Jump to content

Recommended Posts

I have damage or residue from a recent Alureon-K virus infection.

After reading the postings regarding this virus I was able to get rid of it using TDSS killer. The process appeared to go fine; I have run several scans with my resident avast! as well as several scans using Malwarebytes and Trendmicro Housecall. They all read clean but I have some residual problems.

I seem to have "lost" my Administrator priviledges and while I can still install programs, I can't access various previously installed programs; I can't update Windows; I can't do a system restore.

After removal of the virus the majority of existing file icons were greyed out (like hiddenfiles). When I installed a new program the new icons were fine and the program runs without problems. Based on that, I tried re-setting the File Attributes. That corrected all the greyed out icons but I can't figure out what to do about the lost Adminisrator status issue.

Should I re-install the O/S or will that just create a different set of problems? My O/S is XP Pro.

In preparation for any assitance you can give me, I have downloaded and run DDS and I will attach the scans as suggested.

dds.txtattach.txt

Thanks,

Steener19

Link to post
Share on other sites

Hello Steener19! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here:

www.bleepingcomputer.com/combofix/how-to-use-combofix#use

Please post the log file from ComboFix and a new fresh DDS log files.

Link to post
Share on other sites

Hello Maniac,

Here are the scans you requested. I truly appreciate your taking the time to help ...it looks like a lot of reading here and not much of it makes sense to me.

1)

ComboFix 12-02-13.01 - Steen 02/14/2012 23:16:23.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2832 [GMT -8:00]

Running from: d:\program files\Utilities\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))

.

.

2012-02-07 10:03 . 2012-01-06 04:19 6557240 ----a-r- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{97F319C8-7397-46F1-A7A4-7E9BA13A06F9}\mpengine.dll

2012-02-07 04:24 . 2012-02-07 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2012-01-31 23:14 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-01-31 23:14 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\program files\iPod

2012-01-31 23:13 . 2012-01-31 23:14 -------- d-----w- c:\program files\iTunes

2012-01-31 23:13 . 2012-01-31 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\program files\Apple Software Update

2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2012-01-31 23:12 . 2012-01-31 23:12 -------- d-----w- c:\program files\Bonjour

2012-01-25 08:44 . 2012-01-25 08:49 -------- d-----w- c:\documents and settings\Steen\Application Data\PCPro

2012-01-25 08:44 . 2012-01-25 08:44 -------- d-----w- c:\documents and settings\Steen\Application Data\PC Cleaners

2012-01-25 08:44 . 2012-01-25 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data

2012-01-24 05:19 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-01-24 05:19 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-01-24 05:19 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-01-24 05:19 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-24 05:19 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-01-24 05:19 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-01-24 05:19 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-01-24 05:19 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-01-24 05:19 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2012-01-24 05:05 . 2011-11-28 18:01 199816 ------w- c:\windows\system32\aswBoot.exe

2012-01-24 05:04 . 2012-01-24 05:19 -------- d-----w- c:\program files\AVAST Software

2012-01-23 07:34 . 2012-01-23 19:15 -------- d-----w- c:\documents and settings\Steen\Application Data\Registry Mechanic

2012-01-23 07:25 . 2012-01-23 07:31 -------- d-----w- c:\program files\RegZooka

2012-01-23 06:10 . 2012-01-23 06:10 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconD7F16134.exe

2012-01-23 06:10 . 2012-01-23 06:10 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconCF33A0CE.exe

2012-01-23 06:10 . 2012-01-23 06:10 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconF7A21AF7.exe

2012-01-23 06:10 . 2012-01-25 08:16 -------- d-----w- C:\sh4ldr

2012-01-23 06:09 . 2012-01-25 08:16 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP

2012-01-23 06:09 . 2012-01-23 06:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-01-23 05:47 . 2012-01-23 05:47 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2012-01-23 05:44 . 2012-01-23 05:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-01-23 05:44 . 2012-01-23 05:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 08:21 . 2010-04-07 05:52 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-25 08:49 . 2009-04-28 17:24 5276432 ----a-w- c:\windows\uninst.exe

2012-01-24 20:01 . 2008-04-13 18:36 43008 ---ha-w- c:\windows\system32\drivers\amdagp.sys

2012-01-11 20:33 . 2012-01-10 21:10 5836 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-01-06 04:19 . 2010-04-07 05:52 6557240 ----a-r- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-12-10 23:24 . 2010-04-09 01:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 01:20 . 2011-12-07 01:20 23552 ----a-w- c:\windows\system32\drivers\dfg.sys

2011-11-23 13:25 . 2006-02-28 12:00 1859584 ---ha-w- c:\windows\system32\win32k.sys

2005-12-15 21:54 . 2009-04-10 14:11 5037072 ------w- c:\program files\spybotsd14.exe

2010-03-18 09:47 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-24_02.50.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 08:02 . 2009-07-12 08:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

- 2009-07-12 07:02 . 2009-07-12 07:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2011-08-31 07:05 . 2011-08-31 07:05 50536 c:\windows\system32\jdns_sd.dll

+ 2012-01-31 23:13 . 2011-08-03 01:38 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys

+ 2012-01-31 23:13 . 2011-08-03 01:38 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys

+ 2012-01-31 23:14 . 2009-05-18 21:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys

+ 2011-08-31 07:05 . 2011-08-31 07:05 73064 c:\windows\system32\dnssd.dll

+ 2011-08-31 07:05 . 2011-08-31 07:05 83816 c:\windows\system32\dns-sd.exe

+ 2008-04-13 18:36 . 2012-01-24 20:01 43008 c:\windows\system32\dllcache\amdagp.sys

+ 2009-04-10 00:12 . 2002-07-03 18:44 29697 c:\windows\system32\bdckp32.dll

+ 2012-01-31 23:13 . 2012-01-31 23:13 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe

+ 2012-01-29 19:32 . 2012-01-29 19:32 69632 c:\windows\Installer\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}\NewShortcut5_22EC35BDF8F245EB8DCB1C7FB65D0A71.exe

+ 2012-01-29 19:32 . 2012-01-29 19:32 69632 c:\windows\Installer\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}\NewShortcut1_22EC35BDF8F245EB8DCB1C7FB65D0A71.exe

+ 2012-01-29 19:32 . 2012-01-29 19:32 69632 c:\windows\Installer\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}\ARPPRODUCTICON.exe

+ 2012-01-25 08:15 . 2012-01-25 08:15 27499 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCall.dll

- 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2009-07-12 08:02 . 2009-07-12 08:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2011-05-14 09:17 . 2011-05-14 09:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

+ 2011-05-14 09:12 . 2011-05-14 09:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

+ 2011-05-14 09:11 . 2011-05-14 09:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll

+ 2011-02-08 20:52 . 2011-02-08 20:52 145688 c:\windows\system32\MicrosoftUpdateCatalogWebControl.dll

+ 2009-04-04 11:08 . 2012-01-30 16:03 295664 c:\windows\system32\FNTCACHE.DAT

+ 2012-01-31 23:14 . 2008-04-17 20:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll

+ 2011-08-31 07:05 . 2011-08-31 07:05 178536 c:\windows\system32\dnssdX.dll

+ 2012-01-31 23:15 . 2012-01-31 23:15 380928 c:\windows\Installer\{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}\iTunesIco.exe

+ 2012-01-26 09:26 . 2012-01-26 09:26 233472 c:\windows\ERDNTbackup\1-26-2012\Users\00000002\UsrClass.dat

+ 2012-01-26 09:26 . 2005-10-20 19:02 163328 c:\windows\ERDNTbackup\1-26-2012\ERDNT.EXE

+ 2012-01-25 08:15 . 2012-01-25 08:15 180382 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla21.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 175992 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla20.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 176035 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla2.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 176035 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla19.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 179340 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla18.exe

+ 2012-01-25 08:15 . 2012-01-25 08:15 176545 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla17.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 179340 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla.dll

+ 2012-01-31 23:13 . 2011-08-03 01:38 4517664 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll

+ 2012-01-31 23:13 . 2011-08-03 01:38 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll

+ 2012-01-31 23:15 . 2012-01-31 23:15 5421056 c:\windows\Installer\166858.msi

+ 2012-01-31 23:13 . 2012-01-31 23:13 1769984 c:\windows\Installer\166854.msi

+ 2012-01-31 23:13 . 2012-01-31 23:13 1717248 c:\windows\Installer\166823.msi

+ 2012-01-31 23:12 . 2012-01-31 23:12 2002432 c:\windows\Installer\16681c.msi

+ 2012-01-31 23:11 . 2012-01-31 23:11 1530368 c:\windows\Installer\1667f1.msi

+ 2012-01-29 19:32 . 2012-01-29 19:32 13460480 c:\windows\Installer\11981f.msi

+ 2012-01-26 09:26 . 2012-01-26 09:26 16723968 c:\windows\ERDNTbackup\1-26-2012\Users\00000001\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"dvd43"="" [bU]

"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 614400]

"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\Chuck.STEEN-APR3-2009\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-3 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2008-10-07 10:59 33538048 ------w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"d:\\Program Files\\BitLord\\BitLord.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\SUPDSvc.exe"=

"c:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8701:TCP"= 8701:TCP:Bitlord

"7212:TCP"= 7212:TCP:c:\\Program Files\\Bitlord

"1:TCP"= 1:TCP:Intel HaM Data Fax Voice

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/23/2012 9:19 PM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/23/2012 9:19 PM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/23/2012 9:19 PM 20568]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/6/2010 10:02 PM 12184]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [4/10/2009 6:11 AM 13592]

R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [6/21/2002 1:39 PM 469935]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [4/5/2009 3:50 PM 100456]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/20/2009 10:17 PM 47360]

R3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [4/9/2009 4:12 PM 238080]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [4/5/2009 3:47 PM 876288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [12/6/2011 5:20 PM 23552]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [4/15/2010 12:10 PM 132464]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]

.

2010-11-21 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-11-21 07:01]

.

2012-02-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2009-04-10 01:20]

.

2012-01-25 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2012-01-07 05:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.dogpile.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll

TCP: DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.161.68

Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - d:\program files\TAX\2009QuickTax\ic2007pp.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - d:\program files\TAX\ic2011pp.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\

FF - prefs.js: browser.search.selectedEngine - Dogpile

FF - prefs.js: browser.startup.homepage - hxxp://dogpile.com/

FF - prefs.js: keyword.URL - hxxp://search.bearshare.com//web?src=ffb&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-PC Cleaners - c:\program files\PC Cleaners\PCCleaners.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-14 23:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(760)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

- - - - - - - > 'explorer.exe'(3576)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

d:\program files\ZenMicro\Zen Micro Media Explorer\CTJBNS2.dll

d:\program files\ZenMicro\Zen Micro Media Explorer\CTIntrfc.dll

d:\program files\ZenMicro\Zen Micro Media Explorer\CTConfig.DLL

d:\program files\ZenMicro\Zen Micro Media Explorer\JBNSRES.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-02-14 23:36:25

ComboFix-quarantined-files.txt 2012-02-15 07:36

ComboFix2.txt 2012-01-24 04:10

.

