:21:58:187 2980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:21:58:375 2980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:21:58:593 2980 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:21:58:765 2980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:21:59:062 2980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:21:59:234 2980 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:21:59:578 2980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:22:00:015 2980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:22:00:281 2980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:22:00:437 2980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:22:00:609 2980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:22:00:718 2980 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:22:00:921 2980 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
06:22:01:265 2980 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
06:22:01:515 2980 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:22:01:718 2980 NAVAP (70c4d2474833b6ef16342e5d33359ff6) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
06:22:02:125 2980 NAVAPEL (f81a56a1be2c0ea8c2ff320cd5dc9aad) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
06:22:02:234 2980 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100528.002\NAVENG.sys
06:22:02:718 2980 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100528.002\NAVEX15.sys
06:22:03:171 2980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:22:03:312 2980 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:22:03:656 2980 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:22:03:937 2980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:22:04:265 2980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:22:04:437 2980 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
06:22:04:578 2980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:22:04:765 2980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:22:04:875 2980 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
06:22:05:000 2980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:22:05:156 2980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:22:05:312 2980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:22:05:625 2980 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:22:06:046 2980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:22:06:218 2980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:22:06:406 2980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:22:06:781 2980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:22:06:968 2980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:22:07:078 2980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:22:07:281 2980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:22:07:453 2980 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
06:22:08:171 2980 PID_PEPI (3f96dcd4ac98c8e0d3c03c24fd49a2fe) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
06:22:08:359 2980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:22:08:546 2980 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
06:22:08:953 2980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:22:09:109 2980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:22:09:250 2980 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:22:10:109 2980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:22:10:234 2980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:22:10:359 2980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:22:10:562 2980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:22:10:828 2980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:22:10:984 2980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:22:11:093 2980 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
06:22:11:234 2980 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:22:11:375 2980 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
06:22:11:437 2980 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
06:22:11:484 2980 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
06:22:11:671 2980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:22:11:828 2980 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:22:12:000 2980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:22:12:125 2980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:22:12:296 2980 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
06:22:12:703 2980 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:22:13:109 2980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:22:13:312 2980 SQTECH905C (ef8bd02ad9110c17e0f0e6f9b1479ad5) C:\WINDOWS\system32\Drivers\Capt905c.sys
06:22:13:578 2980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:22:14:062 2980 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
06:22:14:578 2980 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:22:15:296 2980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:22:16:187 2980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:22:17:953 2980 SymEvent (275263f78ea934b98c16eb5749ff250d) C:\Program Files\Symantec\SYMEVENT.SYS
06:22:19:187 2980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:22:19:500 2980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:22:19:859 2980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:22:20:015 2980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:22:20:234 2980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:22:20:562 2980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:22:21:000 2980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:22:21:234 2980 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:22:21:421 2980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:22:21:562 2980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:22:21:781 2980 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:22:21:937 2980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:22:22:093 2980 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:22:22:265 2980 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:22:22:437 2980 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
06:22:22:625 2980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:22:23:000 2980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:22:23:156 2980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:22:23:500 2980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:22:23:687 2980 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:22:23:890 2980 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:22:24:093 2980 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:22:24:250 2980 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:22:24:421 2980 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys
06:22:24:421 2980
06:22:24:421 2980 Completed
06:22:24:421 2980
06:22:24:421 2980 Results:
06:22:24:421 2980 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
06:22:24:421 2980 File objects infected / cured / cured on reboot: 0 / 0 / 0
06:22:24:421 2980
06:22:24:437 2980 KLMD(ARK) unloaded successfully
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\WINDOWS\ytite.dll
C:\WINDOWS\fijyn.dll
c:\windows\TEMP\004422~1.EXE

Driver::
0044221272328183mcinstcleanup


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html

Copy and paste the report it gives you even if it says it found nothing.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Did the Norton article help any? Is your anti-virus a paid up subscription? Personally I don't like Norton. It's a resource hog and slows down your system. I prefer the free Avast. http://www.avast.com...avast-home.html IF you do uninstall Norton make sure you run the Norton Removal tool
http://service1.syma...005033108162039
before installing Avast.

