Jump to content

trojan.agent


Recommended Posts

this thing is driving me absolutely insane.

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 2

11/26/2009 6:37:59 AM

mbam-log-2009-11-26 (06-37-56).txt

Scan type: Quick Scan

Objects scanned: 94504

Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Zech\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:47:43 AM, on 11/26/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun

O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\LOCALS~1\ntuser.dll,_IWMPEvents@0

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--

End of file - 5912 bytes

Link to post
Share on other sites

Hello zechariah

Welcome to Malwarebytes. :blink:

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

here we are

OTL logfile created on: 11/28/2009 3:44:45 PM - Run 1

OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Zech\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.29% Memory free

3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.02% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.55 Gb Total Space | 23.54 Gb Free Space | 31.57% Space Free | Partition Type: NTFS

Drive D: | 386.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

Drive F: | 2.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive G: | 5.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MOLEMAN

Current User Name: Zech

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Zech\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe (DT Soft Ltd)

PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)

PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe (IDT, Inc.)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Program Files\Propellerhead\Reason\Reason.exe (Propellerhead Software AB)

PRC - C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)

PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()

PRC - C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\System32\bcmwltry.exe (Motorola Inc.)

PRC - C:\WINDOWS\System32\wltrysvc.exe ()

PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Zech\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\lz32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\calc.dll (Microsoft)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc [2009/05/17 19:00:18 | 00,000,000 | ---D | M]

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (STacSV) -- c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe (IDT, Inc.)

SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()

SRV - (NVSvc) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (wltrysvc) -- C:\WINDOWS\System32\wltrysvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (atksgt) -- C:\WINDOWS\System32\DRIVERS\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys ()

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (GEARAspiWDM) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (mcdbus) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys (MagicISO, Inc.)

DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (STHDA) -- C:\WINDOWS\System32\drivers\sthda.sys (IDT, Inc.)

DRV - (AtcL001) -- C:\WINDOWS\System32\DRIVERS\l151x86.sys (Atheros Communications, Inc.)

DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)

DRV - (nv) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (PAC7302) -- C:\WINDOWS\System32\DRIVERS\PAC7302.SYS (PixArt Imaging Inc.)

DRV - (pdiddcci) -- C:\WINDOWS\System32\DRIVERS\pdiddcci.sys (Portrait Displays, Inc.)

DRV - (PdiPorts) -- C:\WINDOWS\System32\Drivers\PdiPorts.sys (Portrait Displays, Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (Ptilink) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.08

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/19 16:16:35 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/01 21:08:25 | 00,000,000 | ---D | M]

[2009/05/18 06:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Mozilla\Extensions

[2009/05/18 06:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/11/26 06:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Mozilla\Firefox\Profiles\e7liyykm.default\extensions

[2009/05/19 16:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Mozilla\Firefox\Profiles\e7liyykm.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2009/11/26 06:48:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/11/01 21:08:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/05/19 16:46:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/10/19 14:53:45 | 02,164,467 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\1348490.dll

[2009/11/01 21:07:57 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/11/01 21:07:57 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/04/15 12:24:54 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll

[2008/11/10 23:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

[2009/04/15 12:24:36 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

[2009/04/15 12:24:44 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2009/11/01 21:08:11 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/10/03 02:09:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/10/03 02:09:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/10/03 02:09:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/10/03 02:09:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/10/03 02:09:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/10/03 02:09:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/10/03 02:09:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2007/04/16 09:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

[2009/04/15 12:24:54 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll

[2009/11/01 21:08:15 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/11/01 21:08:15 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/06/23 17:28:57 | 00,001,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009/11/01 21:08:15 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/11/01 21:08:15 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/11/01 21:08:15 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/11/01 21:08:15 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/11/01 21:08:15 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)

O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [calc] C:\Documents and Settings\LocalService\ntuser.dll (Microsoft)

O4 - Startup: C:\Documents and Settings\Zech\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/20 16:15:26 | 00,000,000 | ---D | M] - C:\Auto Tune -- [ NTFS ]