Pre-Run: 126,635,298,816 bytes free

Post-Run: 126,791,835,648 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot Loader]

Timeout=2

Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[Operating Systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - D458E35FE368F2E725095CB29C9DD21E

2)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by Steen at 23:42:14 on 2012-02-14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2792 [GMT -8:00]

.

AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.dogpile.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /S

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [dvd43]

mRun: [Conime] %windir%\system32\conime.exe

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

mRun: [3170 Scan2PC] "c:\windows\twain_32\samsung\clx3170\Scan2pc.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000

IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} - hxxp://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1327572877859

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268715045218

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - d:\program files\tax\2009quicktax\ic2007pp.dll

Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - d:\program files\tax\2008quicktax\ic2008pp.dll

Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - d:\program files\tax\2009quicktax\ic2009pp.dll

Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - d:\program files\tax\2010turbotax\ic2010pp.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - d:\program files\tax\ic2011pp.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\steen\application data\mozilla\firefox\profiles\g7rgvzoa.default\

FF - prefs.js: browser.search.selectedEngine - Dogpile

FF - prefs.js: browser.startup.homepage - hxxp://dogpile.com/

FF - prefs.js: keyword.URL - hxxp://search.bearshare.com//web?src=ffb&q=

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-23 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-23 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-23 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-23 44768]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-6 12184]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2009-4-10 13592]

R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2002-6-21 469935]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-4-5 100456]

R3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [2009-4-9 238080]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-4-5 876288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [2011-12-6 23552]

S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]

S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-4-15 132464]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-02-15 07:14:03 -------- d-sha-r- C:\cmdcons

2012-02-15 07:10:03 98816 ----a-w- c:\windows\sed.exe

2012-02-15 07:10:03 518144 ----a-w- c:\windows\SWREG.exe

2012-02-15 07:10:03 256000 ----a-w- c:\windows\PEV.exe

2012-02-15 07:10:03 208896 ----a-w- c:\windows\MBR.exe

2012-02-07 10:03:41 6557240 ----a-r- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{97f319c8-7397-46f1-a7a4-7e9ba13a06f9}\mpengine.dll

2012-01-31 23:14:53 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-01-31 23:14:53 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-01-31 23:13:56 -------- d-----w- c:\program files\iPod

2012-01-31 23:13:53 -------- d-----w- c:\program files\iTunes

2012-01-31 23:13:53 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-01-31 23:12:46 -------- d-----w- c:\program files\Bonjour

2012-01-26 09:26:29 -------- d-----w- c:\windows\ERDNTbackup

2012-01-25 08:44:15 -------- d-----w- c:\documents and settings\steen\application data\PCPro

2012-01-25 08:44:15 -------- d-----w- c:\documents and settings\steen\application data\PC Cleaners

2012-01-25 08:44:01 -------- d-----w- c:\documents and settings\all users\application data\PC1Data

2012-01-24 05:19:45 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-24 05:19:29 41184 ----a-w- c:\windows\avastSS.scr

2012-01-24 05:04:53 -------- d-----w- c:\program files\AVAST Software

2012-01-23 07:34:03 -------- d-----w- c:\documents and settings\steen\application data\Registry Mechanic

2012-01-23 07:25:50 -------- d-----w- c:\program files\RegZooka

2012-01-23 06:10:23 -------- d-----w- C:\sh4ldr

2012-01-23 06:09:55 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP

2012-01-23 06:09:50 -------- d-----w- c:\program files\common files\Wise Installation Wizard

.

==================== Find3M ====================

.

2012-01-27 08:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-25 08:49:00 5276432 ----a-w- c:\windows\uninst.exe

2012-01-24 20:01:12 43008 ---ha-w- c:\windows\system32\drivers\amdagp.sys

2012-01-11 20:33:17 5836 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 01:20:42 23552 ----a-w- c:\windows\system32\drivers\dfg.sys

2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys

2005-12-15 21:54:10 5037072 ------w- c:\program files\spybotsd14.exe

2010-03-18 09:47:12 203776 --sh--w- c:\windows\system32\unrar.exe

.

============= FINISH: 23:44:13.51 ===============

3)

ComboFix 12-02-13.01 - Steen 02/14/2012 23:16:23.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2832 [GMT -8:00]

Running from: d:\program files\Utilities\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))

.

.

2012-02-07 10:03 . 2012-01-06 04:19 6557240 ----a-r- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{97F319C8-7397-46F1-A7A4-7E9BA13A06F9}\mpengine.dll

2012-02-07 04:24 . 2012-02-07 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2012-01-31 23:14 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-01-31 23:14 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\program files\iPod

2012-01-31 23:13 . 2012-01-31 23:14 -------- d-----w- c:\program files\iTunes

2012-01-31 23:13 . 2012-01-31 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\program files\Apple Software Update

2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2012-01-31 23:12 . 2012-01-31 23:12 -------- d-----w- c:\program files\Bonjour

2012-01-25 08:44 . 2012-01-25 08:49 -------- d-----w- c:\documents and settings\Steen\Application Data\PCPro

2012-01-25 08:44 . 2012-01-25 08:44 -------- d-----w- c:\documents and settings\Steen\Application Data\PC Cleaners

2012-01-25 08:44 . 2012-01-25 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data

2012-01-24 05:19 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-01-24 05:19 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-01-24 05:19 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-01-24 05:19 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-24 05:19 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-01-24 05:19 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-01-24 05:19 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-01-24 05:19 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-01-24 05:19 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2012-01-24 05:05 . 2011-11-28 18:01 199816 ------w- c:\windows\system32\aswBoot.exe

2012-01-24 05:04 . 2012-01-24 05:19 -------- d-----w- c:\program files\AVAST Software

2012-01-23 07:34 . 2012-01-23 19:15 -------- d-----w- c:\documents and settings\Steen\Application Data\Registry Mechanic

2012-01-23 07:25 . 2012-01-23 07:31 -------- d-----w- c:\program files\RegZooka

2012-01-23 06:10 . 2012-01-23 06:10 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconD7F16134.exe

2012-01-23 06:10 . 2012-01-23 06:10 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconCF33A0CE.exe

2012-01-23 06:10 . 2012-01-23 06:10 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconF7A21AF7.exe

2012-01-23 06:10 . 2012-01-25 08:16 -------- d-----w- C:\sh4ldr

2012-01-23 06:09 . 2012-01-25 08:16 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP

2012-01-23 06:09 . 2012-01-23 06:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-01-23 05:47 . 2012-01-23 05:47 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2012-01-23 05:44 . 2012-01-23 05:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-01-23 05:44 . 2012-01-23 05:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 08:21 . 2010-04-07 05:52 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-25 08:49 . 2009-04-28 17:24 5276432 ----a-w- c:\windows\uninst.exe

2012-01-24 20:01 . 2008-04-13 18:36 43008 ---ha-w- c:\windows\system32\drivers\amdagp.sys

2012-01-11 20:33 . 2012-01-10 21:10 5836 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-01-06 04:19 . 2010-04-07 05:52 6557240 ----a-r- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-12-10 23:24 . 2010-04-09 01:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 01:20 . 2011-12-07 01:20 23552 ----a-w- c:\windows\system32\drivers\dfg.sys

2011-11-23 13:25 . 2006-02-28 12:00 1859584 ---ha-w- c:\windows\system32\win32k.sys

2005-12-15 21:54 . 2009-04-10 14:11 5037072 ------w- c:\program files\spybotsd14.exe

2010-03-18 09:47 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-24_02.50.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 08:02 . 2009-07-12 08:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

- 2009-07-12 07:02 . 2009-07-12 07:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2011-08-31 07:05 . 2011-08-31 07:05 50536 c:\windows\system32\jdns_sd.dll

+ 2012-01-31 23:13 . 2011-08-03 01:38 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys

+ 2012-01-31 23:13 . 2011-08-03 01:38 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys

+ 2012-01-31 23:14 . 2009-05-18 21:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys

+ 2011-08-31 07:05 . 2011-08-31 07:05 73064 c:\windows\system32\dnssd.dll

+ 2011-08-31 07:05 . 2011-08-31 07:05 83816 c:\windows\system32\dns-sd.exe

+ 2008-04-13 18:36 . 2012-01-24 20:01 43008 c:\windows\system32\dllcache\amdagp.sys

+ 2009-04-10 00:12 . 2002-07-03 18:44 29697 c:\windows\system32\bdckp32.dll

+ 2012-01-31 23:13 . 2012-01-31 23:13 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe

+ 2012-01-29 19:32 . 2012-01-29 19:32 69632 c:\windows\Installer\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}\NewShortcut5_22EC35BDF8F245EB8DCB1C7FB65D0A71.exe

+ 2012-01-29 19:32 . 2012-01-29 19:32 69632 c:\windows\Installer\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}\NewShortcut1_22EC35BDF8F245EB8DCB1C7FB65D0A71.exe

+ 2012-01-29 19:32 . 2012-01-29 19:32 69632 c:\windows\Installer\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}\ARPPRODUCTICON.exe

+ 2012-01-25 08:15 . 2012-01-25 08:15 27499 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCall.dll

- 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2009-07-12 08:02 . 2009-07-12 08:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2011-05-14 09:17 . 2011-05-14 09:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

+ 2011-05-14 09:12 . 2011-05-14 09:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

+ 2011-05-14 09:11 . 2011-05-14 09:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll

+ 2011-02-08 20:52 . 2011-02-08 20:52 145688 c:\windows\system32\MicrosoftUpdateCatalogWebControl.dll

+ 2009-04-04 11:08 . 2012-01-30 16:03 295664 c:\windows\system32\FNTCACHE.DAT

+ 2012-01-31 23:14 . 2008-04-17 20:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll

+ 2011-08-31 07:05 . 2011-08-31 07:05 178536 c:\windows\system32\dnssdX.dll

+ 2012-01-31 23:15 . 2012-01-31 23:15 380928 c:\windows\Installer\{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}\iTunesIco.exe

+ 2012-01-26 09:26 . 2012-01-26 09:26 233472 c:\windows\ERDNTbackup\1-26-2012\Users\00000002\UsrClass.dat

+ 2012-01-26 09:26 . 2005-10-20 19:02 163328 c:\windows\ERDNTbackup\1-26-2012\ERDNT.EXE

+ 2012-01-25 08:15 . 2012-01-25 08:15 180382 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla21.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 175992 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla20.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 176035 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla2.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 176035 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla19.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 179340 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla18.exe

+ 2012-01-25 08:15 . 2012-01-25 08:15 176545 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla17.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 179340 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla.dll

+ 2012-01-31 23:13 . 2011-08-03 01:38 4517664 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll

+ 2012-01-31 23:13 . 2011-08-03 01:38 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll

+ 2012-01-31 23:15 . 2012-01-31 23:15 5421056 c:\windows\Installer\166858.msi

+ 2012-01-31 23:13 . 2012-01-31 23:13 1769984 c:\windows\Installer\166854.msi

+ 2012-01-31 23:13 . 2012-01-31 23:13 1717248 c:\windows\Installer\166823.msi

+ 2012-01-31 23:12 . 2012-01-31 23:12 2002432 c:\windows\Installer\16681c.msi

+ 2012-01-31 23:11 . 2012-01-31 23:11 1530368 c:\windows\Installer\1667f1.msi

+ 2012-01-29 19:32 . 2012-01-29 19:32 13460480 c:\windows\Installer\11981f.msi

+ 2012-01-26 09:26 . 2012-01-26 09:26 16723968 c:\windows\ERDNTbackup\1-26-2012\Users\00000001\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"dvd43"="" [bU]

"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 614400]

"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\Chuck.STEEN-APR3-2009\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-3 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2008-10-07 10:59 33538048 ------w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"d:\\Program Files\\BitLord\\BitLord.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\SUPDSvc.exe"=

"c:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8701:TCP"= 8701:TCP:Bitlord

"7212:TCP"= 7212:TCP:c:\\Program Files\\Bitlord

"1:TCP"= 1:TCP:Intel HaM Data Fax Voice

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/23/2012 9:19 PM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/23/2012 9:19 PM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/23/2012 9:19 PM 20568]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/6/2010 10:02 PM 12184]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [4/10/2009 6:11 AM 13592]

R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [6/21/2002 1:39 PM 469935]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [4/5/2009 3:50 PM 100456]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/20/2009 10:17 PM 47360]

R3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [4/9/2009 4:12 PM 238080]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [4/5/2009 3:47 PM 876288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [12/6/2011 5:20 PM 23552]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [4/15/2010 12:10 PM 132464]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]

.

2010-11-21 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-11-21 07:01]

.

2012-02-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2009-04-10 01:20]

.

2012-01-25 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2012-01-07 05:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.dogpile.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll

TCP: DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.161.68

Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - d:\program files\TAX\2009QuickTax\ic2007pp.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - d:\program files\TAX\ic2011pp.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\

FF - prefs.js: browser.search.selectedEngine - Dogpile

FF - prefs.js: browser.startup.homepage - hxxp://dogpile.com/

FF - prefs.js: keyword.URL - hxxp://search.bearshare.com//web?src=ffb&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-PC Cleaners - c:\program files\PC Cleaners\PCCleaners.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-14 23:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(760)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

- - - - - - - > 'explorer.exe'(3576)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

d:\program files\ZenMicro\Zen Micro Media Explorer\CTJBNS2.dll

d:\program files\ZenMicro\Zen Micro Media Explorer\CTIntrfc.dll

d:\program files\ZenMicro\Zen Micro Media Explorer\CTConfig.DLL

d:\program files\ZenMicro\Zen Micro Media Explorer\JBNSRES.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-02-14 23:36:25

ComboFix-quarantined-files.txt 2012-02-15 07:36

ComboFix2.txt 2012-01-24 04:10

.

Pre-Run: 126,635,298,816 bytes free

Post-Run: 126,791,835,648 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot Loader]

Timeout=2

Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[Operating Systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - D458E35FE368F2E725095CB29C9DD21E

Link to post
Share on other sites

.Hello, Maniac,

Oops, that was silly. I thought I had checked them all. I'll try gain. Thanks!!!

Attacht.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume3

Install Date: 4/4/2009 12:28:18 PM

System Uptime: 2/13/2012 10:03:28 AM (11 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M3N78-VM

Processor: AMD Phenom 9500 Quad-Core Processor | AM2 | 2199/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 115.277 GiB free.

D: is FIXED (NTFS) - 128 GiB total, 49.769 GiB free.

E: is FIXED (NTFS) - 21 GiB total, 17.622 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 1/26/2012 1:22:49 AM - System Checkpoint

RP2: 1/27/2012 4:34:48 PM - System Checkpoint

RP3: 1/27/2012 4:39:57 PM - Software Distribution Service 3.0

RP4: 1/28/2012 4:59:21 PM - System Checkpoint

RP5: 1/29/2012 11:32:05 AM - Installed TurboTax 2011.

RP6: 1/30/2012 1:02:22 PM - System Checkpoint

RP7: 1/31/2012 2:57:37 PM - Before Apple TV

RP8: 1/31/2012 3:13:43 PM - Installed iTunes

RP9: 2/1/2012 11:20:28 AM - Software Distribution Service 3.0

RP10: 2/2/2012 12:09:57 PM - System Checkpoint

RP11: 2/3/2012 1:00:57 PM - Software Distribution Service 3.0

RP12: 2/4/2012 2:23:28 PM - System Checkpoint

RP13: 2/5/2012 5:33:01 PM - System Checkpoint

RP14: 2/6/2012 7:00:26 PM - System Checkpoint

RP15: 2/7/2012 2:03:37 AM - Software Distribution Service 3.0

RP16: 2/8/2012 12:48:39 PM - System Checkpoint

RP17: 2/9/2012 12:29:37 AM - Restore Operation

RP18: 2/10/2012 12:32:15 AM - System Checkpoint

RP19: 2/11/2012 1:13:53 AM - System Checkpoint

RP20: 2/12/2012 6:30:20 PM - System Checkpoint

RP21: 2/13/2012 7:09:23 PM - System Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 7.0

Adobe Reader 9.4.6

AMD Processor Driver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ashampoo Burning Studio 9.20

avast! Free Antivirus

AVS Update Manager 1.0

AVS4YOU Software Navigator 1.3

Bonjour

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Support Core Library

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

Canon Camera Window for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities PhotoStitch 3.1

Canon ZoomBrowser EX

ClearType Tuning Control Panel Applet

ConvertXtoDVD 3.8.0.193d

Cool & Quiet

Creative Jukebox Driver

Creative MediaSource

Creative Removable Disk Manager

Creative System Information

Creative Zen Micro

Critical Update for Windows Media Player 11 (KB959772)

CyberLink DVD Suite

DVD43 v3.8.0

EMCO MoveOnBoot v2.1

eReg

Express Burn Disc Burning Software

Express Gate

FileASSASSIN

FrostWire 4.20.9

Garmin City Navigator North America NT 2011.40 Update

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImgBurn

iTunes

Java Auto Updater

Java 6 Update 21

Java 6 Update 7

K-Lite Codec Pack 5.2.0 (Full)

LG ODD Auto Firmware Update

Logitech SetPoint 6.30

Magic ISO Maker v5.5 (build 0265)

Magic ISO Maker v5.5 (build 0281)

Malwarebytes' Anti-Malware version 1.51.0.1200

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft Office XP Web Components

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MovieEdit Task

Mozilla Firefox (3.6.25)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Essentials

Nero Media Player

Nero OEM

NeroVision Express 2

neroxml

NVIDIA Control Panel 266.58

NVIDIA Drivers

NVIDIA Graphics Driver 266.58

NVIDIA HD Audio Driver 1.1.13.1

NVIDIA Install Application

NVIDIA nView 135.50

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

Omar Sharif Bridge

PC Camera (6029 CIF)

PC Cleaners

PC Probe II

PhotoStitch

Platform

PowerDVD

PrintMaster Gold 4.00

Prism Video File Converter

QuickTax 2006

QuickTax 2007

QuickTax 2009

QuickTime

RAW Image Task 1.2

Readiris Pro 10

RegZooka

RemoteCapture Task 1.1

Samsung CLX-3170 Series

SAMSUNG Dr. Printer

Samsung Universal Print Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SereneScreen Marine Aquarium 2.6

SmarThru 4

SmarThru PC Fax

SpyHunter

TurboTax 2010

TurboTax 2011

Tweakui Powertoy for Windows XP

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VIA Platform Device Manager

VLC media player 1.0.5

WebFldrs XP

Windows Defender

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

XviD MPEG-4 Video Codec

.

==== Event Viewer Messages From Past Week ========

.

2/9/2012 12:19:06 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.

2/7/2012 9:10:44 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.

2/10/2012 1:57:28 AM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147942405 (0x80070005).

.

==== End Of File ===========================2012-02-15 07:32:54 . 2012-02-15 07:32:55 158 ----a-w-

C:\Qoobox\Quarantine\

C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-PC Cleaners.reg.dat

2012-01-24 04:06:06 . 2012-01-24 04:06:07 174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-QFgKkChNdEE.exe.reg.dat

2012-01-24 02:57:04 . 2012-01-24 02:57:05 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-dvd43.reg.dat

2012-01-24 02:56:54 . 2012-01-24 02:56:54 154 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-RegistryMechanic.reg.dat

2012-01-24 02:56:48 . 2012-01-24 04:05:45 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98}.reg.dat

2012-01-24 02:56:46 . 2012-01-24 04:05:41 116 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98}.reg.dat

2012-01-24 02:38:00 . 2012-01-24 02:38:00 10,112 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steen\My Documents\_~WRL0003_.tmp.zip

2012-01-24 02:29:49 . 2012-02-15 07:25:51 6,064 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-01-24 02:12:15 . 2012-02-15 07:09:54 806 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-04-04 17:17:33 . 2010-04-07 00:03:05 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvesdb6m.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome.manifest.vir

2010-04-04 17:17:33 . 2010-04-07 00:03:05 771 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvesdb6m.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\install.rdf.vir

2010-04-04 17:17:33 . 2010-04-07 00:03:05 3,295 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvesdb6m.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome\xulcache.jar.vir

2010-04-04 17:17:33 . 2010-04-07 00:03:05 255 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvesdb6m.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\defaults\preferences\xulcache.js.vir

2010-03-18 09:46:53 . 2010-04-07 00:03:05 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome.manifest.vir

2010-03-18 09:46:53 . 2010-04-07 00:03:05 771 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\install.rdf.vir

2010-03-18 09:46:53 . 2010-04-07 00:03:05 3,295 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome\xulcache.jar.vir

2010-03-18 09:46:53 . 2010-04-07 00:03:05 255 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\defaults\preferences\xulcache.js.vir

2009-10-16 04:55:08 . 2009-06-05 16:46:18 60 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\page\page.URL.vir

2009-10-16 04:55:08 . 2009-06-24 21:35:26 73,910 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\page\page.ico.vir

2002-03-20 01:30:00 . 2002-03-20 01:30:00 5,528 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\PowerToyReadme.htm.vir

2012-02-15 07:32:54 . 2012-02-15 07:32:55 158 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-PC Cleaners.reg.dat

2012-01-24 04:06:06 . 2012-01-24 04:06:07 174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-QFgKkChNdEE.exe.reg.dat

2012-01-24 02:57:04 . 2012-01-24 02:57:05 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-dvd43.reg.dat

2012-01-24 02:56:54 . 2012-01-24 02:56:54 154 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-RegistryMechanic.reg.dat

2012-01-24 02:56:48 . 2012-01-24 04:05:45 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98}.reg.dat

2012-01-24 02:56:46 . 2012-01-24 04:05:41 116 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98}.reg.dat