Do you still have mouse problems? Have you tried a different mouse? There is a Mouse section in the Control Panel.
It usually has a Double Click speed adjustment setting. You might try setting it faster or slower. Make sure ClickLock is not checked.

It sometimes helps to right click on My Computer, select Manage then Device Manager. Find your mouse and right click and UNINSTALL then reboot. XP will reinstall it.

Ron
  • 0

#5
Kane.D

Kane.D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hey Ron here are the logs

oh and as for avastmy family is pretty stubborn about stuff like this they trust me enough to find people who can help us out but are slower to use programs like firefox or other anti virus programs lol but that will be up to me to get them to try a new program :)

as for the mouse it seems to be working fine now


ComboFix 10-07-08.02 - Mark 2010-07-09 20:18:54.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.192 [GMT -4:00]
Running from: c:\documents and settings\Mark\Desktop\george.exe.exe
Command switches used :: c:\documents and settings\Mark\Desktop\CFScript.txt

FILE ::
"c:\windows\fijyn.dll"
"c:\windows\TEMP\004422~1.EXE"
"c:\windows\ytite.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\fijyn.dll
c:\windows\ytite.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0044221272328183MCINSTCLEANUP
-------\Service_0044221272328183mcinstcleanup


((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-09 09:13 . 2010-07-09 09:13 -------- dc----w- C:\_OTL
2010-07-09 09:10 . 2010-07-09 09:10 -------- d-----w- c:\program files\ERUNT
2010-07-07 22:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 22:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 19:58 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-07 19:36 . 2010-07-07 19:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-05 22:34 . 2010-07-05 22:34 -------- d-----w- c:\program files\ESET
2010-07-05 21:05 . 2010-07-07 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 00:37 . 2008-01-22 00:30 -------- d-----w- c:\program files\Lx_cats
2010-07-07 19:35 . 2004-09-21 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-07 19:35 . 2009-06-16 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-31 23:35 . 2007-02-24 00:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-24 23:36 . 2010-05-24 23:36 503808 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32be4d61-n\msvcp71.dll
2010-05-24 23:36 . 2010-05-24 23:36 499712 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32be4d61-n\jmc.dll
2010-05-24 23:36 . 2010-05-24 23:36 61440 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-443b74ca-n\decora-sse.dll
2010-05-24 23:36 . 2010-05-24 23:36 348160 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32be4d61-n\msvcr71.dll
2010-05-24 23:36 . 2010-05-24 23:36 12800 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-443b74ca-n\decora-d3d.dll
2010-05-22 02:11 . 2010-05-04 01:12 63488 ----a-w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-22 02:11 . 2009-06-16 20:01 117760 ----a-w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-26 03:59 . 2010-04-26 03:59 61440 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-733434cb-n\decora-sse.dll
2010-04-26 03:59 . 2010-04-26 03:59 503808 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ae179fe-n\msvcp71.dll
2010-04-26 03:59 . 2010-04-26 03:59 499712 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ae179fe-n\jmc.dll
2010-04-26 03:59 . 2010-04-26 03:59 348160 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ae179fe-n\msvcr71.dll
2010-04-26 03:59 . 2010-04-26 03:59 12800 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-733434cb-n\decora-d3d.dll
2010-04-26 03:58 . 2010-04-26 03:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd(2).dll
2010-04-13 07:02 . 2010-04-15 13:45 922400 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\JRERunOnce.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----


---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-22 2017280]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-2-9 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 23:06 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\_aunchPad.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket_on_startup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-05-26 68168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-31 93320]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-02-18 598856]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2004-12-14 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2003-03-14 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2004-12-14 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2004-12-14 10368]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 12872]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-01-02 19677]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://swgbetareg.station.sony.com/soesysinfo.cab
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 20:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2010-07-09 20:50:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-10 00:50
ComboFix2.txt 2010-07-09 10:13

Pre-Run: 14,189,912,064 bytes free
Post-Run: 14,177,865,728 bytes free

- - End Of File - - FC0810B1BA5A6633B24E7A066EAAAD9E



QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Fri Jul 09 20:56:15 2010
Machine ID: 209F7160