O32 - AutoRun File - [2009/05/17 19:03:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/08/10 07:52:56 | 00,106,496 | RH-- | M] () - F:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007/08/08 00:11:43 | 00,000,050 | RH-- | M] () - F:\Autorun.inf -- [ UDF ]

O32 - AutoRun File - [2007/08/10 08:24:29 | 00,000,414 | RH-- | M] () - F:\autorun.ini -- [ UDF ]

O32 - AutoRun File - [2009/04/22 21:55:11 | 00,054,544 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2008/10/21 15:48:42 | 00,000,045 | R--- | M] () - G:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{4af619ba-4467-11de-84ce-001e90a3be8e}\Shell - "" = AutoRun

O33 - MountPoints2\{4af619ba-4467-11de-84ce-001e90a3be8e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4af619ba-4467-11de-84ce-001e90a3be8e}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2007/08/10 07:52:56 | 00,106,496 | RH-- | M] ()

O33 - MountPoints2\{4af619ce-4467-11de-84ce-001e90a3be8e}\Shell - "" = AutoRun

O33 - MountPoints2\{4af619ce-4467-11de-84ce-001e90a3be8e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4af619ce-4467-11de-84ce-001e90a3be8e}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2009/04/22 21:55:11 | 00,054,544 | R--- | M] (Electronic Arts)

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2007/08/10 07:52:56 | 00,106,496 | RH-- | M] ()

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/28 15:43:05 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zech\Desktop\OTL.exe

[2009/11/26 06:45:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/11/26 06:36:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009/11/26 06:01:01 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/11/26 06:00:57 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2009/11/26 05:58:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/11/26 05:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009/11/26 05:58:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/11/26 05:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/11/25 06:51:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/11/25 06:30:33 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/11/09 13:27:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/28 15:43:05 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zech\Desktop\OTL.exe

[2009/11/28 05:10:24 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\Zech\NTUSER.DAT

[2009/11/28 03:46:44 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/28 03:46:44 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/28 03:46:44 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/28 03:42:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/28 03:42:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/28 03:41:21 | 00,000,192 | ---- | M] () -- C:\Documents and Settings\Zech\defogger_renable

[2009/11/28 03:40:51 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\lmivonmn.exe

[2009/11/28 03:40:45 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\Defogger.exe

[2009/11/28 03:40:37 | 00,524,800 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\dds.scr

[2009/11/27 22:32:24 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2009/11/27 22:32:23 | 00,000,779 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/11/27 22:32:23 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/27 17:34:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/27 17:33:30 | 00,215,298 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\murder.rns

[2009/11/26 06:45:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\HijackThis.lnk

[2009/11/26 06:42:04 | 03,575,028 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\Combo-Fix.exe

[2009/11/26 06:02:14 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/11/26 06:00:53 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2009/11/26 06:00:51 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2009/11/26 05:58:53 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009/11/25 06:03:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe

[2009/11/23 17:59:30 | 07,244,534 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\fwdsongsneedembothatyourhouse.zip

[2009/11/19 20:25:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/11/14 05:08:09 | 00,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat

[2009/11/10 13:29:12 | 01,983,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/28 03:41:15 | 00,000,192 | ---- | C] () -- C:\Documents and Settings\Zech\defogger_renable

[2009/11/28 03:40:50 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\lmivonmn.exe

[2009/11/28 03:40:45 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\Defogger.exe

[2009/11/28 03:40:37 | 00,524,800 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\dds.scr

[2009/11/27 17:22:20 | 00,215,298 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\murder.rns

[2009/11/26 06:45:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\HijackThis.lnk

[2009/11/26 06:42:00 | 03,575,028 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\Combo-Fix.exe

[2009/11/26 06:26:34 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2009/11/26 06:01:24 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/11/26 05:58:53 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009/11/25 06:03:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe

[2009/11/23 17:59:23 | 07,244,534 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\fwdsongsneedembothatyourhouse.zip

[2009/10/12 14:42:30 | 00,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/10/12 14:42:29 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/06/23 17:09:30 | 00,000,291 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini

[2009/05/29 19:33:38 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Zech\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2007/06/28 08:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/28 08:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/28 08:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/28 08:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/28 08:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/03/20 15:44:02 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI

[2004/08/03 20:56:44 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004/07/17 07:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2009/05/18 19:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2009/05/19 03:12:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

[2009/05/18 04:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2009/10/12 10:33:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2009/06/09 16:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2009/05/19 16:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2009/11/26 05:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/05/18 19:24:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/05/18 19:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/05/18 04:32:45 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}

[2009/11/26 05:58:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/05/18 19:28:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\acccore

[2009/10/12 14:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\DAEMON Tools Pro

[2009/06/23 17:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\DisplayTune

[2009/11/26 17:25:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\FrostWire

[2009/05/19 16:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Propellerhead Software

[2009/11/01 21:47:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\uTorrent

[2009/10/23 18:17:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Viewpoint

[2009/11/26 06:02:14 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 11/28/2009 3:44:45 PM - Run 1

OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Zech\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.29% Memory free

3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.02% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.55 Gb Total Space | 23.54 Gb Free Space | 31.57% Space Free | Partition Type: NTFS

Drive D: | 386.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

Drive F: | 2.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive G: | 5.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MOLEMAN

Current User Name: Zech

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"14637:TCP" = 14637:TCP:*:Enabled:BitComet 14637 TCP

"14637:UDP" = 14637:UDP:*:Enabled:BitComet 14637 UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)

"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Please uninstall these applications.

If you choose to not remove them then I cannot help you any further.

The one present are these:

utorrent

Bit Comet

Frostwire

Once you have removed them please post a new OTL log then we will continue.

Link to post
Share on other sites

i'm sorry i forgot this

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-11-28 17:08:29

Windows 5.1.2600 Service Pack 2

Running: 8ptkcsvc.exe; Driver: C:\DOCUME~1\Zech\LOCALS~1\Temp\awldypow.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA8F887E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA8F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7F28380, 0x2FF527, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB30E2300, 0x3B6D8, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBACA8300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\MagicDisc\MagicDisc.exe[212] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 10002A5E; RET

.text C:\Program Files\MagicDisc\MagicDisc.exe[212] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 10001BCE; RET

.text C:\Program Files\MagicDisc\MagicDisc.exe[212] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 10001B9A; RET

.text C:\Program Files\MagicDisc\MagicDisc.exe[212] ADVAPI32.DLL!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 10001B03; RET

.text C:\Program Files\MagicDisc\MagicDisc.exe[212] ADVAPI32.DLL!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 10001B2B; RET

.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[240] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 10002A5E; RET

.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[240] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 10001BCE; RET

.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[240] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 10001B9A; RET

.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[240] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 10001B03; RET

.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[240] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 10001B2B; RET

.text C:\Program Files\AIM6\aolsoftware.exe[540] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 10002A5E; RET

.text C:\Program Files\AIM6\aolsoftware.exe[540] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 10001BCE; RET

.text C:\Program Files\AIM6\aolsoftware.exe[540] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 10001B9A; RET

.text C:\Program Files\AIM6\aolsoftware.exe[540] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 10001B03; RET

.text C:\Program Files\AIM6\aolsoftware.exe[540] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 10001B2B; RET

.text C:\Program Files\Propellerhead\Reason\Reason.exe[1032] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 02232A5E; RET

.text C:\Program Files\Propellerhead\Reason\Reason.exe[1032] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 02231BCE; RET

.text C:\Program Files\Propellerhead\Reason\Reason.exe[1032] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 02231B9A; RET

.text C:\Program Files\Propellerhead\Reason\Reason.exe[1032] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 02231B03; RET

.text C:\Program Files\Propellerhead\Reason\Reason.exe[1032] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 02231B2B; RET

.text C:\Documents and Settings\Zech\Desktop\8ptkcsvc.exe[1808] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 10002A5E; RET

.text C:\Documents and Settings\Zech\Desktop\8ptkcsvc.exe[1808] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 10001BCE; RET

.text C:\Documents and Settings\Zech\Desktop\8ptkcsvc.exe[1808] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 10001B9A; RET