2012-01-24 02:38:00 . 2012-01-24 02:38:00 10,112 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steen\My Documents\_~WRL0003_.tmp.zip

2012-01-24 02:29:49 . 2012-02-15 07:25:51 6,064 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-01-24 02:12:15 . 2012-02-15 07:09:54 806 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-04-04 17:17:33 . 2010-04-07 00:03:05 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvesdb6m.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome.manifest.vir

2010-04-04 17:17:33 . 2010-04-07 00:03:05 771 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvesdb6m.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\install.rdf.vir

2010-04-04 17:17:33 . 2010-04-07 00:03:05 3,295 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvesdb6m.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome\xulcache.jar.vir

2010-04-04 17:17:33 . 2010-04-07 00:03:05 255 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvesdb6m.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\defaults\preferences\xulcache.js.vir

2010-03-18 09:46:53 . 2010-04-07 00:03:05 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome.manifest.vir

2010-03-18 09:46:53 . 2010-04-07 00:03:05 771 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\install.rdf.vir

2010-03-18 09:46:53 . 2010-04-07 00:03:05 3,295 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome\xulcache.jar.vir

2010-03-18 09:46:53 . 2010-04-07 00:03:05 255 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\defaults\preferences\xulcache.js.vir

2009-10-16 04:55:08 . 2009-06-05 16:46:18 60 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\page\page.URL.vir

2009-10-16 04:55:08 . 2009-06-24 21:35:26 73,910 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\page\page.ico.vir

2002-03-20 01:30:00 . 2002-03-20 01:30:00 5,528 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\PowerToyReadme.htm.vir

Link to post
Share on other sites

Thanks! :)

Step 1

Please uninstall the following applications: PC Cleaners and ForstWire.

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}

Folder::
d:\Program Files\BitLord
c:\Program Files\FrostWire
c:\program files\PC Cleaners

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\BitLord\\BitLord.exe"=-
"c:\\Program Files\\FrostWire\\FrostWire.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8701:TCP"=-
"7212:TCP"=-

FireFox::
FF - ProfilePath - c:\documents and settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com//web?src=ffb&q=

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi Maniac,

I uninstalled Frostwire as per your instructions, however, PC Cleaners is another matter. I downloaded it for a free trial from what is supposed to be a reputable site. It did not seem legitimate and I did not install it, I just deleted it without running it. When I go to the control panel, there it is.

When I click on uninstall my machine freezes and a dialogue box appears telling me to call to have a "technician" help me uninstall it. I called the number and got some clown in India wanting to take control of my computer to "help" me - not going to happen! But I cannot seem to get rid of it on my own; I can't find where it is hiding. I have 'autoruns.exe' that shows the registry but I don't see it in there. I tried booting into safe mode and uninstalling but the same thing happens. I also found that I can't set the boot.ini file to auto-boot to safe mode as the boxes are greyed out.

I have not proceeded to step 2) as I wanted to get your opinion as to what to do first.

Steener19

Link to post
Share on other sites

Here is the scan. :)

ComboFix 12-02-13.01 - Steen 02/16/2012 9:03.4.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2832 [GMT -8:00]

Running from: d:\program files\Utilities\ComboFix.exe

Command switches used :: d:\program files\Utilities\ComboFie Folder\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

d:\program files\BitLord

d:\program files\BitLord\BitLord.exe

d:\program files\BitLord\BitLord.xml

d:\program files\BitLord\Downloads.xml

d:\program files\BitLord\Downloads\AnyDVD 6.4.55 Final\DESCRiPTiON.nfo

d:\program files\BitLord\Downloads\AnyDVD 6.4.55 Final\RegKey\HD.AnyDVD

d:\program files\BitLord\Downloads\AnyDVD 6.4.55 Final\SetupAnyDVD6455.exe

d:\program files\BitLord\Downloads\AnyDVD.v6.4.5.9-RES-crk.zip

d:\program files\BitLord\Downloads\BitLord.exe

d:\program files\BitLord\Downloads\BitLord.url

d:\program files\BitLord\Downloads\BitLord.xml

d:\program files\BitLord\Downloads\Clone DVD + Any DVD+ crack+serial (1).exe.bc!

d:\program files\BitLord\Downloads\Clone DVD + Any DVD+ crack+serial (1).exe.bc!.torrent

d:\program files\BitLord\Downloads\Clone DVD 2.9.1.0 & Clone CD 5.3.0.1\CloneCD 5.3.0.1.exe

d:\program files\BitLord\Downloads\Clone DVD 2.9.1.0 & Clone CD 5.3.0.1\CloneDVD 2.9.1.0.exe

d:\program files\BitLord\Downloads\Clone DVD 2.9.1.0 & Clone CD 5.3.0.1\ReadMe.txt

d:\program files\BitLord\Downloads\Crash.log

d:\program files\BitLord\Downloads\Dido by blondu4all\blondu4all.txt

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - 01 - Here With Me.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - 03 - Don´t Think of Me.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - 04 - My Lover´s Gone.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - 2003 Life For Rent - 06 - Don't Leave Me Home.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - Do You Have A Little Time -21st.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - Isobel.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - Life for rent.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - Make Over.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - Marys in India.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - Sand in my shoes.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - See The Sun.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - Slide.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - Stoned.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido - White flag.mp3

d:\program files\BitLord\Downloads\Dido by blondu4all\Dido feat Faithless - one step too far - 2002.mp3

d:\program files\BitLord\Downloads\Downloads.xml

d:\program files\BitLord\Downloads\Downloads\AnyDvd.Latest.Build.6459.with.CRACK.WARTH.rar.bc!

d:\program files\BitLord\Downloads\Downloads\Battle In Seattle 2007 DVDRip XviD AC3-FLAWL3SS\Battle.In.Seattle-FLAWL3SS.avi.bc!

d:\program files\BitLord\Downloads\Downloads\Battle In Seattle 2007 DVDRip XviD AC3-FLAWL3SS\BATTLE.nfo.bc!

d:\program files\BitLord\Downloads\Downloads\Battle In Seattle 2007 DVDRip XviD AC3-FLAWL3SS\Sample.Battle-FLAWL3SS.avi.bc!

d:\program files\BitLord\Downloads\Downloads\SetupAnyDVD6459.multilangual.exe.bc!

d:\program files\BitLord\Downloads\FairStars Audio Converter 1 77[h33t][superl]\Under SEH Team.nfo

d:\program files\BitLord\Downloads\How To Spot A Fake aXXo or FXG Release Before You Download\How to spot a fake aXXo or FXG release before you download!.rtf

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\00_john_denver_-_christmas_like_a_lullaby-2005-back-mnd.jpg

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\00_john_denver_-_christmas_like_a_lullaby-2005-back-mnd.sfv

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\00_john_denver_-_christmas_like_a_lullaby-2005-front-mnd.jpg

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\00_john_denver_-_christmas_like_a_lullaby-2005-mnd.m3u

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\01_chritmas_like_a_hullaby-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\02_the_first_noel-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\03_away_in_a_manger-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\04_the_children_of_bethlehem-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\05_jingle_bells-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\06_white_christmas-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\07_marvelous_toy-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\08_blue_christmas-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\09_rudolph_the_red_nosed_reindeer-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\10_little_drummer_boy-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\11_marys_little_boy_child-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\12_the_chrsitmas_song-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\13_have_yourself_a_mary_little_christmas-mnd.mp3

d:\program files\BitLord\Downloads\John Denver - Christmas_Like A Lullaby-2005\John Denver - Christmas_Like A Lullaby-2005.nfo

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\AlbumArt_{05158C08-A005-41DC-9285-F8F135FA3625}_Small.jpg

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\AlbumArtSmall.jpg

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\Folder.jpg

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\01 John Denver & The Muppets - Twelve Days Of Christmas.mp3

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\02 John Denver & The Muppets - The Peace Carol.mp3

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\03 John Denver & The Muppets - Christmas Is Coming.mp3

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\04 John Denver & The Muppets - A Baby Just Like You.mp3

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\05 John Denver & The Muppets - Deck The Halls.mp3

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\06 John Denver & The Muppets - Noel Christmas Eve, 1913.mp3

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\07 John Denver & The Muppets - The Christmas Wish.mp3

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\08 John Denver & The Muppets - Medley Alfie, Carol, It's In Everyone Of Us.mp3

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\09 John Denver & The Muppets - Silent Night, Holy Night.mp3

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\10 John Denver & The Muppets - We Wish You A Merry Christmas.mp3

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\jdatm-act.cover01.jpg

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\jdatm-act.cover01.sm.jpg

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\jdatm-act.cover02.jpg

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\John Denver & The Muppets - A Christmas Together.m3u

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\john denver& the muppets-a christmas together\Thumbs.db

d:\program files\BitLord\Downloads\John Denver & The Muppets - A Christmas Together\Thumbs.db

d:\program files\BitLord\Downloads\lang\lang_ar_ae.xml

d:\program files\BitLord\Downloads\lang\lang_bg_bg.xml

d:\program files\BitLord\Downloads\lang\lang_ca_es.xml

d:\program files\BitLord\Downloads\lang\lang_cz_cz.xml

d:\program files\BitLord\Downloads\lang\lang_da_dk.xml

d:\program files\BitLord\Downloads\lang\lang_de_de.xml

d:\program files\BitLord\Downloads\lang\lang_el_gr.xml

d:\program files\BitLord\Downloads\lang\lang_en_us.xml

d:\program files\BitLord\Downloads\lang\lang_es_ar.xml

d:\program files\BitLord\Downloads\lang\lang_es_es.xml

d:\program files\BitLord\Downloads\lang\lang_et_ee.xml

d:\program files\BitLord\Downloads\lang\lang_fi_fi.xml

d:\program files\BitLord\Downloads\lang\lang_fr_fr.xml

d:\program files\BitLord\Downloads\lang\lang_gl_es.xml

d:\program files\BitLord\Downloads\lang\lang_he_il.xml

d:\program files\BitLord\Downloads\lang\lang_hu_hu.xml

d:\program files\BitLord\Downloads\lang\lang_it_it.xml

d:\program files\BitLord\Downloads\lang\lang_jp_jp.xml

d:\program files\BitLord\Downloads\lang\lang_ko_kr.xml

d:\program files\BitLord\Downloads\lang\lang_nb_no.xml

d:\program files\BitLord\Downloads\lang\lang_nl_nl.xml

d:\program files\BitLord\Downloads\lang\lang_pl_pl.xml

d:\program files\BitLord\Downloads\lang\lang_pt_br.xml

d:\program files\BitLord\Downloads\lang\lang_pt_pt.xml

d:\program files\BitLord\Downloads\lang\lang_ro_ro.xml

d:\program files\BitLord\Downloads\lang\lang_ru_ru.xml

d:\program files\BitLord\Downloads\lang\lang_sk_sk.xml

d:\program files\BitLord\Downloads\lang\lang_sl_si.xml

d:\program files\BitLord\Downloads\lang\lang_sr_sr.xml

d:\program files\BitLord\Downloads\lang\lang_sv_se.xml

d:\program files\BitLord\Downloads\lang\lang_th_th.xml

d:\program files\BitLord\Downloads\lang\lang_tr_tr.xml

d:\program files\BitLord\Downloads\lang\lang_va_es.xml

d:\program files\BitLord\Downloads\lang\lang_zh_tw.xml

d:\program files\BitLord\Downloads\License.txt

d:\program files\BitLord\Downloads\MediaMonkey Gold\Demonoid.com.txt

d:\program files\BitLord\Downloads\MediaMonkey Gold\MediaMonkey_Gold_v3.0.5.1186\MediaMonkey Gold v3.0.5.1186\MediaMonkey_3.0.5.1186.exe