No infection found.
-------------------



Processes
---------
<unsigned> brother Industries Ltd brss01a.exe 1268 C:\WINDOWS\system32\brss01a.exe
<unsigned> Norton AntiVirus 1912 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
<unsigned> SUPERAntiSpyware 2440 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<unsigned> Symantec AntiVirus 2144 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
<unsigned> WinZip 2616 C:\Program Files\WinZip\WZQKPICK.EXE

<verified> Creative Ring3 NT Inteface 2196 C:\WINDOWS\system32\devldr32.exe
<verified> Device Monitor 2288 C:\Program Files\Lexmark 5400 Series\lxctmon.exe
<verified> Firefox 1016 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Java™ Platform SE 6 U20 1936 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java™ Platform SE Auto Updater 2 0 2400 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Lexmark Fast Pics Application 2316 C:\Program Files\Lexmark 5400 Series\ezprint.exe
<verified> LiveUpdate 1876 C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
<verified> McAfee SiteAdvisor 1968 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
<verified> Microsoft® Windows® Operating System 3396 C:\WINDOWS\explorer.exe
<verified> Microsoft® Windows® Operating System 1200 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 524 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 604 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 3020 C:\WINDOWS\system32\notepad.exe
<verified> Microsoft® Windows® Operating System 3592 C:\WINDOWS\system32\NOTEPAD.EXE
<verified> Microsoft® Windows® Operating System 172 C:\WINDOWS\system32\rundll32.exe
<verified> Microsoft® Windows® Operating System 592 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 460 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1260 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1112 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 992 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 916 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 880 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 816 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 760 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1844 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 264 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 548 C:\WINDOWS\system32\winlogon.exe
<verified> NVIDIA Driver Helper Service, Version 9 212 C:\WINDOWS\system32\nvsvc32.exe
<verified> Printer Communication System 1956 C:\WINDOWS\system32\lxctcoms.exe
<verified> Window Washer 356 C:\Program Files\Webroot\Washer\WasherSvc.exe
<verified> Window Washer 2424 C:\Program Files\Webroot\Washer\wwDisp.exe
<verified> Windows Installer - Unicode 3232 C:\WINDOWS\system32\msiexec.exe


Network activity
----------------
Process firefox.exe (1016) connected on port 80 (HTTP) --> CRL.VERISIGN.NET
Process firefox.exe (1016) connected on port 80 (HTTP) --> CRL.VERISIGN.NET
Process firefox.exe (1016) connected on port 80 (HTTP) --> CRL.VERISIGN.NET

Process svchost.exe (816) listens on ports: 135 (RPC)
Process lxctcoms.exe (1956) listens on ports: 10001


Autoruns and critical files
---------------------------
<unsigned> Ahead Software Gmbh NeroCheck C:\WINDOWS\system32\NeroCheck.exe
<unsigned> NavLogon.dll C:\WINDOWS\system32\NavLogon.dll
<unsigned> nwiz.exe C:\WINDOWS\system32\nwiz.exe
<unsigned> SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
<unsigned> SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
<unsigned> Symantec AntiVirus C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
<unsigned> TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> WinZip C:\Program Files\WinZip\WZQKPICK.EXE

<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Device Monitor C:\Program Files\Lexmark 5400 Series\lxctmon.exe
<verified> Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Lexmark Connect C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll
<verified> Lexmark Fast Pics Application C:\Program Files\Lexmark 5400 Series\ezprint.exe
<verified> Lexmark Fax Solutions Software C:\Program Files\Lexmark 5400 Series\fm3032.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wpdshserviceobj.dll
<verified> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
<verified> NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
<verified> Window Washer C:\Program Files\Webroot\Washer\wwDisp.exe
<verified> Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> HGPlugin Dynamic Link Library C:\WINDOWS\Downloaded Program Files\HGPlugin9USA.dll
<unsigned> bdoscandel.exe C:\WINDOWS\bdoscandel.exe
<unsigned> bdscanonline C:\WINDOWS\Downloaded Program Files\oscan82.ocx
<unsigned> bdupd.dll C:\WINDOWS\Downloaded Program Files\bdupd.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> ipsupd.dll C:\WINDOWS\Downloaded Program Files\ipsupd.dll
<unsigned> MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
<unsigned> MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\PURen-us.dll
<unsigned> NHN CO. C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe
<unsigned> SOESysInfoServer Module C:\WINDOWS\Downloaded Program Files\soesysinfo.ocx
<unsigned> toolband.dll c:\program files\lexmark toolbar\toolband.dll