.text C:\Documents and Settings\Zech\Desktop\8ptkcsvc.exe[1808] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 10001B03; RET

.text C:\Documents and Settings\Zech\Desktop\8ptkcsvc.exe[1808] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 10001B2B; RET

.text C:\WINDOWS\Explorer.EXE[1824] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00AD2A5E; RET

.text C:\WINDOWS\Explorer.EXE[1824] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 00AD1BCE; RET

.text C:\WINDOWS\Explorer.EXE[1824] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 00AD1B9A; RET

.text C:\WINDOWS\Explorer.EXE[1824] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 00AD1B03; RET

.text C:\WINDOWS\Explorer.EXE[1824] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 00AD1B2B; RET

.text C:\Program Files\IDT\WDM\sttray.exe[1936] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00C62A5E; RET

.text C:\Program Files\IDT\WDM\sttray.exe[1936] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 00C61BCE; RET

.text C:\Program Files\IDT\WDM\sttray.exe[1936] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 00C61B9A; RET

.text C:\Program Files\IDT\WDM\sttray.exe[1936] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 00C61B03; RET

.text C:\Program Files\IDT\WDM\sttray.exe[1936] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 00C61B2B; RET

.text C:\Program Files\iTunes\iTunesHelper.exe[1956] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 011E2A5E; RET

.text C:\Program Files\iTunes\iTunesHelper.exe[1956] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 011E1BCE; RET

.text C:\Program Files\iTunes\iTunesHelper.exe[1956] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 011E1B9A; RET

.text C:\Program Files\iTunes\iTunesHelper.exe[1956] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 011E1B03; RET

.text C:\Program Files\iTunes\iTunesHelper.exe[1956] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 011E1B2B; RET

.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[1984] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 016D2A5E; RET

.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[1984] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 016D1BCE; RET

.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[1984] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 016D1B9A; RET

.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[1984] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 016D1B03; RET

.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[1984] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 016D1B2B; RET

.text C:\WINDOWS\system32\rundll32.exe[2000] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 10002A5E; RET

.text C:\WINDOWS\system32\rundll32.exe[2000] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 10001BCE; RET

.text C:\WINDOWS\system32\rundll32.exe[2000] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 10001B9A; RET

.text C:\WINDOWS\system32\rundll32.exe[2000] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 10001B03; RET

.text C:\WINDOWS\system32\rundll32.exe[2000] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 10001B2B; RET

.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00B42A5E; RET

.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 00B41BCE; RET

.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 00B41B9A; RET

.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 00B41B03; RET

.text C:\WINDOWS\system32\RUNDLL32.EXE[2036] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 00B41B2B; RET

.text C:\Program Files\AIM6\aim6.exe[2044] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 10002A5E; RET

.text C:\Program Files\AIM6\aim6.exe[2044] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 10001BCE; RET

.text C:\Program Files\AIM6\aim6.exe[2044] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 10001B9A; RET

.text C:\Program Files\AIM6\aim6.exe[2044] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 10001B03; RET

.text C:\Program Files\AIM6\aim6.exe[2044] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 10001B2B; RET

.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 10002A5E; RET

.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 10001BCE; RET

.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 10001B9A; RET

.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 10001B03; RET

.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 10001B2B; RET

.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] WS2_32.dll!send 71AB428A 6 Bytes PUSH 10001A92; RET

.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] WS2_32.dll!WSARecv 71AB4318 6 Bytes PUSH 100029B3; RET

.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] WS2_32.dll!recv 71AB615A 6 Bytes PUSH 10002A16; RET

.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] WS2_32.dll!WSASend 71AB6233 6 Bytes PUSH 10001A0D; RET

.text C:\WINDOWS\system32\wscntfy.exe[2848] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 10002A5E; RET

.text C:\WINDOWS\system32\wscntfy.exe[2848] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 10001BCE; RET

.text C:\WINDOWS\system32\wscntfy.exe[2848] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 10001B9A; RET

.text C:\WINDOWS\system32\wscntfy.exe[2848] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 10001B03; RET