d:\program files\BitLord\Downloads\Prey[2007]DvDrip.AC3[Eng]-aXXo\prey-aXXo.nfo

d:\program files\BitLord\Downloads\Prey[2007]DvDrip.AC3[Eng]-aXXo\Prey[2007]DvDrip.AC3[Eng]-aXXo.avi

d:\program files\BitLord\Downloads\rules\ipfilter.dat

d:\program files\BitLord\Downloads\rules\tracker.dat

d:\program files\BitLord\Downloads\Shirley1.pdf

d:\program files\BitLord\Downloads\Shirley2.pdf

d:\program files\BitLord\Downloads\SlySoft.AnyDVD.HD.v6.3.0.3.FINAL.Incl.Patch-CU\cu.nfo

d:\program files\BitLord\Downloads\Thumbs.db

d:\program files\BitLord\Downloads\Torrents\AnyDVD + CloneDVD.torrent

d:\program files\BitLord\Downloads\Torrents\AnyDVD + CloneDVD.xml

d:\program files\BitLord\Downloads\Torrents\AnyDvd.Latest.Build.6459.with.CRACK.WARTH.rar.torrent

d:\program files\BitLord\Downloads\Torrents\AnyDvd.Latest.Build.6459.with.CRACK.WARTH.rar.xml

d:\program files\BitLord\Downloads\Torrents\Battle In Seattle 2007 DVDRip XviD AC3-FLAWL3SS.torrent

d:\program files\BitLord\Downloads\Torrents\Battle In Seattle 2007 DVDRip XviD AC3-FLAWL3SS.xml

d:\program files\BitLord\Downloads\Torrents\Clone DVD + Any DVD+ crack+serial (1).exe.torrent

d:\program files\BitLord\Downloads\Torrents\Clone DVD + Any DVD+ crack+serial (1).exe.xml

d:\program files\BitLord\Downloads\Torrents\SetupAnyDVD6459.multilangual.exe.torrent

d:\program files\BitLord\Downloads\Torrents\SetupAnyDVD6459.multilangual.exe.xml

d:\program files\BitLord\Downloads\Torrents\Thumbs.db.torrent

d:\program files\BitLord\Downloads\Torrents\Thumbs.db.xml

d:\program files\BitLord\Downloads\Torrents\Video tools.torrent

d:\program files\BitLord\Downloads\Torrents\Video tools.xml

d:\program files\BitLord\Downloads\Torrents\WitchBlade 2002 Movie.avi.torrent

d:\program files\BitLord\Downloads\Torrents\WitchBlade 2002 Movie.avi.xml

d:\program files\BitLord\Downloads\Total Audio Converter v2.6 Portable\Serial.txt

d:\program files\BitLord\Downloads\Total Audio Converter v2.6 Portable\Total Audio Converter 2.6 Portable.exe

d:\program files\BitLord\Downloads\Total Audio Converter v2.6 Portable\Total Audio Converter 2.6 PortableB.exe

d:\program files\BitLord\Downloads\Total Audio Converter v2.6 Portable\TotalAudioConverterSetup.exe

d:\program files\BitLord\Downloads\Trojan Hunter v5.0 build 962.zip

d:\program files\BitLord\Downloads\Trojan Hunter v5.0 build 962\Install notes.rtf

d:\program files\BitLord\Downloads\Trojan Hunter v5.0 build 962\TrojanHunterSetup.exe

d:\program files\BitLord\Downloads\Trojan Hunter v5.0 build 962\Updater & Lic\License.tlf

d:\program files\BitLord\Downloads\trojan hunter\FiLMFiX.jpeg.jpg

d:\program files\BitLord\Downloads\trojan hunter\infofil.txt

d:\program files\BitLord\Downloads\trojan hunter\Trojan Hunter\TrojanHunterSetup.exe

d:\program files\BitLord\Downloads\trojan hunter\Trojan Hunter\Updater & Lic\License.tlf

d:\program files\BitLord\Downloads\uninst.exe

d:\program files\BitLord\Downloads\WinAVI Video Converter 9.0+ Serial\Copy of Serial.txt

d:\program files\BitLord\Downloads\WinAVI Video Converter 9.0+ Serial\quicktimealt147.exe

d:\program files\BitLord\Downloads\WinAVI Video Converter 9.0+ Serial\Read Me First.txt

d:\program files\BitLord\Downloads\WinAVI Video Converter 9.0+ Serial\Serial.txt

d:\program files\BitLord\Downloads\WinAVI Video Converter 9.0+ Serial\wi.gif

d:\program files\BitLord\Downloads\WinAVI Video Converter 9.0+ Serial\WinAVI Video Converter 9.0.txt

d:\program files\BitLord\Downloads\WinAVI Video Converter 9.0+ Serial\WinAVI Video Converter v9.0.exe

d:\program files\BitLord\Downloads\WinRAR v3.62 Corporate (Registered)\Readme.txt

d:\program files\BitLord\Downloads\WinRAR v3.62 Corporate (Registered)\WinRAR v3.62 Corp.exe

d:\program files\BitLord\Downloads\WitchBlade 2002 Movie.avi

d:\program files\BitLord\lang\lang_ar_ae.xml

d:\program files\BitLord\lang\lang_bg_bg.xml

d:\program files\BitLord\lang\lang_ca_es.xml

d:\program files\BitLord\lang\lang_cz_cz.xml

d:\program files\BitLord\lang\lang_da_dk.xml

d:\program files\BitLord\lang\lang_de_de.xml

d:\program files\BitLord\lang\lang_el_gr.xml

d:\program files\BitLord\lang\lang_en_us.xml

d:\program files\BitLord\lang\lang_es_ar.xml

d:\program files\BitLord\lang\lang_es_es.xml

d:\program files\BitLord\lang\lang_et_ee.xml

d:\program files\BitLord\lang\lang_fi_fi.xml

d:\program files\BitLord\lang\lang_fr_fr.xml

d:\program files\BitLord\lang\lang_gl_es.xml

d:\program files\BitLord\lang\lang_he_il.xml

d:\program files\BitLord\lang\lang_hu_hu.xml

d:\program files\BitLord\lang\lang_it_it.xml

d:\program files\BitLord\lang\lang_jp_jp.xml

d:\program files\BitLord\lang\lang_ko_kr.xml

d:\program files\BitLord\lang\lang_nb_no.xml

d:\program files\BitLord\lang\lang_nl_nl.xml

d:\program files\BitLord\lang\lang_pl_pl.xml

d:\program files\BitLord\lang\lang_pt_br.xml

d:\program files\BitLord\lang\lang_pt_pt.xml

d:\program files\BitLord\lang\lang_ro_ro.xml

d:\program files\BitLord\lang\lang_ru_ru.xml

d:\program files\BitLord\lang\lang_sk_sk.xml

d:\program files\BitLord\lang\lang_sl_si.xml

d:\program files\BitLord\lang\lang_sr_sr.xml

d:\program files\BitLord\lang\lang_sv_se.xml

d:\program files\BitLord\lang\lang_th_th.xml

d:\program files\BitLord\lang\lang_tr_tr.xml

d:\program files\BitLord\lang\lang_va_es.xml

d:\program files\BitLord\lang\lang_zh_tw.xml

d:\program files\BitLord\License.txt

d:\program files\BitLord\rules\ipfilter.dat

d:\program files\BitLord\rules\tracker.dat

d:\program files\BitLord\Torrents\(APPS) - Partition Magic Pro 8 (With Serial).torrent

d:\program files\BitLord\Torrents\(APPS) - Partition Magic Pro 8 (With Serial).xml

d:\program files\BitLord\Torrents\Alvin.And.The.Chipmunks.2007.DvDRip.Eng-FxM[0].torrent

d:\program files\BitLord\Torrents\Alvin.And.The.Chipmunks.2007.DvDRip.Eng-FxM[0].xml

d:\program files\BitLord\Torrents\Any_DVD.torrent

d:\program files\BitLord\Torrents\Any_DVD.xml

d:\program files\BitLord\Torrents\AnyDVD & AnyDVD HD 6.5.1.8 - Final[MULTI][key].torrent

d:\program files\BitLord\Torrents\AnyDVD & AnyDVD HD 6.5.1.8 - Final[MULTI][key].xml

d:\program files\BitLord\Torrents\AnyDVD & AnyDVD HD 6.5.8.2.torrent

d:\program files\BitLord\Torrents\AnyDVD & AnyDVD HD 6.5.8.2.xml

d:\program files\BitLord\Torrents\AnyDVD & AnyDVD HD v6.5.4.0 FINAL + Crack By ChattChitto.torrent

d:\program files\BitLord\Torrents\AnyDVD & AnyDVD HD v6.5.4.0 FINAL + Crack By ChattChitto.xml

d:\program files\BitLord\Torrents\AnyDVD + CloneDVD.torrent

d:\program files\BitLord\Torrents\AnyDVD + CloneDVD.xml

d:\program files\BitLord\Torrents\AnyDVD 6.4.55 Final.torrent

d:\program files\BitLord\Torrents\AnyDVD 6.4.55 Final.xml

d:\program files\BitLord\Torrents\AnyDVD 6.5.8.7.torrent

d:\program files\BitLord\Torrents\AnyDVD 6.5.8.7.xml

d:\program files\BitLord\Torrents\AnyDvd.Latest.Build.6459.with.CRACK.WARTH.rar.torrent

d:\program files\BitLord\Torrents\AnyDvd.Latest.Build.6459.with.CRACK.WARTH.rar.xml

d:\program files\BitLord\Torrents\AnyDVD.v6.4.5.9-RES-crk.zip.torrent

d:\program files\BitLord\Torrents\AnyDVD.v6.4.5.9-RES-crk.zip.xml

d:\program files\BitLord\Torrents\AnyDVD_6_1_1_4_o-Demonoid.com-o_2467712.7642.torrent

d:\program files\BitLord\Torrents\Ashampoo Burning Studio 9.20 + Keygen-AT4RE.torrent

d:\program files\BitLord\Torrents\Ashampoo Burning Studio 9.20 + Keygen-AT4RE.xml

d:\program files\BitLord\Torrents\Battle In Seattle 2007 DVDRip XviD AC3-FLAWL3SS.torrent