<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> BitDefender QuickScan C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
<verified> ECOM Loader C:\WINDOWS\Downloaded Program Files\ecmldr32.dll
<verified> ECOM Server C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
<verified> Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U20 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U20 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> McAfee SiteAdvisor c:\program files\mcafee\siteadvisor\mcieplg.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\System32\nwprovau.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> saSetup64.exe C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\saSetup64.exe
<verified> sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll
<verified> Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\naveng32.dll
<verified> Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\navex32a.dll
<verified> Symantec Security Check C:\WINDOWS\Downloaded Program Files\avsniff.dll
<verified> Symantec Security Check C:\WINDOWS\Downloaded Program Files\rufsi.dll
<verified> System Requirements Lab C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll
<verified> temp.exe C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\t4gi9ylk.default\temp.exe
<verified> TODO: <Product name> C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\DOCUME~1\Mark\LOCALS~1\Temp\mbr.sys
referenced in: HKLM\System\ControlSet001\services\mbr\"ImagePath"

File not found: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
referenced in: HLKM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0\"Path"

File not found: C:\WINDOWS\System32\appmgmts.dll
referenced in: HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: C:\george.exe\catchme.sys
referenced in: HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: system32\DRIVERS\LV302AV.SYS
referenced in: HKLM\System\ControlSet001\services\PID_08A0\"ImagePath"