.text C:\WINDOWS\system32\wscntfy.exe[2848] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 10001B2B; RET

.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[2884] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 10002A5E; RET

.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[2884] kernel32.dll!FindNextFileW 7C80F13A 6 Bytes PUSH 10001BCE; RET

.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[2884] kernel32.dll!FindNextFileA 7C839019 6 Bytes PUSH 10001B9A; RET

.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[2884] ADVAPI32.dll!RegDeleteValueA 77DDEDE5 6 Bytes PUSH 10001B03; RET

.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[2884] ADVAPI32.dll!RegDeleteValueW 77DDEEF1 6 Bytes PUSH 10001B2B; RET

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[540] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr@imagepath \systemroot\system32\drivers\gasfkyosrvoynp.sys

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main@aid 20063

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main@sid 0

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\delete@C:\DOCUME~1\Zech\LOCALS~1\Temp\gasfkyuocxrevpfm.tmp

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\delete@C:\DOCUME~1\Zech\LOCALS~1\Temp\gasfkytwtspwnrdx.tmp

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\injector@* gasfkywsp.dll

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkyosrvoynp.sys

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\modules@gasfkycmd.dll \systemroot\system32\gasfkyjcptakwk.dll

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\modules@gasfkylog.dat \systemroot\system32\gasfkydxsnpuna.dat

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\modules@gasfkywsp.dll \systemroot\system32\gasfkypjnsicob.dll

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0xFF 0x28 0xF2 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0xE2 0x26 0x2C ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x94 0x2A 0xC4 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0xFF 0x28 0xF2 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0xE2 0x26 0x2C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x94 0x2A 0xC4 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0xFF 0x28 0xF2 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0xE2 0x26 0x2C ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x94 0x2A 0xC4 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\LocalService\ntuser.dll 24064 bytes

File C:\Documents and Settings\Zech\ntuser.dll 24064 bytes

File C:\Documents and Settings\Zech\Start Menu\Programs\Startup\scandisk.dll 24064 bytes

File C:\Documents and Settings\Zech\Start Menu\Programs\Startup\scandisk.lnk 647 bytes

File C:\WINDOWS\system32\calc.dll 24064 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

they're gone now. sorry. i should have read the rules.

OTL logfile created on: 11/28/2009 5:10:36 PM - Run 2

OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Zech\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.37% Memory free

3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.88% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.55 Gb Total Space | 23.61 Gb Free Space | 31.67% Space Free | Partition Type: NTFS

Drive D: | 386.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

Drive F: | 2.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive G: | 5.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MOLEMAN

Current User Name: Zech

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Zech\Desktop\8ptkcsvc.exe ()

PRC - C:\Documents and Settings\Zech\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe (DT Soft Ltd)

PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)

PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe (IDT, Inc.)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Program Files\Propellerhead\Reason\Reason.exe (Propellerhead Software AB)

PRC - C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)

PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()

PRC - C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\System32\bcmwltry.exe (Motorola Inc.)

PRC - C:\WINDOWS\System32\wltrysvc.exe ()

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Zech\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\lz32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\calc.dll (Microsoft)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc [2009/05/17 19:00:18 | 00,000,000 | ---D | M]

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (STacSV) -- c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe (IDT, Inc.)

SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()

SRV - (NVSvc) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (wltrysvc) -- C:\WINDOWS\System32\wltrysvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (atksgt) -- C:\WINDOWS\System32\DRIVERS\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys ()

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (GEARAspiWDM) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (mcdbus) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys (MagicISO, Inc.)

DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (STHDA) -- C:\WINDOWS\System32\drivers\sthda.sys (IDT, Inc.)

DRV - (AtcL001) -- C:\WINDOWS\System32\DRIVERS\l151x86.sys (Atheros Communications, Inc.)

DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)

DRV - (nv) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (PAC7302) -- C:\WINDOWS\System32\DRIVERS\PAC7302.SYS (PixArt Imaging Inc.)

DRV - (pdiddcci) -- C:\WINDOWS\System32\DRIVERS\pdiddcci.sys (Portrait Displays, Inc.)