d:\program files\BitLord\Torrents\bestdivx-scoobydoo3.avi.torrent

d:\program files\BitLord\Torrents\bestdivx-scoobydoo3.avi.xml

d:\program files\BitLord\Torrents\BladeRunnerFinalCut.torrent

d:\program files\BitLord\Torrents\BladeRunnerFinalCut.xml

d:\program files\BitLord\Torrents\Bolt - 2009 - DvdRip.torrent

d:\program files\BitLord\Torrents\Bolt - 2009 - DvdRip[0].xml

d:\program files\BitLord\Torrents\Bolt.DVDSCR.XViD.torrent

d:\program files\BitLord\Torrents\Bolt.DVDSCR.XViD.xml

d:\program files\BitLord\Torrents\Brothers.and.Sisters.S04E01.HDTV.XviD-2HD.torrent

d:\program files\BitLord\Torrents\Brothers.and.Sisters.S04E01.HDTV.XviD-2HD.xml

d:\program files\BitLord\Torrents\Catwoman DVDrip [ENG]-KDM.avi.torrent

d:\program files\BitLord\Torrents\Catwoman DVDrip [ENG]-KDM.avi.xml

d:\program files\BitLord\Torrents\Clone DVD + Any DVD+ crack+serial (1).exe.bc!.torrent

d:\program files\BitLord\Torrents\Clone DVD + Any DVD+ crack+serial (1).exe.bc!.xml

d:\program files\BitLord\Torrents\Clone DVD + Any DVD+ crack+serial (1).exe.torrent

d:\program files\BitLord\Torrents\Clone DVD + Any DVD+ crack+serial (1).exe.xml

d:\program files\BitLord\Torrents\Clone DVD + Any DVD+ crack+serial.exe.bc!.torrent

d:\program files\BitLord\Torrents\Clone DVD 2.9.1.0 & Clone CD 5.3.0.1.torrent

d:\program files\BitLord\Torrents\Clone DVD 2.9.1.0 & Clone CD 5.3.0.1.xml

d:\program files\BitLord\Torrents\Confessions of a Shopaholic (2009) [DvDRiP].torrent

d:\program files\BitLord\Torrents\Confessions of a Shopaholic (2009) [DvDRiP].xml

d:\program files\BitLord\Torrents\ConvertXtoDVD 3.8.0.193d.torrent + Keygen

d:\program files\BitLord\Torrents\ConvertXtoDVD 3.8.0.193d.torrent

d:\program files\BitLord\Torrents\ConvertXtoDVD 3.8.0.193d.xml

d:\program files\BitLord\Torrents\ConvertXtoDVD 3.8.0.193d[0].torrent

d:\program files\BitLord\Torrents\ConvertXtoDVD 3.8.0.193d[0].xml

d:\program files\BitLord\Torrents\Dark City [Director's Cut] [H264-BDRip-UnisonBand].torrent

d:\program files\BitLord\Torrents\Dark City [Director's Cut] [H264-BDRip-UnisonBand].xml

d:\program files\BitLord\Torrents\Deja.Vu[2006]DvDrip[Eng]-aXXo (RE-UPLOAD).avi.torrent

d:\program files\BitLord\Torrents\Deja.Vu[2006]DvDrip[Eng]-aXXo (RE-UPLOAD).avi.xml

d:\program files\BitLord\Torrents\Duplicity[2009]DvDrip[Eng]-FXG.torrent

d:\program files\BitLord\Torrents\Duplicity[2009]DvDrip[Eng]-FXG.xml

d:\program files\BitLord\Torrents\Duplicity[2009]DvDrip[Eng]-FXG_chat.xml

d:\program files\BitLord\Torrents\Get.Smart[2008]DvDrip-aXXo.torrent

d:\program files\BitLord\Torrents\Get.Smart[2008]DvDrip-aXXo.xml

d:\program files\BitLord\Torrents\Home Alone & Home Alone 2 [DVDRip].torrent

d:\program files\BitLord\Torrents\Home Alone & Home Alone 2 [DVDRip].xml

d:\program files\BitLord\Torrents\How To Spot A Fake aXXo or FXG Release Before You Download.torrent

d:\program files\BitLord\Torrents\How To Spot A Fake aXXo or FXG Release Before You Download.xml

d:\program files\BitLord\Torrents\Ice Age 1&2.torrent

d:\program files\BitLord\Torrents\Ice Age 1&2.xml

d:\program files\BitLord\Torrents\Ice Age 1&2_chat.xml

d:\program files\BitLord\Torrents\Ice.Age.3.Dawn.Of.The.Dinosaurs.2009.R5.XviD.torrent

d:\program files\BitLord\Torrents\Ice.Age.3.Dawn.Of.The.Dinosaurs.2009.R5.XviD.xml

d:\program files\BitLord\Torrents\John Denver & The Muppets - A Christmas Together.torrent

d:\program files\BitLord\Torrents\John Denver & The Muppets - A Christmas Together.xml

d:\program files\BitLord\Torrents\Lakeview Terrace[2008]DvDrip[Eng]-FXG.torrent

d:\program files\BitLord\Torrents\Lakeview Terrace[2008]DvDrip[Eng]-FXG.xml

d:\program files\BitLord\Torrents\Marley & Me[2008]DvDrip[Eng]-FXG.torrent

d:\program files\BitLord\Torrents\Mercy.S01E01.Can.We.Get.that.Drink.Now.HDTV.XviD-FQM.avi.torrent

d:\program files\BitLord\Torrents\Mercy.S01E01.Can.We.Get.that.Drink.Now.HDTV.XviD-FQM.avi.xml

d:\program files\BitLord\Torrents\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip.torrent

d:\program files\BitLord\Torrents\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip.xml

d:\program files\BitLord\Torrents\Microsoft Publisher 2002 and serial.torrent

d:\program files\BitLord\Torrents\Microsoft Publisher 2002 and serial.xml

d:\program files\BitLord\Torrents\No Reservations.torrent

d:\program files\BitLord\Torrents\Office2007_ThinApp.torrent

d:\program files\BitLord\Torrents\Office2007_ThinApp.xml

d:\program files\BitLord\Torrents\Partition Magic v 8.0 (Win).rar.torrent

d:\program files\BitLord\Torrents\Partition Magic v 8.0 (Win).rar.xml

d:\program files\BitLord\Torrents\Partition Magic v8 [ kentuckykiid ].torrent

d:\program files\BitLord\Torrents\Partition Magic v8 [ kentuckykiid ].xml

d:\program files\BitLord\Torrents\Phone Booth (2002).avi.torrent

d:\program files\BitLord\Torrents\Phone Booth (2002).avi.xml

d:\program files\BitLord\Torrents\PowerPoint Viewer 2007.zip.torrent

d:\program files\BitLord\Torrents\PowerPoint Viewer 2007.zip.xml

d:\program files\BitLord\Torrents\Prey[2007]DvDrip.AC3[Eng]-aXXo.torrent

d:\program files\BitLord\Torrents\Prey[2007]DvDrip.AC3[Eng]-aXXo.xml

d:\program files\BitLord\Torrents\Religulous[2008]DvDrip[Eng]-FXG.torrent

d:\program files\BitLord\Torrents\Religulous[2008]DvDrip[Eng]-FXG.xml

d:\program files\BitLord\Torrents\SetupAnyDVD6459.multilangual.exe.torrent

d:\program files\BitLord\Torrents\SetupAnyDVD6459.multilangual.exe.xml

d:\program files\BitLord\Torrents\Sleeping.Beauty[1959]DvDrip-aXXo.torrent

d:\program files\BitLord\Torrents\Sleeping.Beauty[1959]DvDrip-aXXo.xml

d:\program files\BitLord\Torrents\Slysoft AnyDVD V6.5.5.9 [blaze69] [mininova].torrent

d:\program files\BitLord\Torrents\Slysoft AnyDVD V6.5.5.9 [blaze69].torrent

d:\program files\BitLord\Torrents\Slysoft AnyDVD V6.5.5.9 [blaze69].xml

d:\program files\BitLord\Torrents\Star.Trek.2009.DvDRip-FxM.torrent

d:\program files\BitLord\Torrents\Star.Trek.2009.DvDRip-FxM.xml

d:\program files\BitLord\Torrents\Stealth (2005)DvD Rip[Tabsman][H33T][Release](2005.torrent

d:\program files\BitLord\Torrents\Stealth (2005)DvD Rip[Tabsman][H33T][Release](2005.xml

d:\program files\BitLord\Torrents\Stealth (2005)DvD Rip[Tabsman][H33T][Release](2005_chat.xml

d:\program files\BitLord\Torrents\Steel.Trap.2007.LiMiTED.PROPER.DVDRip.XviD.torrent

d:\program files\BitLord\Torrents\Steel.Trap.2007.LiMiTED.PROPER.DVDRip.XviD.xml

d:\program files\BitLord\Torrents\Sunshine Cleaning(2008)BRrip[uKB-RG Xvid]-keltz.torrent

d:\program files\BitLord\Torrents\Sunshine Cleaning(2008)BRrip[uKB-RG Xvid]-keltz.xml

d:\program files\BitLord\Torrents\T'was the Night Before Christmas.torrent

d:\program files\BitLord\Torrents\T'was the Night Before Christmas.xml

d:\program files\BitLord\Torrents\Taking.Lives[2004]DvDrip.AC3.6ch[Eng]-Zeus_Dias.avi.torrent

d:\program files\BitLord\Torrents\Taking.Lives[2004]DvDrip.AC3.6ch[Eng]-Zeus_Dias.avi.xml

d:\program files\BitLord\Torrents\The Proposal.2009.DVDRip.Xvid.torrent

d:\program files\BitLord\Torrents\The Proposal.2009.DVDRip.Xvid.xml

d:\program files\BitLord\Torrents\The Reader[2008]DVDRip.torrent

d:\program files\BitLord\Torrents\The Reader[2008]DVDRip.xml

d:\program files\BitLord\Torrents\The Tale of Despereaux[2008]DvDrip[Eng]-FXG.torrent

d:\program files\BitLord\Torrents\The Tale of Despereaux[2008]DvDrip[Eng]-FXG.xml

d:\program files\BitLord\Torrents\The Tale of Despereaux[2008]DvDrip[Eng]-FXG_chat.xml

d:\program files\BitLord\Torrents\The.Deal.2008.DVDRip.XviD-B0DZi0.torrent

d:\program files\BitLord\Torrents\The.Deal.2008.DVDRip.XviD-B0DZi0.xml

d:\program files\BitLord\Torrents\The.Deal.2008.DVDRip.XviD.torrent

d:\program files\BitLord\Torrents\The.Deal.2008.DVDRip.XviD.xml

d:\program files\BitLord\Torrents\Thumbs.db.torrent

d:\program files\BitLord\Torrents\Thumbs.db.xml

d:\program files\BitLord\Torrents\Total Audio Converter v2.6 Portable.torrent

d:\program files\BitLord\Torrents\Total Audio Converter v2.6 Portable.xml

d:\program files\BitLord\Torrents\Trojan Hunter v5.0 build 962.zip.torrent

d:\program files\BitLord\Torrents\Trojan Hunter v5.0 build 962.zip.xml

d:\program files\BitLord\Torrents\trojan hunter.torrent

d:\program files\BitLord\Torrents\trojan hunter.xml

d:\program files\BitLord\Torrents\U3 Norton Partition Magic 8.05 English.u3p.torrent