Scan
----
<unsigned> MD5: 031ccdff85a57172f3402cb99b3e9d46 C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
<unsigned> MD5: 2786afc6ab1f04d7600228e39df2e186 C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
<unsigned> MD5: 11ab72d5d603db401c190b454fb935a7 C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
<unsigned> MD5: 6f95324909b502e2651442c1548ab12f C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
<unsigned> MD5: fb29c32afa6f1fa887764323f06711d0 C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
<unsigned> MD5: f61e92a1e27044053e124f9f3be18514 C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
<unsigned> MD5: 6f5fe741900108660dedcc704b7191cf C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: 1235d69d18bd6d9f609d18d24cad1d0d C:\Program Files\Lexmark 5400 Series\customui.dll
<unsigned> MD5: aaab57f15a85d8558364313c3094a90c C:\Program Files\Lexmark 5400 Series\epfunct.dll
<unsigned> MD5: 878ddc3da79cb35d6fb2c7f9ca69c3cf C:\Program Files\Lexmark 5400 Series\epoemdll.dll
<unsigned> MD5: d762bbca97a2c4dea554c7b5932d6674 C:\Program Files\Lexmark 5400 Series\epstring.dll
<unsigned> MD5: 1c9201a4240a3e7dc0550e89fa121993 C:\Program Files\Lexmark 5400 Series\eputil.dll
<unsigned> MD5: 1be0673731b24086f6caff05116f2403 C:\Program Files\Lexmark 5400 Series\epwizard.dll
<unsigned> MD5: 2f0cf590ca6b2016fb3722c43add34d8 C:\Program Files\Lexmark 5400 Series\epwizres.dll
<unsigned> MD5: 8040f9e0ea9a1f8d0c26501ae0a70c02 C:\Program Files\Lexmark 5400 Series\fxctrstr.dll
<unsigned> MD5: f832937debc8d11c07022bd3553b592c C:\Program Files\Lexmark 5400 Series\imagutil.dll
<unsigned> MD5: 9277b739471efc2ef582ab6041a5c212 C:\Program Files\Lexmark 5400 Series\ipcmt.dll
<unsigned> MD5: 8dd67cf25d251c9c9abbd024824fa485 C:\Program Files\Lexmark 5400 Series\iptk.dll
<unsigned> MD5: 71036317066b096e54c7e35d752ed257 C:\Program Files\Lexmark 5400 Series\ltdis13n.dll
<unsigned> MD5: 01f364a36f228ee8387e073a2f2f9ebe C:\Program Files\Lexmark 5400 Series\ltefx13n.dll
<unsigned> MD5: 69945a86c2eb4793c77fd6a4e22f99a5 C:\Program Files\Lexmark 5400 Series\ltfil13n.dll
<unsigned> MD5: 58f24fc7b0b8acc470b18be400ee8e40 C:\Program Files\Lexmark 5400 Series\ltimg13n.dll
<unsigned> MD5: 4f38da02009d830ca4770b28390c5f0b C:\Program Files\Lexmark 5400 Series\ltkrn13n.dll
<unsigned> MD5: ecb8f2840cc6f7087a72a8444a15b3ed C:\Program Files\Lexmark 5400 Series\ltwvc13n.dll
<unsigned> MD5: 37d8099ccfc5611c25067f42ac79b168 C:\Program Files\Lexmark 5400 Series\lxctmonr.dll
<unsigned> MD5: ba70071f2444a8253a4966b5b113740c C:\Program Files\Lexmark 5400 Series\lxctscw.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Lexmark 5400 Series\msvcr71.dll
<unsigned> MD5: c10d6a7784e12bf0be4799f675f614c2 C:\Program Files\Lexmark 5400 Series\pdflib.dll
<unsigned> MD5: 24f3a4f9f5ff3cbd589fb7af614fb9fe c:\program files\lexmark toolbar\toolband.dll
<unsigned> MD5: 07ad099218772aac61034351b75ad358 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 819173be1d108b5ad925ba1997eaeb4a C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 84e408bfd7ad685e7b247ad9bc7242f7 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> MD5: 31a7aa2dedefbd3927b0cade051aac2c C:\Program Files\SUPERAntiSpyware\deupx.dll
<unsigned> MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
<unsigned> MD5: 482e8f6fd557d5a0df7363f72df145fe C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
<unsigned> MD5: 5d917c7c71aa500fc6474dc7e1ca779a C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
<unsigned> MD5: 25a8753e1fee793e7ad1fcb8471ff91a C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll
<unsigned> MD5: f4ceed318f6669820a198b9498a88159 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
<unsigned> MD5: 70c4d2474833b6ef16342e5d33359ff6 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
<unsigned> MD5: f81a56a1be2c0ea8c2ff320cd5dc9aad C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
<unsigned> MD5: 6d4dbdc458f86a2c5e76102549017180 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL
<unsigned> MD5: 8d2bc561da4b3e269b148cd7d2f9c176 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
<unsigned> MD5: 2c2c5c662e71a1ebec6569bd05911237 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
<unsigned> MD5: 6613e98493ec4a94395955b17f836cf9 C:\Program Files\WinZip\WZQKPICK.EXE
<unsigned> MD5: 2c2c5c662e71a1ebec6569bd05911237 C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTray.exe
<unsigned> MD5: b75e2a565ae6b03dd3941a5dd4e2f31c C:\WINDOWS\bdoscandel.exe
<unsigned> MD5: a57234a9295b026c13fbf81b729fafa6 C:\WINDOWS\Downloaded Program Files\bdupd.dll
<unsigned> MD5: 3fea9d2edf23b0283c7a66c8dea380bd C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> MD5: cdbe35ea59bc9223e4f800bd1db82d27 C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> MD5: d075f38b14a69362897fa1010a676a7b C:\WINDOWS\Downloaded Program Files\HGPlugin9USA.dll
<unsigned> MD5: ca84ac494141dbbbaa954a064e962c7b C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe
<unsigned> MD5: fe691848ced7c74b2a177319ac154a1f C:\WINDOWS\Downloaded Program Files\ipsupd.dll
<unsigned> MD5: d2ed523bb0fe94f8f492befe1c336040 C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
<unsigned> MD5: 230a39d8950142cf2c94a5c1e567e95e C:\WINDOWS\Downloaded Program Files\oscan82.ocx
<unsigned> MD5: e275447f5ae12bc421d5ad530c5ec060 C:\WINDOWS\Downloaded Program Files\PURen-us.dll
<unsigned> MD5: b8c4fdda6119c23aefc9ba7017a23c32 C:\WINDOWS\Downloaded Program Files\soesysinfo.ocx
<unsigned> MD5: 9e646cd378d4d0c996baf9bcb18237c7 C:\WINDOWS\system32\brss01a.exe
<unsigned> MD5: d3facb34fff5db91adb70987838f8ba7 C:\WINDOWS\system32\brsvc01a.exe
<unsigned> MD5: b979979ab8027f7f53fb16ec4229b7db C:\WINDOWS\system32\drivers\ASPI32.sys
<unsigned> MD5: 791ef93168dcf057715493d607e37983 C:\WINDOWS\System32\Drivers\BrSerWdm.sys
<unsigned> MD5: ef8bd02ad9110c17e0f0e6f9b1479ad5 C:\WINDOWS\System32\Drivers\Capt905c.sys
<unsigned> MD5: 5b6c11de7e839c05248ced8825470fef C:\WINDOWS\system32\drivers\PCOUFFIN.sys
<unsigned> MD5: 05a74d2be6f493c65d7221d1d0e8a23c C:\WINDOWS\System32\Drivers\xbreader.sys
<unsigned> MD5: fc80052194d5708254a346568f0e77c0 C:\WINDOWS\system32\GTNDIS5.SYS
<unsigned> MD5: 9f22e3ce1639917eb07dcc730cd0d410 C:\WINDOWS\system32\IM31IMG.DIL
<unsigned> MD5: 86c5aac31ea7909121327701045f74bd C:\WINDOWS\system32\IMGMAN32.DLL
<unsigned> MD5: 6d576d36ca7c0007ca86a2bf7f8c2fe8 C:\WINDOWS\system32\lxctpmon.dll
<unsigned> MD5: aeebd9716e44e0c2d1bf1160f1a665bf C:\WINDOWS\system32\lxctpmrc.dll
<unsigned> MD5: b33f5a94275a88b2bbd988549b699017 C:\WINDOWS\system32\NavLogon.dll
<unsigned> MD5: 3e4c03cefad8de135263236b61a49c90 C:\WINDOWS\system32\NeroCheck.exe
<unsigned> MD5: 0294e2a5e89bf786f24a9cc2fd753191 C:\WINDOWS\system32\nwiz.exe
<unsigned> MD5: 8ad1812b835b6f57bd4df7296546d903 C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.06 MB sent, 3.11 KB recvd
Scanned 1031 files and modules - 368 seconds