DRV - (PdiPorts) -- C:\WINDOWS\System32\Drivers\PdiPorts.sys (Portrait Displays, Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (Ptilink) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.08

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/19 16:16:35 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/01 21:08:25 | 00,000,000 | ---D | M]

[2009/05/18 06:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Mozilla\Extensions

[2009/11/26 06:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Mozilla\Firefox\Profiles\e7liyykm.default\extensions

[2009/11/28 17:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Mozilla\Firefox\Profiles\e7liyykm.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2009/11/26 06:48:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/05/19 16:46:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/10/19 14:53:45 | 02,164,467 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\1348490.dll

[2008/11/10 23:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

[2007/04/16 09:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)

O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [calc] C:\Documents and Settings\LocalService\ntuser.dll (Microsoft)

O4 - Startup: C:\Documents and Settings\Zech\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/20 16:15:26 | 00,000,000 | ---D | M] - C:\Auto Tune -- [ NTFS ]

O32 - AutoRun File - [2009/05/17 19:03:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/08/10 07:52:56 | 00,106,496 | RH-- | M] () - F:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007/08/08 00:11:43 | 00,000,050 | RH-- | M] () - F:\Autorun.inf -- [ UDF ]

O32 - AutoRun File - [2007/08/10 08:24:29 | 00,000,414 | RH-- | M] () - F:\autorun.ini -- [ UDF ]

O32 - AutoRun File - [2009/04/22 21:55:11 | 00,054,544 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2008/10/21 15:48:42 | 00,000,045 | R--- | M] () - G:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{4af619ba-4467-11de-84ce-001e90a3be8e}\Shell - "" = AutoRun

O33 - MountPoints2\{4af619ba-4467-11de-84ce-001e90a3be8e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4af619ba-4467-11de-84ce-001e90a3be8e}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2007/08/10 07:52:56 | 00,106,496 | RH-- | M] ()

O33 - MountPoints2\{4af619ce-4467-11de-84ce-001e90a3be8e}\Shell - "" = AutoRun

O33 - MountPoints2\{4af619ce-4467-11de-84ce-001e90a3be8e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4af619ce-4467-11de-84ce-001e90a3be8e}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2009/04/22 21:55:11 | 00,054,544 | R--- | M] (Electronic Arts)

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2007/08/10 07:52:56 | 00,106,496 | RH-- | M] ()

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (*) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/28 15:43:05 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zech\Desktop\OTL.exe

[2009/11/26 06:45:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/11/26 06:36:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009/11/26 06:01:01 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/11/26 06:00:57 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2009/11/26 05:58:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/11/26 05:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009/11/26 05:58:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/11/26 05:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/11/25 06:51:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/11/25 06:30:33 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/11/09 13:27:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/28 17:10:41 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\Zech\NTUSER.DAT

[2009/11/28 15:57:17 | 00,014,056 | ---- | M] () -- C:\Documents and Settings\Zech\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/11/28 15:55:43 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\8ptkcsvc.exe

[2009/11/28 15:43:05 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zech\Desktop\OTL.exe

[2009/11/28 03:46:44 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/28 03:46:44 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/28 03:46:44 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/28 03:42:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/28 03:42:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/28 03:41:21 | 00,000,192 | ---- | M] () -- C:\Documents and Settings\Zech\defogger_renable

[2009/11/28 03:40:51 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\lmivonmn.exe

[2009/11/28 03:40:45 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\Defogger.exe

[2009/11/28 03:40:37 | 00,524,800 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\dds.scr

[2009/11/27 22:32:24 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2009/11/27 22:32:23 | 00,000,779 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/11/27 22:32:23 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/27 17:34:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/27 17:33:30 | 00,215,298 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\murder.rns

[2009/11/26 06:45:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\HijackThis.lnk

[2009/11/26 06:42:04 | 03,575,028 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\Combo-Fix.exe

[2009/11/26 06:02:14 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/11/26 06:00:53 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2009/11/26 06:00:51 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2009/11/26 05:58:53 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009/11/25 06:03:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe

[2009/11/23 17:59:30 | 07,244,534 | ---- | M] () -- C:\Documents and Settings\Zech\Desktop\fwdsongsneedembothatyourhouse.zip

[2009/11/19 20:25:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/11/14 05:08:09 | 00,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat

[2009/11/10 13:29:12 | 01,983,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/28 15:55:43 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\8ptkcsvc.exe

[2009/11/28 03:41:15 | 00,000,192 | ---- | C] () -- C:\Documents and Settings\Zech\defogger_renable

[2009/11/28 03:40:50 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\lmivonmn.exe

[2009/11/28 03:40:45 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\Defogger.exe

[2009/11/28 03:40:37 | 00,524,800 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\dds.scr

[2009/11/27 17:22:20 | 00,215,298 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\murder.rns

[2009/11/26 06:45:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\HijackThis.lnk

[2009/11/26 06:42:00 | 03,575,028 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\Combo-Fix.exe

[2009/11/26 06:26:34 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2009/11/26 06:01:24 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/11/26 05:58:53 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009/11/25 06:03:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe

[2009/11/23 17:59:23 | 07,244,534 | ---- | C] () -- C:\Documents and Settings\Zech\Desktop\fwdsongsneedembothatyourhouse.zip

[2009/10/12 14:42:30 | 00,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/10/12 14:42:29 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/06/23 17:09:30 | 00,000,291 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini

[2009/05/29 19:33:38 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Zech\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2007/06/28 08:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/28 08:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/28 08:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/28 08:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/28 08:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/03/20 15:44:02 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI

[2004/08/03 20:56:44 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004/07/17 07:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2009/05/18 19:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2009/05/19 03:12:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

[2009/05/18 04:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2009/10/12 10:33:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2009/06/09 16:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2009/05/19 16:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2009/11/26 05:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/05/18 19:24:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/05/18 19:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/05/18 04:32:45 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}

[2009/11/26 05:58:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/05/18 19:28:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\acccore

[2009/10/12 14:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\DAEMON Tools Pro

[2009/06/23 17:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\DisplayTune

[2009/11/26 17:25:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\FrostWire

[2009/05/19 16:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Propellerhead Software

[2009/11/28 17:09:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\uTorrent

[2009/10/23 18:17:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zech\Application Data\Viewpoint

[2009/11/26 06:02:14 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
    O4 - HKCU..\Run: [calc] C:\Documents and Settings\LocalService\ntuser.dll (Microsoft)
    [2009/11/25 06:03:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe

    :files
    C:\Documents and Settings\Zech\Local Settings\Temp\nsrbgxod.bak

    :reg
    [-HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr]

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

here's otl and mbam, but the eset scanner keeps locking up at 46% i let it run for an hour at 46 and it never went any further.

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\calc deleted successfully.

C:\WINDOWS\system32\calc.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\calc deleted successfully.

C:\Documents and Settings\LocalService\ntuser.dll moved successfully.

C:\WINDOWS\System32\18467.exe moved successfully.

========== FILES ==========

File move failed. C:\Documents and Settings\Zech\Local Settings\Temp\nsrbgxod.bak scheduled to be moved on reboot.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gasfkyojilxehr\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Zech

->Temp folder emptied: 147651404 bytes

->Temporary Internet Files folder emptied: 5345168 bytes

->Java cache emptied: 1322297 bytes

->FireFox cache emptied: 66536398 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2142714 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

Windows Temp folder emptied: 16450 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 7963302 bytes

Total Files Cleaned = 220.44 mb

OTL by OldTimer - Version 3.1.11.2 log created on 11282009_162721

Files\Folders moved on Reboot...

C:\Documents and Settings\Zech\Local Settings\Temp\nsrbgxod.bak moved successfully.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.41

Database version: 3245

Windows 5.1.2600 Service Pack 2

11/30/2009 2:49:23 AM

mbam-log-2009-11-30 (02-49-23).txt

Scan type: Full Scan (C:\|)

Objects scanned: 143613

Time elapsed: 1 hour(s), 27 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.