d:\program files\BitLord\Torrents\U3 Norton Partition Magic 8.05 English.u3p.xml

d:\program files\BitLord\Torrents\Up.BDRip.XviD-DiAMOND.torrent

d:\program files\BitLord\Torrents\Up.BDRip.XviD-DiAMOND.xml

d:\program files\BitLord\Torrents\Up.BDRip.XviD-DiAMOND_chat.xml

d:\program files\BitLord\Torrents\Video tools.torrent

d:\program files\BitLord\Torrents\Video tools.xml

d:\program files\BitLord\Torrents\VIDEO_TS.torrent

d:\program files\BitLord\Torrents\VIDEO_TS.xml

d:\program files\BitLord\Torrents\VSO ConvertXtoDVD 3.8.0.193d+keygen.torrent

d:\program files\BitLord\Torrents\VSO ConvertXtoDVD 3.8.0.193d+keygen.xml

d:\program files\BitLord\Torrents\WALT DISNEYS TREASURE PLANET[DVDRIP][ENG]-kidzcorner&J.T.R.torrent

d:\program files\BitLord\Torrents\WALT DISNEYS TREASURE PLANET[DVDRIP][ENG]-kidzcorner&J.T.R.xml

d:\program files\BitLord\Torrents\Wanted[2008]DvDrip[Eng]-FXG.torrent

d:\program files\BitLord\Torrents\Wanted[2008]DvDrip[Eng]-FXG.xml

d:\program files\BitLord\Torrents\WinAVI Video Converter 9.0+ Serial.torrent

d:\program files\BitLord\Torrents\WinAVI Video Converter 9.0+ Serial.xml

d:\program files\BitLord\Torrents\WinRAR v3.62 Corporate (Registered).torrent

d:\program files\BitLord\Torrents\WinRAR v3.62 Corporate (Registered).xml

d:\program files\BitLord\Torrents\WitchBlade 2002 Movie.avi.torrent

d:\program files\BitLord\Torrents\WitchBlade 2002 Movie.avi.torrent.torrent

d:\program files\BitLord\Torrents\WitchBlade 2002 Movie.avi.xml

d:\program files\BitLord\Torrents\Witchblade TV Show Season 1 Episodes 1 & 2 (Canus TV by Jade).torrent

d:\program files\BitLord\Torrents\Witchblade TV Show Season 1 Episodes 1 & 2 (Canus TV by Jade).xml

d:\program files\BitLord\Torrents\witchblade.torrent

d:\program files\BitLord\Torrents\Witchblade.xml

d:\program files\BitLord\Torrents\Yes.Man.2008.DvDRip-FxM.torrent

d:\program files\BitLord\Torrents\Yes.Man.2008.DvDRip-FxM.xml

d:\program files\BitLord\Torrents\Yes.Man.2008.DvDRip-FxM_chat.xml

d:\program files\BitLord\uninst.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))

.

.

2012-02-16 01:48 . 2012-02-16 01:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2012-02-07 10:03 . 2012-01-06 04:19 6557240 ----a-r- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{97F319C8-7397-46F1-A7A4-7E9BA13A06F9}\mpengine.dll

2012-02-07 04:24 . 2012-02-07 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2012-01-31 23:13 . 2012-01-31 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\program files\Apple Software Update

2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2012-01-31 23:12 . 2012-01-31 23:12 -------- d-----w- c:\program files\Bonjour

2012-01-25 08:44 . 2012-01-25 08:49 -------- d-----w- c:\documents and settings\Steen\Application Data\PCPro

2012-01-25 08:44 . 2012-01-25 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data

2012-01-24 05:19 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-01-24 05:19 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-01-24 05:19 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-01-24 05:19 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-24 05:19 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-01-24 05:19 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-01-24 05:19 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-01-24 05:19 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-01-24 05:19 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2012-01-24 05:05 . 2011-11-28 18:01 199816 ------w- c:\windows\system32\aswBoot.exe

2012-01-24 05:04 . 2012-01-24 05:19 -------- d-----w- c:\program files\AVAST Software

2012-01-23 07:34 . 2012-01-23 19:15 -------- d-----w- c:\documents and settings\Steen\Application Data\Registry Mechanic

2012-01-23 07:25 . 2012-01-23 07:31 -------- d-----w- c:\program files\RegZooka

2012-01-23 06:10 . 2012-01-23 06:10 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconD7F16134.exe

2012-01-23 06:10 . 2012-01-23 06:10 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconCF33A0CE.exe

2012-01-23 06:10 . 2012-01-23 06:10 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconF7A21AF7.exe

2012-01-23 06:10 . 2012-01-25 08:16 -------- d-----w- C:\sh4ldr

2012-01-23 06:09 . 2012-01-25 08:16 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP

2012-01-23 06:09 . 2012-01-23 06:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-01-23 05:47 . 2012-01-23 05:47 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2012-01-23 05:44 . 2012-01-23 05:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-01-23 05:44 . 2012-01-23 05:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 08:21 . 2010-04-07 05:52 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-25 08:49 . 2009-04-28 17:24 5276432 ----a-w- c:\windows\uninst.exe

2012-01-24 20:01 . 2008-04-13 18:36 43008 ---ha-w- c:\windows\system32\drivers\amdagp.sys

2012-01-11 20:33 . 2012-01-10 21:10 5836 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-01-06 04:19 . 2010-04-07 05:52 6557240 ----a-r- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-12-10 23:24 . 2010-04-09 01:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 01:20 . 2011-12-07 01:20 23552 ----a-w- c:\windows\system32\drivers\dfg.sys

2011-11-23 13:25 . 2006-02-28 12:00 1859584 ---ha-w- c:\windows\system32\win32k.sys

2005-12-15 21:54 . 2009-04-10 14:11 5037072 ------w- c:\program files\spybotsd14.exe

2010-03-18 09:47 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-24_02.50.52 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-12 07:02 . 2009-07-12 07:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-12 08:02 . 2009-07-12 08:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2011-08-31 07:05 . 2011-08-31 07:05 50536 c:\windows\system32\jdns_sd.dll

+ 2012-01-31 23:13 . 2011-08-03 01:38 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys

+ 2012-01-31 23:13 . 2011-08-03 01:38 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys

+ 2011-08-31 07:05 . 2011-08-31 07:05 73064 c:\windows\system32\dnssd.dll

+ 2011-08-31 07:05 . 2011-08-31 07:05 83816 c:\windows\system32\dns-sd.exe

+ 2008-04-13 18:36 . 2012-01-24 20:01 43008 c:\windows\system32\dllcache\amdagp.sys

+ 2009-04-10 00:12 . 2002-07-03 18:44 29697 c:\windows\system32\bdckp32.dll

+ 2012-01-31 23:13 . 2012-01-31 23:13 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe

+ 2012-01-29 19:32 . 2012-01-29 19:32 69632 c:\windows\Installer\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}\NewShortcut5_22EC35BDF8F245EB8DCB1C7FB65D0A71.exe

+ 2012-01-29 19:32 . 2012-01-29 19:32 69632 c:\windows\Installer\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}\NewShortcut1_22EC35BDF8F245EB8DCB1C7FB65D0A71.exe

+ 2012-01-29 19:32 . 2012-01-29 19:32 69632 c:\windows\Installer\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}\ARPPRODUCTICON.exe

+ 2012-01-25 08:15 . 2012-01-25 08:15 27499 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCall.dll

- 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2009-07-12 08:02 . 2009-07-12 08:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2011-05-14 09:17 . 2011-05-14 09:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

+ 2011-05-14 09:12 . 2011-05-14 09:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

+ 2011-05-14 09:11 . 2011-05-14 09:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll

+ 2011-02-08 20:52 . 2011-02-08 20:52 145688 c:\windows\system32\MicrosoftUpdateCatalogWebControl.dll

+ 2009-04-04 11:08 . 2012-01-30 16:03 295664 c:\windows\system32\FNTCACHE.DAT

+ 2011-08-31 07:05 . 2011-08-31 07:05 178536 c:\windows\system32\dnssdX.dll

+ 2012-01-26 09:26 . 2012-01-26 09:26 233472 c:\windows\ERDNTbackup\1-26-2012\Users\00000002\UsrClass.dat

+ 2012-01-26 09:26 . 2005-10-20 19:02 163328 c:\windows\ERDNTbackup\1-26-2012\ERDNT.EXE

+ 2012-01-25 08:15 . 2012-01-25 08:15 180382 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla21.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 175992 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla20.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 176035 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla2.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 176035 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla19.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 179340 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla18.exe

+ 2012-01-25 08:15 . 2012-01-25 08:15 176545 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla17.dll

+ 2012-01-25 08:15 . 2012-01-25 08:15 179340 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCalla.dll

+ 2012-01-31 23:13 . 2011-08-03 01:38 4517664 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll

+ 2012-01-31 23:13 . 2011-08-03 01:38 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll

+ 2012-01-31 23:13 . 2012-01-31 23:13 1769984 c:\windows\Installer\166854.msi

+ 2012-01-31 23:13 . 2012-01-31 23:13 1717248 c:\windows\Installer\166823.msi

+ 2012-01-31 23:12 . 2012-01-31 23:12 2002432 c:\windows\Installer\16681c.msi

+ 2012-01-31 23:11 . 2012-01-31 23:11 1530368 c:\windows\Installer\1667f1.msi

+ 2012-01-29 19:32 . 2012-01-29 19:32 13460480 c:\windows\Installer\11981f.msi

+ 2012-01-26 09:26 . 2012-01-26 09:26 16723968 c:\windows\ERDNTbackup\1-26-2012\Users\00000001\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

"dvd43"="" [bU]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-10-07 33538048]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 614400]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

c:\documents and settings\Chuck.STEEN-APR3-2009\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-3 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\SUPDSvc.exe"=

"c:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8701:TCP"= 8701:TCP:Bitlord

"7212:TCP"= 7212:TCP:c:\\Program Files\\Bitlord

"1:TCP"= 1:TCP:Intel HaM Data Fax Voice

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/23/2012 9:19 PM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/23/2012 9:19 PM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/23/2012 9:19 PM 20568]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/6/2010 10:02 PM 12184]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [4/10/2009 6:11 AM 13592]

R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [6/21/2002 1:39 PM 469935]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [4/5/2009 3:50 PM 100456]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/20/2009 10:17 PM 47360]

R3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [4/9/2009 4:12 PM 238080]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [4/5/2009 3:47 PM 876288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [12/6/2011 5:20 PM 23552]

S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [4/15/2010 12:10 PM 132464]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]

.

2010-11-21 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-11-21 07:01]

.

2012-02-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2009-04-10 01:20]

.

2012-01-25 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2012-01-07 05:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.dogpile.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll

Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - d:\program files\TAX\2009QuickTax\ic2007pp.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - d:\program files\TAX\ic2011pp.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\

FF - prefs.js: browser.search.selectedEngine - Dogpile

FF - prefs.js: browser.startup.homepage - hxxp://dogpile.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-16 09:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(768)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

Completion time: 2012-02-16 09:32:27

ComboFix-quarantined-files.txt 2012-02-16 17:32

ComboFix2.txt 2012-02-15 07:36

ComboFix3.txt 2012-01-24 04:10

.

Pre-Run: 126,771,335,168 bytes free

Post-Run: 125,420,040,192 bytes free

.

- - End Of File - - B59B42A2DD77BB09614D8EA8139D1813

Link to post
Share on other sites

Good! :)

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

You are so right, Maniac, it took a while to do those scans. I had a couple of snags with ESET Scanner but it eventually ran. :wacko:

avast! antivirus does not seem very effective if it allowed me to get 24 infections!

Steener19

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=087a4ad422dd7e4caaeb9daab20968a3

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-17 01:31:25

# local_time=2012-02-16 05:31:25 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 57883276 57883276 0 0

# compatibility_mode=768 16777215 100 0 58752278 58752278 0 0

# compatibility_mode=1024 16777215 100 0 70425977 70425977 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=202588

# found=24

# cleaned=24

# scan_time=7399

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Steen\Application Data\Sun\Java\Deployment\cache\6.0\38\7390ca6-26c0a1a9 Java/Exploit.CVE-2010-3562.A trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\RegZooka\RegZooka.exe a variant of Win32/Adware.RegGenie application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvesdb6m.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvesdb6m.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome\xulcache.jar.vir JS/Agent.NCP trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Steen\Application Data\Mozilla\Firefox\Profiles\g7rgvzoa.default\extensions\{23fffce4-eb3f-44ff-98d2-0b075f14e7b9}\chrome\xulcache.jar.vir JS/Agent.NCP trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E91EF918-B3E7-4C9E-AE7C-BD23E5EB618E}\RP24\A0005133.exe a variant of Win32/Adware.RegGenie application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E91EF918-B3E7-4C9E-AE7C-BD23E5EB618E}\RP25\A0005432.exe a variant of Win32/Adware.RegGenie application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\DVD Burn Programs\AnyDVD Folder\Newest Slysoft Folder\Clone DVD + Any DVD+ crack+serial (1).exe probably a variant of Win32/Adware.Agent.EQTHDWD application (deleted - quarantined) 00000000000000000000000000000000 C

D:\DVD Burn Programs\AnyDVD Folder\Newest Slysoft Folder\Slysoft BEST Pack - AnyDVD - CloneDVD - CloneCD - CloneDVD Mobile - GameJackal Pro\CloneDVD [2.9.1.2]\CloneDVD2Keygen.7z probably a variant of Win32/TrojanDownloader.Agent.TMULUZ trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\found.000\dir0000.chk\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C

D:\found.000\dir0000.chk\Setup_FreeConverter2.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Program Files\For Sharing\Babylon Pro + ClonDVD + AnyDVD + crack + serial(1).zip probably a variant of Win32/Adware.Agent.EQTHDWD application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Program Files\For Sharing\Clone Programs zipped\2_2_2_Clone DVD + Any DVD+ crack+serial.zip probably a variant of Win32/Adware.Agent.EQTHDWD application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Program Files\For Sharing\Clone Programs zipped\2_2_Clone DVD + Any DVD+ crack+serial.zip probably a variant of Win32/Adware.Agent.EQTHDWD application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Program Files\For Sharing\Clone Programs zipped\2_2_Clone DVD + Any DVD+ crack+serial\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\AnyDVD v2.0.0.4.rar probably a variant of Win32/Adware.Agent.EQTHDWD application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Program Files\Utilities\jZipV1c.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

D:\Program Files\Utilities\RegZooka.exe a variant of Win32/Adware.RegGenie application (deleted - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{E91EF918-B3E7-4C9E-AE7C-BD23E5EB618E}\RP25\A0005433.exe probably a variant of Win32/Adware.Agent.EQTHDWD application (deleted - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{E91EF918-B3E7-4C9E-AE7C-BD23E5EB618E}\RP25\A0005434.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{E91EF918-B3E7-4C9E-AE7C-BD23E5EB618E}\RP25\A0005435.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{E91EF918-B3E7-4C9E-AE7C-BD23E5EB618E}\RP25\A0005436.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{E91EF918-B3E7-4C9E-AE7C-BD23E5EB618E}\RP25\A0005437.exe a variant of Win32/Adware.RegGenie application (deleted - quarantined) 00000000000000000000000000000000 C

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.16.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Steen :: STEEN-APR3-2009 [administrator]

2/16/2012 1:57:38 PM

mbam-log-2012-02-16 (13-57-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222623

Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

It is necessary to discontinue the use of pirated software. There's plenty of free alternatives, and often the software can be found on the specials at very low prices. Most often it comes with injected malicious code.

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Next, let me know how are things running now.

Link to post
Share on other sites

Hi Maniac,

I just did the final stages, so I guess it's too soon to really say how things are acting.

In the previously installed programs I was having difficulties accessing, I discovered one of the ".ini" files was reset as 'read-only' and I was able to correct that. I think the macine is responding faster now.

The issue with not being able to update Windows XP because something is has me set as not Administrator still remains. :( Should I do a reinstall of the O/S?

There was several programs removed that I had downloaded as freeware from Cnet. I thought that was a safe site?

Thank you so much for your help. I will give you another update when I have had a chance to run the machine more.

Steener19

Link to post
Share on other sites

Hello Maniac,

The applications I referred to were PC Cleaner - which is a total scam, and Driver Detective which requires you to buy before it will do anything. Also delted were Regzooka and Registry Mechanic but I think both of those were a link to somwhere else because I can't find them on Cnet again.

I tried the M/S support but it made no difference. I even tried finding the appropriate update file and setting to "run as Administrator" in the Run options on the Start menu. It made no difference.

Steener19

Link to post
Share on other sites

The applications I referred to were PC Cleaner - which is a total scam, and Driver Detective which requires you to buy before it will do anything. Also delted were Regzooka and Registry Mechanic but I think both of those were a link to somwhere else because I can't find them on Cnet again.

I do not suggest you use them because they can harm one way or another on your system. Control of software that gets into CNET is not good enough.

I tried the M/S support but it made no difference. I even tried finding the appropriate update file and setting to "run as Administrator" in the Run options on the Start menu. It made no difference.

Please download and run this tool: http://users.telenet.be/marcvn/tools/WUS_Fix.exe . This should restore the default registry settings related with BITS and Automatic updates.

Let me know.

Link to post
Share on other sites

I ran the program but sadly, still the same message that I must be logged on as Administrator to update (which I am). :wacko: I left it for about 15 minutes and checked back. The "turbo" light on the computer had stopped by then so I assumed it to be done. Did I not wait long enough? There was no dialogue box or anything to tell me how long to expect.

The file I was talking about that I had checked was system32\wupdmng.exe. I re-set the attributes for it from hidden & read-only but it has not helped any. Is there another .ini file or . exe that I should look at?

Link to post
Share on other sites

Hi Maniac,

It will still not work. I followed the instructions for the 'Run as..." first; when that did not work, I tried the secondary log-on instructions. When I get to "Secondary services" and click the 'Action Menu', the "Start" button is greyed out. There is an indication that the servie is 'running' and I tried to "Restart" because I can't access start. It does not do anything.

Should I try repacing the file from the Installation disk?

Steener19

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Hello Maniac,

I kept checking for your reply, but I did not realize we were on page 2, so I thought you were away. :blink:

I ran the Kaspersky on-line scan but apparently I did not save the log properly, because now I can't find it. It did find a bunch of trojans; mostly in the Recycler folder and in Quarantine. I deleted all. I see that I am going to have to change my 'surfing habits' and stay away from some of the obvious problem sites.

Despite all the cleaning bottom line is I still cannot log on to Windows updater despite my account being set as Administrator.

Without the Kaspersky log, is there anything else we can do or did I screw it up royally? :unsure:

Steener19

Link to post
Share on other sites

Don't worry, it is not a big deal. ;)

Step 1

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Step 2

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next post, please include:

  • Farbar Service Scanner log
  • aswMBR log

Link to post
Share on other sites

Hi again, Maniac,

Thanks for being both helpful & understanding. :) I've done numerous anti-virus scans before with simpler programs but this is my first venture this deep into the problem. I have sure learned a lot from you - most importantly to be more cautious. I always thought a good anti-virus program would keep me safe. Apparently "good" is a relative term! ^_^

As instructed, here are the new scans.

Farbar Service Scanner Version: 22-02-2012

Ran by Steen (administrator) on 26-02-2012 at 13:17:11

Running from "D:\Program Files\Utilities\AntiVirus Scan Folder\Farbar Scanner"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x080000000500000001000000020000000300000004000000080000000600000007000000

IpSec Tag value is correct.

**** End of log ****

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software

Run date: 2012-02-26 13:20:07

-----------------------------

13:20:07.250 OS Version: Windows 5.1.2600 Service Pack 3

13:20:07.250 Number of processors: 4 586 0x202

13:20:07.250 ComputerName: STEEN-APR3-2009 UserName: Steen

13:20:08.375 Initialize success

13:20:08.468 AVAST engine defs: 12022602

13:20:10.687 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

13:20:10.703 Disk 0 Vendor: WDC_WD1600JB-00GVA0 08.02D08 Size: 152627MB BusType: 3

13:20:10.703 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-17

13:20:10.703 Disk 1 Vendor: ST3250410AS 4.AAA Size: 238475MB BusType: 3

13:20:10.703 Disk 1 MBR read successfully

13:20:10.703 Disk 1 MBR scan

13:20:10.718 Disk 1 Windows XP default MBR code

13:20:10.718 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63

13:20:10.718 Disk 1 scanning sectors +488376000

13:20:10.781 Disk 1 scanning C:\WINDOWS\system32\drivers

13:20:17.296 Service scanning

13:20:27.703 Modules scanning

13:20:33.468 Disk 1 trace - called modules:

13:20:33.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

13:20:33.515 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8accfab8]

13:20:33.515 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8ac809e8]

13:20:33.515 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-17[0x8acb1b00]

13:20:34.062 AVAST engine scan C:\WINDOWS

13:20:51.843 AVAST engine scan C:\WINDOWS\system32

13:22:55.906 AVAST engine scan C:\WINDOWS\system32\drivers

13:23:12.609 AVAST engine scan C:\Documents and Settings\Steen

13:32:49.765 AVAST engine scan C:\Documents and Settings\All Users

13:33:57.234 Scan finished successfully

14:33:02.890 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Steen\Desktop\Virus Scans\MBR.dat"

14:33:02.890 The log file has been saved successfully to "C:\Documents and Settings\Steen\Desktop\Virus Scans\aswMBR.txt"

Steener19

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.