==============================================================================




sigverif scan found

pcouggin.sys

lxctp2fx.gpd






Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/07/2010 22:37:20

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by Kane.D, 09 July 2010 - 08:42 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Under sigverif was that a typo:

pcouggin.sys

not pcouffin.sys?

Will Symantec scan now?

Ron

Edited by RKinner, 09 July 2010 - 10:00 PM.

  • 0

#7
Kane.D

Kane.D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
hey ron

I could of sworn it was pcouffin.sys when I typed it

as for the antivirus when I click the the scan tab before it can load a popup comes up with Symantec Antivrus has encountered a problem and needs to close. same problem that you linked me to with VPC32.exe I do what it says and search for the file VPC32.exe but I can't find it any where I'm guessing I may need to try and reinstall the antivirus to get it back?
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
The file should be at:

C:\Program Files\Symantec AntiVirus\vpc32.exe

Right click on start and Select Explore. You should be able to find Program Files in the left column. Click on the + in front of it and then look under it for Symantec AntiVirus. Click on it and look in the right pane for vpc32.exe.

If you still can't see it then make sure you are set to see System and Hidden files and extensions:

* Close all programs so that you are at your desktop.
* Double-click on the My Computer icon.
* Select the Tools menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and exit My Computer.
* Now your computer is configured to show all hidden files.

Either a reinstall or an update patch should fix it. Save your product key before you uninstall:
http://service1.syma...005033108162039


Ron
  • 0

#9
Kane.D

Kane.D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hey ron sorry for such a late reply. I will need to check again thought even with the hidden files no longer hidden I can't find the file while searching thought I been able to find a couple of Antivirus folders I will keep searching when I have more time and again thanks for all the help
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP