Jump to content

Vundo H and probably more


Recommended Posts

I have been struggling with this for over a week, and while at first it wouldn't allow MBAM to work I was able to get around it, and before posting this I would have ran a fresh QUickscan, but now the installer and even Notepad won't work on the infected machine. Renaming the EXE won't help, and while I've tried rebooting and starting MBAM ASAP will get it up and running, my copy of Avira finds issue with a file that MBAM has repeatedly overlooked that couldn't be Killbox'd

Here are my logs, and I will provide anything else I can once it starts running basic functions like the taskmanager again

Oh, I uninstalled AVG long ago and Im surprised to see bits of it left too, if any help could be given with that it'd be greatly appreciated as well.

Malwarebytes' Anti-Malware 1.44

Database version: 3631

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/25/2010 5:49:42 PM

mbam-log-2010-01-25 (17-49-42).txt

Scan type: Full Scan (C:\|E:\|)

Objects scanned: 288835

Time elapsed: 2 hour(s), 40 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 1

Registry Values Infected: 3

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\nafihuka.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\porajiha.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{be190e00-b66c-4409-bc83-7a2c598cf481} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zosujulib (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{be190e00-b66c-4409-bc83-7a2c598cf481} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nifomonij (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: mapupanu.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\porajiha.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\porajiha.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\mapupanu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mihamake.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nafihuka.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\porajiha.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\zizigosi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Owner at 19:18:58.23 on Mon 01/25/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1964 [GMT -6:00]

AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: F-PROT Antivirus for Windows *On-access scanning enabled* (Updated) {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Software Update 3\SoftAuto.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\systems.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://drmcninja.com/

mWinlogon: userinit=c:\windows\system32\userinit.exe

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} -

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {182ec0be-5110-49c8-a062-beb1d02a220b} - Adobe PDF

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [softAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [PCTVOICE] pctspk.exe

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe

mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Microsoft Windows Runtime DLL] c:\windows\system32\systems.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [rundll32.exe]

dRun: [WAB] c:\documents and settings\owner\application data\macromedia\common\2776005e19.exe

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\arcsoft\media card companion\MCC Monitor.exe

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37785.3592476852

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://f:\muvee\setup.exe

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

AppInit_DLLs: c:\windows\system32\samovevu.dll bawawaza.dll yukikono.dll c:\windows\system32\yagerumu.dll nafihuka.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: vikoruyow - {0acbbc85-ea4e-49b1-a90b-8ec7b6e7560c} - No File

SSODL: bitedomul - {d2ac7e52-67eb-4802-a732-cebc9604e2c7} - No File

STS: {0acbbc85-ea4e-49b1-a90b-8ec7b6e7560c} - No File

STS: {d2ac7e52-67eb-4802-a732-cebc9604e2c7} - No File

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,, digeste.dll

LSA: Notification Packages = scecli scecli scecli scecli scecli scecli yokipeze.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xyw3599a.default\

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2009-5-28 682840]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-25 11608]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-24 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-24 107272]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-25 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-25 185089]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-24 298264]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-25 56816]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2009-8-27 75424]

S0 Fasttrak;Fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2003-6-11 73856]

S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-24 27656]

S2 Ca536av;DV 5100M(Video);c:\windows\system32\drivers\Ca536av.sys [2006-12-2 514859]

S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-11-4 14424]

S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\plcmpr5.sys --> c:\windows\system32\PLCMPR5.SYS [?]

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2006-9-21 17280]

S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*

scrfile="%1" %*

=============== Created Last 30 ================

2010-01-26 00:08:48 20 ----a-w- c:\documents and settings\owner\defogger_reenable

2010-01-24 19:02:12 0 d-----w- C:\VundoFix Backups

2010-01-23 07:58:46 0 d-----w- c:\program files\Malwarebyte

2010-01-19 06:58:30 127808 ----a-w- c:\windows\system32\MSWINSCK.ocx

2010-01-19 06:58:29 6244864 ----a-w- c:\windows\system32\systems.exe

2010-01-07 17:05:57 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys

2010-01-07 17:05:57 112574 ----a-w- c:\windows\system32\drivers\ptserlp.sys

2009-12-31 15:45:28 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2009-12-31 15:45:24 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2009-12-31 15:45:24 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2009-12-31 15:45:20 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2009-12-31 15:45:15 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2009-12-31 15:45:10 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2009-12-31 15:45:04 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2009-12-31 15:45:03 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2009-12-31 15:45:00 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2009-12-31 15:43:56 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys

2009-12-31 15:42:56 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2009-12-31 15:41:58 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2009-12-31 15:40:55 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2009-12-31 15:39:59 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2009-12-31 15:38:58 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll

2009-12-31 15:37:54 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys

2009-12-31 15:36:58 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2009-12-31 15:35:56 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys

2009-12-31 15:34:58 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2009-12-31 15:33:59 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys

2009-12-31 15:32:57 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys

2009-12-31 15:31:57 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys

2009-12-31 15:30:59 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2009-12-31 15:29:56 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys

2009-12-31 15:29:50 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2009-12-31 15:29:45 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2009-12-31 15:29:40 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2009-12-31 15:29:39 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2009-12-31 15:29:28 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2009-12-31 15:29:25 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2009-12-31 15:29:19 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys

2009-12-31 15:29:12 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2009-12-31 15:29:07 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2009-12-31 15:29:04 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll

2009-12-31 15:27:58 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys

2009-12-31 15:26:57 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2009-12-31 15:25:58 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll

2009-12-31 15:24:59 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys

2009-12-31 15:23:57 123392 -c--a-w- c:\windows\system32\dllcache\hpgt21tk.dll

2009-12-31 15:22:58 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys

2009-12-31 15:21:58 174464 -c--a-w- c:\windows\system32\dllcache\es198x.sys

2009-12-31 15:20:59 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys

2009-12-31 15:19:59 110592 -c--a-w- c:\windows\system32\dllcache\dc260usd.dll

2009-12-31 15:18:59 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll

2009-12-31 15:17:33 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2009-12-31 15:16:59 36128 -c--a-w- c:\windows\system32\dllcache\banshee.sys

2009-12-31 15:14:06 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2009-12-31 15:14:05 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2009-12-31 15:14:04 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys

2009-12-31 15:14:04 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys

2009-12-31 15:14:03 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys

2009-12-31 15:14:02 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys

2009-12-31 15:14:02 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys

2009-12-31 15:14:01 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys

2009-12-31 15:14:00 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll

2009-12-30 21:23:19 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-30 21:23:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-30 21:22:55 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-12-30 21:09:04 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-30 21:09:04 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-30 21:09:03 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll

2009-12-30 21:09:03 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-30 21:09:03 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll

2009-12-30 21:09:03 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2009-12-30 21:09:02 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat

2009-12-30 21:09:02 1241088 -c--a-w- c:\windows\system32\dllcache\ieframe.dll.mui

2009-12-30 21:09:00 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-12-30 20:44:59 6656 -c--a-w- c:\windows\system32\dllcache\fxsres.dll

2009-12-30 20:43:55 19456 -c--a-w- c:\windows\system32\dllcache\agt040d.dll

2009-12-30 20:43:53 8704 -c--a-w- c:\windows\system32\dllcache\fxsperf.dll

2009-12-30 20:43:53 7168 -c--a-w- c:\windows\system32\dllcache\kbdibm02.dll

2009-12-30 20:43:48 6656 -c--a-w- c:\windows\system32\dllcache\kbdlk41a.dll

2009-12-30 20:43:48 119808 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe

2009-12-30 20:43:42 154112 -c--a-w- c:\windows\system32\dllcache\fxsui.dll

2009-12-30 20:43:29 55296 -c--a-w- c:\windows\system32\dllcache\fxsevent.dll

2009-12-30 20:43:29 27648 -c--a-w- c:\windows\system32\dllcache\rw001ext.dll

2009-12-30 20:43:28 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll

2009-12-30 20:43:20 218112 -c--a-w- c:\windows\system32\dllcache\c_g18030.dll

2009-12-30 20:43:15 26624 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll

2009-12-30 20:43:12 29184 -c--a-w- c:\windows\system32\dllcache\rw330ext.dll

2009-12-30 20:43:03 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll

2009-12-30 20:42:58 142848 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe

2009-12-30 20:42:56 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll

2009-12-30 20:42:55 456192 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll

2009-12-30 20:42:49 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll

2009-12-30 20:42:32 39936 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll

2009-12-30 20:42:32 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll

2009-12-30 20:42:32 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll

2009-12-30 20:35:55 19569 ----a-w- c:\windows\003187_.tmp

2009-12-30 20:14:54 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat

2009-12-30 20:11:11 2145280 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-30 20:11:09 2023936 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-30 19:42:19 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls

2009-12-30 19:42:12 156672 -c--a-w- c:\windows\system32\dllcache\winzm.ime

2009-12-30 19:42:12 156672 -c--a-w- c:\windows\system32\dllcache\winsp.ime

2009-12-30 19:42:12 156672 -c--a-w- c:\windows\system32\dllcache\winpy.ime

2009-12-30 19:42:11 79360 -c--a-w- c:\windows\system32\dllcache\winar30.ime

2009-12-30 19:42:11 72704 -c--a-w- c:\windows\system32\dllcache\wingb.ime

2009-12-30 19:42:11 65536 -c--a-w- c:\windows\system32\dllcache\winime.ime

2009-12-30 19:42:10 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2009-12-30 19:42:10 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2009-12-30 19:42:08 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll

2009-12-30 19:42:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll

2009-12-30 19:40:54 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll

2009-12-30 19:39:52 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime

2009-12-30 19:36:52 488 ---ha-r- c:\windows\system32\logonui.exe.manifest

2009-12-30 19:36:44 749 ---ha-r- c:\windows\WindowsShell.Manifest

2009-12-30 19:36:44 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest

2009-12-30 19:36:44 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest

2009-12-30 19:36:44 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest

2009-12-30 19:36:22 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2009-12-30 19:35:54 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll

2009-12-30 19:30:26 159458 ----a-w- c:\windows\system32\nvapps.nvb

2009-12-30 19:29:44 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys

2009-12-30 19:29:44 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys

2009-12-30 13:11:26 3220684800 ----a-w- c:\windows\MEMORY.DMP

==================== Find3M ====================

2010-01-13 02:12:36 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-30 19:35:23 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-29 02:02:30 98304 ----a-w- c:\windows\DUMP43b0.tmp

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-07 18:55:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2003-06-03 02:56:12 173732 ----a-w- c:\program files\timeless.zip

2009-06-02 14:00:48 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060220090603\index.dat

============= FINISH: 19:19:57.04 ===============

Attach.zip

Link to post
Share on other sites

Hi, I just wanted to say that I still need help here. I've spent the past few days scanning and rescanning until MBAM finds nothing, but yesterday the real-time protection of Avira found 9 nasty things while MBAM scanned without finding them, but it finds nothing when actively scanning. Another problem I have is that I cannot get into Safe Mode, as when I try to do so the computer locks up just before it starts up. Only once have I gotten it to work since I've been hit by this virus (Which was originally a fake thing called Antivirus Live but MBAM called Vundo.H) and that was when restarting after MBAM found some security disabler.

Please help, all the scans I run show nothing is there, but I still can't get into Safe mode so I know there's something lurking around.

Link to post
Share on other sites

Hello Firebeard

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • Sections

  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites

okay, here are the logs you wanted. GMER took a looong time, but it's done now, but with the log posted as text this post was too long for the forum so I added it as an attachment

OTL logfile created on: 1/31/2010 4:02:59 PM - Run 1

OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 186.31 Gb Total Space | 4.94 Gb Free Space | 2.65% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 74.53 Gb Total Space | 7.73 Gb Free Space | 10.38% Space Free | Partition Type: NTFS

Drive F: | 4.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-LKWQPDMO29

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)

PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

PRC - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)

PRC - C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)

PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)

PRC - C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (FPAVServer) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (CTUPnPSv) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)

SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)

SRV - (PLFlash DeviceIoControl Service) -- C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (TUWinStylerThemeSvc) -- C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (TuneUp Software GmbH)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)

SRV - (WMDM PMSP Service) -- C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()

DRV - (FPAV_RTP) -- C:\WINDOWS\system32\DRIVERS\FStopW.sys (FRISK Software International)

DRV - (FETND5BV) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )

DRV - (FET5X86V) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (cdrbsdrv) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)

DRV - (PLCNDIS5) -- C:\WINDOWS\system32\PLCNDIS5.SYS (Intellon, Inc.)

DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\FN312XP.sys (ZyXEL Communications Corporation.)

DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (Ca536av) DV 5100M(Video) -- C:\WINDOWS\system32\drivers\Ca536av.sys (Digital Camera)

DRV - (USBCamera) DV 5100M(Still) -- C:\WINDOWS\system32\drivers\Bulk536.sys (USB BULK)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (Ptserial) -- C:\WINDOWS\system32\drivers\ptserial.sys (PCTEL, INC.)

DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\system32\drivers\SQCaptur.sys (Service & Quality Technology.)

DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)

DRV - (Fasttrak) -- C:\WINDOWS\system32\drivers\Fasttrak.sys (Promise Technology, Inc.)

DRV - (usbcm) -- C:\WINDOWS\system32\drivers\usbcm.sys (Microsystems Corp)

DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)

DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Technologies, Inc. )

DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)

DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\hpzid412.sys (HP)

DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)

DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)

DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)

DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (FETNDIS) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://drmcninja.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 02:10:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/22 02:48:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla 1.7.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2009/06/15 02:35:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla 1.7.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2009/06/15 02:52:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/26 19:13:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/26 19:13:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/06/15 02:42:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/11/03 19:52:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/06/15 02:42:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/11/03 19:52:34 | 000,000,000 | ---D | M]

[2008/08/30 10:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2008/08/30 10:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/01/30 19:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xyw3599a.default\extensions

[2009/06/27 10:26:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xyw3599a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2006/04/30 00:12:25 | 000,000,000 | ---D | M] (UDInvGraphEnhance) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xyw3599a.default\extensions\{7BC5A936-2E6F-4d8a-BAB5-77C555E0AD71}

[2010/01/28 01:33:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xyw3599a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/01/30 19:31:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/26 19:13:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/03/22 02:49:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

[2009/04/04 14:33:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/06/12 14:29:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009/08/04 16:34:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/11/03 19:52:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/01/26 19:13:23 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/01/26 19:13:23 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/05/01 15:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll

[2009/10/11 04:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/05/12 12:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

[2009/05/18 16:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2008/03/20 17:21:26 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2006/08/08 20:13:49 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2010/01/26 19:13:32 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/21 01:52:04 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2009/06/15 02:42:07 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/06/15 02:42:08 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/06/15 02:42:08 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/06/15 02:42:08 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/06/15 02:42:08 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/06/15 02:42:08 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/06/15 02:42:08 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2007/03/21 01:52:18 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2007/03/21 01:51:58 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2009/05/01 15:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll

[2010/01/26 19:13:34 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/01/26 19:13:34 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/01/26 19:13:34 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/01/26 19:13:34 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/01/26 19:13:34 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/01/26 19:13:34 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/01/26 19:13:34 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/12/30 17:17:43 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe (PCtel, Inc.)

O4 - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)

O4 - HKCU..\Run: [softAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)

O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (HouseCall Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoftware.com/activescan/as5/asinst.cab (ActiveScan Installer Class)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7785.3592476852 (Reg Error: Key error.)

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (Reg Error: Key error.)

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} file://F:\MUVEE\setup.exe (InstallShield Setup Player 2K2)

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.93.41.127 24.93.41.128

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\windows\system32\samovevu.dll) - C:\WINDOWS\System32\samovevu.dll File not found

O20 - AppInit_DLLs: (bawawaza.dll) - File not found

O20 - AppInit_DLLs: (yukikono.dll) - File not found

O20 - AppInit_DLLs: (c:\windows\system32\yagerumu.dll) - C:\WINDOWS\System32\yagerumu.dll File not found

O20 - AppInit_DLLs: (nafihuka.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: bitedomul - {d2ac7e52-67eb-4802-a732-cebc9604e2c7} - CLSID or File not found.

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: vikoruyow - {0acbbc85-ea4e-49b1-a90b-8ec7b6e7560c} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {0acbbc85-ea4e-49b1-a90b-8ec7b6e7560c} - gahurihor - Reg Error: Key error. File not found

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {d2ac7e52-67eb-4802-a732-cebc9604e2c7} - gahurihor - Reg Error: Key error. File not found

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digeste.dll) - File not found

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/06/13 09:32:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{7a4584d8-c99e-11dd-9616-001349ab595d}\Shell - "" = AutoRun

O33 - MountPoints2\{7a4584d8-c99e-11dd-9616-001349ab595d}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{7a4584d8-c99e-11dd-9616-001349ab595d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

O36 - AppCertDlls: regerate - (C:\WINDOWS\system32\dllhsn32.dll) - C:\WINDOWS\System32\dllhsn32.dll File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/31 13:15:24 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/01/30 03:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2010/01/26 03:09:20 | 001,394,000 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\mbam.exe

[2010/01/24 13:02:12 | 000,000,000 | ---D | C] -- C:\VundoFix Backups

[2010/01/23 01:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebyte

[2010/01/23 01:45:39 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2010/01/19 03:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\LupinAbridged

[2010/01/19 00:58:30 | 000,127,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.ocx

[2010/01/16 03:30:59 | 003,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Owner\Desktop\spywareblastersetup42.exe

[2010/01/16 03:28:19 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe

[2010/01/15 00:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\bmsacj

[2010/01/07 11:05:57 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\drivers\ptserlp.sys

[2010/01/07 11:05:57 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys

[2009/12/01 14:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009/11/25 13:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2009/11/18 00:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2009/11/16 12:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/11/16 12:53:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/11/16 12:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2009/04/24 15:35:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/04/24 15:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/02/09 14:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[963 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/31 16:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\zoncjmoz.job

[2010/01/31 15:00:08 | 000,029,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\(Demonoid.com)-Stewart_Granger_King_Solomon's_Mines_(1950)_DVDRip_(SiRiUs_sHaRe)_104775.5456.torrent

[2010/01/31 13:16:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jjd70g7h.exe

[2010/01/31 13:15:31 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/01/31 08:50:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/01/31 08:50:21 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/31 01:34:15 | 035,287,196 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[Ozultima]Pokecrack.mp4

[2010/01/31 01:32:50 | 018,214,607 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Does Grell Creep You Out.wmv

[2010/01/30 23:26:50 | 000,006,383 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[]Demonoid.com[]-FALL_OF_THE_HULKS_RED_HULK_01_(2010)_104775.5456.torrent

[2010/01/30 23:25:18 | 000,028,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kids_in_the_Hall_Death_Comes_To_Town_S01E03_HDTV_XviD_2HD_x-Demonoid.com-x_104775.5456.torrent

[2010/01/30 23:25:10 | 000,028,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kids_in_the_Hall_Death_Comes_To_Town_S01E02_HDTV_XviD_2HD-((Demonoid.com))_104775.5456.torrent

[2010/01/30 23:25:00 | 000,028,644 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\++Demonoid.com++-Kids_in_the_Hall_Death_Comes_To_Town_S01E01_HDTV_XviD_2HD_104775.5456.torrent

[2010/01/29 17:15:00 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job

[2010/01/29 15:11:29 | 000,017,361 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[isoHunt] Princess Caraboo.torrent

[2010/01/29 12:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ywsaoiqd.job

[2010/01/29 11:23:27 | 000,020,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/29 11:20:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/29 11:20:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/29 01:54:25 | 018,874,368 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat

[2010/01/29 01:54:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini

[2010/01/29 01:21:28 | 001,947,990 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Anon-DrMario-Proctologist-DoD.mp3

[2010/01/28 22:34:32 | 000,015,701 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Burn_Notice_S03E11_Friendly_Fire_HDTV_XviD_FQM-_Demonoid.com_-_104775.5456.torrent

[2010/01/28 00:46:09 | 000,045,394 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[Demonoid.com]-Heroes_Season_3_Episodes_104775.5456.torrent

[2010/01/28 00:37:49 | 000,022,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\++Demonoid.com++-Heroes_Season_4(Ep_1_12)_with_English_Subtitles_104775.5456.torrent

[2010/01/27 04:39:00 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\F-PROT Antivirus - h.job

[2010/01/27 02:05:31 | 000,110,893 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\3333635617_56c80ca4c6.jpg

[2010/01/27 01:07:38 | 000,205,913 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Heroes_S1_S3_Full_3_Season_Collection-[[Demonoid.com]]_104775.5456.torrent

[2010/01/26 19:06:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/01/25 18:09:06 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable

[2010/01/25 17:49:53 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\mewuguro

[2010/01/24 23:44:33 | 000,015,202 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[]Demonoid.com[]-The_Big_Lebowski_[Eng][XviD][1998]_104775.5456.torrent

[2010/01/24 23:31:16 | 000,028,873 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LADYHAWKE[1985]DvDrip[ENG_4x3_Letterbox]-Osuald.4084450.TPB.torrent

[2010/01/24 23:15:44 | 000,014,363 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\o-Demonoid.com-o_The_Rocky_Horror_Picture_Show_Extended_Edition_104775.5456.torrent

[2010/01/24 20:35:05 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2010/01/24 17:38:17 | 000,050,621 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe

[2010/01/24 16:21:00 | 000,014,688 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[isoHunt] Predator[Arnold.Schwarzenegger][1987][DvDRip]Xvid[ENG]-Sizofrenik.avi.torrent

[2010/01/24 13:11:56 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr

[2010/01/23 15:43:11 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to mbam.exe.lnk

[2010/01/23 01:57:07 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/01/23 01:45:45 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2010/01/21 19:38:16 | 000,406,570 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\UltimateWarriorTwitch.gif

[2010/01/19 22:24:04 | 000,423,943 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TheUltimateWarrior.gif

[2010/01/19 01:03:52 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoGet.lnk

[2010/01/19 00:59:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\chrtmp

[2010/01/19 00:58:30 | 000,127,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.ocx

[2010/01/19 00:49:16 | 004,220,289 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ffdshow-rev3200-20100112.zip

[2010/01/17 16:32:55 | 000,014,246 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Genesis II.avi.torrent

[2010/01/16 03:35:50 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache

[2010/01/16 03:31:03 | 003,012,768 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Owner\Desktop\spywareblastersetup42.exe

[2010/01/16 03:28:22 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe

[2010/01/14 01:01:45 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI

[2010/01/12 20:12:36 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/01/12 20:01:22 | 000,050,688 | ---- | M] () -- C:\WINDOWS\System32\ff_acm.acm

[2010/01/12 17:42:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\mbam.exe

[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/01/07 16:05:19 | 001,184,200 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2

[2010/01/07 11:07:04 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/01/07 11:07:04 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/01/07 11:07:04 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[963 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\mewuguro

[2010/01/31 15:00:11 | 000,029,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\(Demonoid.com)-Stewart_Granger_King_Solomon's_Mines_(1950)_DVDRip_(SiRiUs_sHaRe)_104775.5456.torrent

[2010/01/31 13:16:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jjd70g7h.exe

[2010/01/31 01:30:17 | 018,214,607 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Does Grell Creep You Out.wmv

[2010/01/31 01:29:44 | 035,287,196 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\[Ozultima]Pokecrack.mp4

[2010/01/30 23:26:53 | 000,006,383 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\[]Demonoid.com[]-FALL_OF_THE_HULKS_RED_HULK_01_(2010)_104775.5456.torrent

[2010/01/30 23:25:21 | 000,028,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kids_in_the_Hall_Death_Comes_To_Town_S01E03_HDTV_XviD_2HD_x-Demonoid.com-x_104775.5456.torrent

[2010/01/30 23:25:13 | 000,028,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kids_in_the_Hall_Death_Comes_To_Town_S01E02_HDTV_XviD_2HD-((Demonoid.com))_104775.5456.torrent

[2010/01/30 23:25:04 | 000,028,644 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\++Demonoid.com++-Kids_in_the_Hall_Death_Comes_To_Town_S01E01_HDTV_XviD_2HD_104775.5456.torrent

[2010/01/30 19:47:48 | 000,011,201 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Batman_The_Brave_and_the_Bold_S02_E07_Clash_of_the_Metal_Men!_[Fanoftransformers]-_Demonoid.com_-_104775.5456.torrent

[2010/01/30 17:47:07 | 000,028,438 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Loose Cannons.avi.torrent

[2010/01/29 15:12:19 | 000,017,361 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\[isoHunt] Princess Caraboo.torrent

[2010/01/29 01:21:24 | 001,947,990 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Anon-DrMario-Proctologist-DoD.mp3

[2010/01/28 22:34:36 | 000,015,701 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Burn_Notice_S03E11_Friendly_Fire_HDTV_XviD_FQM-_Demonoid.com_-_104775.5456.torrent

[2010/01/28 00:46:17 | 000,045,394 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\[Demonoid.com]-Heroes_Season_3_Episodes_104775.5456.torrent

[2010/01/28 00:37:55 | 000,022,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\++Demonoid.com++-Heroes_Season_4(Ep_1_12)_with_English_Subtitles_104775.5456.torrent

[2010/01/27 02:05:30 | 000,110,893 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\3333635617_56c80ca4c6.jpg

[2010/01/27 01:07:39 | 000,205,913 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Heroes_S1_S3_Full_3_Season_Collection-[[Demonoid.com]]_104775.5456.torrent

[2010/01/25 18:08:48 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable

[2010/01/24 23:44:32 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\[]Demonoid.com[]-The_Big_Lebowski_[Eng][XviD][1998]_104775.5456.torrent

[2010/01/24 23:31:16 | 000,028,873 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LADYHAWKE[1985]DvDrip[ENG_4x3_Letterbox]-Osuald.4084450.TPB.torrent

[2010/01/24 23:15:14 | 000,014,363 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\o-Demonoid.com-o_The_Rocky_Horror_Picture_Show_Extended_Edition_104775.5456.torrent

[2010/01/24 17:38:14 | 000,050,621 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe

[2010/01/24 16:20:50 | 000,014,688 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\[isoHunt] Predator[Arnold.Schwarzenegger][1987][DvDRip]Xvid[ENG]-Sizofrenik.avi.torrent

[2010/01/24 13:11:56 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr

[2010/01/23 15:43:11 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to mbam.exe.lnk

[2010/01/23 13:23:48 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ywsaoiqd.job

[2010/01/21 19:38:15 | 000,406,570 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\UltimateWarriorTwitch.gif

[2010/01/19 22:24:04 | 000,423,943 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\TheUltimateWarrior.gif

[2010/01/19 00:59:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\chrtmp

[2010/01/19 00:49:09 | 004,220,289 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ffdshow-rev3200-20100112.zip

[2010/01/17 16:32:54 | 000,014,246 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Genesis II.avi.torrent

[2010/01/16 03:35:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache

[2010/01/01 16:26:23 | 125,526,016 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Harvey Birdman - 302 - Harvey's Civvy - IcyFlamez.avi

[2009/12/30 15:19:40 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Launch Internet Explorer Browser.lnk

[2009/07/30 04:44:45 | 000,020,152 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\c03a1910ab4c98b8fe52989672e7ed28-i686.cache-2

[2009/07/30 04:44:44 | 001,184,200 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2

[2009/05/25 02:24:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\95196086.ini

[2007/12/05 01:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/12/05 01:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/12/05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/11/21 23:46:40 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\sam.ini

[2007/11/06 18:00:58 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini

[2007/11/05 16:16:57 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.A081.dll

[2007/06/06 22:37:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2007/06/06 22:37:12 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll

[2007/06/05 22:29:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2007/06/05 22:25:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini

[2007/04/26 22:38:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2006/12/02 21:16:15 | 000,000,337 | ---- | C] () -- C:\WINDOWS\System32\dext536.ini

[2006/12/02 21:16:09 | 000,002,132 | ---- | C] () -- C:\WINDOWS\Ca536a.ini

[2006/06/30 00:41:54 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini

[2006/06/07 20:52:14 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Kingdia DVD Ripper.INI

[2006/05/29 21:06:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\UNWISE.INI

[2006/05/29 21:06:14 | 000,173,732 | ---- | C] () -- C:\Program Files\timeless.zip

[2006/05/26 07:29:14 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2006/04/03 06:26:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2005/10/10 04:38:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2005/09/19 21:55:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2005/07/13 21:16:04 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Ahead DVD Ripper.INI

[2005/07/13 20:54:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\autogk.ini

[2005/04/04 12:52:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2005/04/04 12:35:24 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2005/01/04 18:49:13 | 000,000,130 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/12/21 11:22:37 | 000,000,285 | ---- | C] () -- C:\WINDOWS\maketorrent.ini

[2004/11/08 00:01:55 | 000,046,346 | ---- | C] () -- C:\WINDOWS\System32\SmrtDrive.dll

[2004/11/06 18:21:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2004/10/11 15:13:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll

[2004/09/17 16:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2004/09/13 22:59:53 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI

[2004/08/23 20:52:14 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 Video Converter.INI

[2004/08/09 19:33:49 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll

[2004/08/09 19:33:49 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini

[2004/08/09 19:32:34 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini

[2004/08/03 18:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/07/23 23:42:20 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI

[2004/07/15 23:00:52 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys

[2004/07/12 15:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

[2004/07/01 19:00:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/06/11 00:27:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\carlin_saver.ini

[2004/05/12 04:16:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2004/04/08 17:55:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2004/03/21 14:29:31 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2004/01/09 09:47:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll

[2003/12/22 10:55:32 | 000,020,712 | ---- | C] () -- C:\WINDOWS\sysinfo.ini

[2003/12/22 08:50:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ZDDBView.INI

[2003/12/22 08:50:28 | 000,000,317 | ---- | C] () -- C:\WINDOWS\zdbui32.ini

[2003/11/28 08:39:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2003/11/28 08:38:58 | 000,000,539 | ---- | C] () -- C:\WINDOWS\videomvp.ini

[2003/11/28 08:38:09 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini

[2003/08/07 13:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2003/07/28 11:39:38 | 000,000,757 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2003/07/11 11:07:28 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2003/07/11 11:07:28 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2003/07/09 16:59:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini

[2003/06/25 03:06:09 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini

[2003/06/25 03:06:06 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll

[2003/06/25 02:09:18 | 000,001,006 | ---- | C] () -- C:\WINDOWS\netdet.ini

[2003/06/19 01:06:15 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI

[2003/06/16 10:26:03 | 000,000,030 | ---- | C] () -- C:\WINDOWS\gnucleus.INI

[2003/06/16 08:11:02 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2003/05/02 14:19:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2003/05/02 14:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2003/01/29 18:39:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dcfft2.dll

[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini

[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2002/10/06 12:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/10/04 17:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2002/10/04 17:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/10/04 17:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2002/08/29 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_006602_.tmp.dll

[2002/08/29 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_006570_.tmp.dll

[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini

[2002/05/29 07:50:02 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2002/01/14 22:36:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll

[2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll

[2000/07/22 16:49:46 | 000,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll

[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini

[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2010/01/30 03:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2009/05/27 14:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRISK Software

[2008/07/08 08:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2006/06/24 02:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2004/08/24 23:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2007/12/20 18:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/12/19 15:30:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}

[2009/12/19 15:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}

[2007/11/23 05:53:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C7B15A4D-99D2-403B-9496-CB28A4304C1D}

[2008/12/06 12:24:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0

[2008/12/06 12:24:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~1

[2009/11/09 00:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.BitTornado

[2007/06/22 22:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore

[2004/10/07 23:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aladdin Systems

[2009/04/27 14:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR

[2010/01/30 23:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent

[2004/03/11 11:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreCodec

[2004/06/09 23:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreFTP

[2008/02/06 03:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools

[2007/06/08 15:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dalak

[2008/12/02 01:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\deluge

[2007/11/12 22:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON

[2009/04/24 16:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FRISK Software

[2008/01/12 14:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2008/12/02 01:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0

[2003/12/02 11:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2006/01/13 00:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LEAPS

[2004/11/06 03:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Miranda

[2003/10/26 13:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera

[2008/04/12 23:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pegasys Inc

[2008/02/16 19:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RiffTrax

[2006/06/24 00:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Seven Zip

[2008/02/05 03:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab

[2009/09/09 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Trillian

[2005/10/22 14:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software

[2004/02/24 16:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS

[2010/01/29 17:15:00 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

[2010/01/27 04:39:00 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\F-PROT Antivirus - h.job

[2003/10/19 03:06:19 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1056531974.job

[2010/01/29 12:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\ywsaoiqd.job

[2010/01/31 16:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\zoncjmoz.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/11/25 16:15:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys

[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys

[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\agp440.sys

< MD5 for: ATAPI.SYS >

[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/11/25 16:15:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys

[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys

[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll

[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll

[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\netlogon.dll

< MD5 for: SCECLI.DLL >

[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\scecli.dll

[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[963 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 1/31/2010 4:02:59 PM - Run 1

OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 186.31 Gb Total Space | 4.94 Gb Free Space | 2.65% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 74.53 Gb Total Space | 7.73 Gb Free Space | 10.38% Space Free | Partition Type: NTFS

Drive F: | 4.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-LKWQPDMO29

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"80:TCP" = 80:TCP:*:Disabled:SYSDLL

"7171:TCP" = 7171:TCP:*:Disabled:SYSDLL

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()

"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone) -- File not found

"C:\Program Files\PeerGuardian2\pg2.exe" = C:\Program Files\PeerGuardian2\pg2.exe:*:Enabled:PeerGuardian -- (Methlabs)

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk -- File not found

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype -- File not found

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.0 -- File not found

"C:\sysreset\mirc.exe" = C:\sysreset\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Netscape\Netscape\Netscp.exe" = C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape -- (Mozilla, Netscape)

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)

"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()

"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe" = C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Disabled:lh -- File not found

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

"C:\Program Files\PeerBlock\peerblock.exe" = C:\Program Files\PeerBlock\peerblock.exe:*:Enabled:peerblock -- (PeerBlock, LLC)

"C:\WINDOWS\system32\logon.scr" = C:\WINDOWS\system32\logon.scr:*:Disabled:logon -- (Microsoft Corporation)

"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Disabled:winlogon -- (Microsoft Corporation)

"C:\WINDOWS\system32\logonui.exe" = C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui -- (Microsoft Corporation)

"C:\Program Files\Avira\AntiVir Desktop\guardgui.exe" = C:\Program Files\Avira\AntiVir Desktop\guardgui.exe:*:Enabled:GUARDGUI -- (Avira GmbH)

"C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" = C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe:*:Enabled:FProtTray -- (FRISK Software International)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 17

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

"{2C3738C9-56FA-410A-BCB5-79C5DFD238F0}" = TuneUp Utilities 2004

"{2E6C1A15-5147-487A-80D7-EDF3B915A7BE}" = TMPGEnc DVD Source Creator 2.0

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3580211E-3BB7-42C0-ADC3-9A8C1EFFF2CB}" = ArcSoft Media Card Companion

"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0

"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5C9440EC-5BAD-435F-8DE4-2B7A11C7B43E}" = TMPGEnc MPEG Editor

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{703C8D0C-CF2D-4EA7-9A1C-D3A0936B3BAB}" = DV 5100M Driver

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75852F49-2CAF-443F-B7C2-53DE5847DE56}" = OpenOffice.org 2.0

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet

"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8D4942F1-D5EB-40A7-9D7B-07F8ED1B71E9}" = TMPGEnc DVD Author 3 with DivX Authoring

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BAA2A854-EE1C-40F3-A4D8-3692ECC51D22}" = ZyXEL PLA-4xx Series Configuration Utility

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C4B3A7F9-5CD8-4608-B623-689CA3604A08}" = RiffTrax DVD Player

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe

"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E58B329B-FB28-4874-90DE-0D7CB2709267}" = F-PROT Antivirus for Windows

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{ED80F174-B621-4B8F-BBB9-3E031A59555A}" = TMPGEnc 4.0 XPress

"{ED93995E-8BF2-480F-8EA4-7D29E29A7052}" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers

"{F57D8342-E2E4-46F4-915A-F50817CBCB45}" = ArcSoft Software Suite

"{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard

"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)

"AIM_6" = AIM 6

"Atani - animated GIF and AVI creator_is1" = Atani 3.8

"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.81

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AviSynth" = AviSynth 2.5

"BitTornado" = BitTornado 0.3.17

"Bonus Pack for Super DX-Ball Deluxe_is1" = Bonus Pack v1.0 for Super DX-Ball Deluxe

"BSDELUXE_is1" = Bubble Shooter Deluxe 1.8

"carlin_saver" = carlin_saver

"CDisplay_is1" = CDisplay 1.8

"Comical_is1" = Comical 0.8

"Cool Beans NFO Creator_is1" = Cool Beans NFO Creator 2.0.1.3

"Creative Centrale" = Creative Centrale

"Creative Removable Disk Manager" = Creative Removable Disk Manager

"DirectVobSub" = DirectVobSub (remove only)

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink_is1" = DVD Shrink 3.2

"ESET Online Scanner" = ESET Online Scanner v3

"ffdshow_is1" = ffdshow [rev 3200] [2010-01-12]

"HijackThis" = HijackThis 1.99.1

"hp instant support" = hp instant support

"hp psc 2100 series_Driver" = hp psc 2100 series

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Installing HSP56 MicroModem Drivers" = HSP56 Modem Drivers

"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

"InstallShield_{BAA2A854-EE1C-40F3-A4D8-3692ECC51D22}" = ZyXEL PLA-4xx Series Configuration Utility

"Macromedia Shockwave Player" = Macromedia Shockwave Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MegasXLR" = MegasXLR Screen Saver

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU

"mIRC" = mIRC

"Mozilla (1.7.5)" = Mozilla (1.7.5)

"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)

"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Netscape (7.1)" = Netscape (7.1)

"Netscape (7.2)" = Netscape (7.2)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"OggDS" = Direct Show Ogg Vorbis Filter (remove only)

"PeerGuardian_is1" = PeerGuardian 2.0

"PSC 2000 Series" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet

"RealAlt_is1" = Real Alternative 1.52

"RealPlayer 6.0" = RealPlayer

"RiffTrax DVD Player" = RiffTrax DVD Player

"Sig2dat" = Sig2dat (remove only)

"Starcraft" = Starcraft

"Super DX-Ball Deluxe_is1" = Super DX-Ball Deluxe v1.00

"Super DX-Ball_is1" = Super DX-Ball v1.00

"SystemRequirementsLab" = System Requirements Lab

"TaxCut Premium 2005" = TaxCut Premium 2005

"Timeless Screen Saver" = Timeless Screen Saver

"Trillian" = Trillian

"VideoGet_is1" = Nuclear Coffee - VideoGet

"VLC media player" = VLC media player 1.0.0

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter

"VobSub" = VobSub v2.23 (Remove Only)

"Winamp" = Winamp (remove only)

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WinZip" = WinZip

"WMCSetup" = Windows Media Connect

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Yahoo! Internet Mail" = Yahoo! Internet Mail

"Yahoo! Messenger" = Yahoo! Messenger

"ZENMozaicUG" = Creative ZEN Mozaic User's Guide

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/24/2010 10:37:42 PM | Computer Name = USER-LKWQPDMO29 | Source = PctSpk | ID = 0

Description =

Error - 1/25/2010 7:56:45 PM | Computer Name = USER-LKWQPDMO29 | Source = PctSpk | ID = 0

Description =

Error - 1/26/2010 5:50:17 AM | Computer Name = USER-LKWQPDMO29 | Source = PctSpk | ID = 0

Description =

Error - 1/26/2010 3:28:56 PM | Computer Name = USER-LKWQPDMO29 | Source = PctSpk | ID = 0

Description =

Error - 1/26/2010 4:05:17 PM | Computer Name = USER-LKWQPDMO29 | Source = PctSpk | ID = 0

Description =

Error - 1/27/2010 1:31:30 PM | Computer Name = USER-LKWQPDMO29 | Source = PctSpk | ID = 0

Description =

Error - 1/29/2010 3:53:03 AM | Computer Name = USER-LKWQPDMO29 | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x039e97d0.

Error - 1/29/2010 3:53:27 AM | Computer Name = USER-LKWQPDMO29 | Source = Application Error | ID = 1001

Description = Fault bucket 769440711.

Error - 1/29/2010 1:20:59 PM | Computer Name = USER-LKWQPDMO29 | Source = PctSpk | ID = 0

Description =

Error - 1/30/2010 5:44:56 AM | Computer Name = USER-LKWQPDMO29 | Source = F-PROT Antivirus | ID = 4096

Description = File system protection disabled For more information please visit http://www.f-prot.com/support/index.html

[ System Events ]

Error - 1/30/2010 6:08:41 AM | Computer Name = USER-LKWQPDMO29 | Source = Service Control Manager | ID = 7000

Description = The F-Secure BlackLight Engine Driver service failed to start due

to the following error: %%31

Error - 1/30/2010 10:10:38 AM | Computer Name = USER-LKWQPDMO29 | Source = F-Secure Standalone Minifilter | ID = 327681

Description =

Error - 1/30/2010 10:12:15 AM | Computer Name = USER-LKWQPDMO29 | Source = F-Secure Standalone Minifilter | ID = 327681

Description =

Error - 1/30/2010 10:13:56 AM | Computer Name = USER-LKWQPDMO29 | Source = F-Secure Standalone Minifilter | ID = 327681

Description =

Error - 1/30/2010 11:57:46 AM | Computer Name = USER-LKWQPDMO29 | Source = F-Secure Standalone Minifilter | ID = 327681

Description =

Error - 1/30/2010 12:00:41 PM | Computer Name = USER-LKWQPDMO29 | Source = F-Secure Standalone Minifilter | ID = 327681

Description =

Error - 1/30/2010 12:22:17 PM | Computer Name = USER-LKWQPDMO29 | Source = F-Secure Standalone Minifilter | ID = 327681

Description =

Error - 1/30/2010 12:23:57 PM | Computer Name = USER-LKWQPDMO29 | Source = F-Secure Standalone Minifilter | ID = 327681

Description =

Error - 1/30/2010 12:25:59 PM | Computer Name = USER-LKWQPDMO29 | Source = F-Secure Standalone Minifilter | ID = 327681

Description =

Error - 1/31/2010 4:09:48 AM | Computer Name = USER-LKWQPDMO29 | Source = Service Control Manager | ID = 7000

Description = The F-Secure BlackLight Engine Driver service failed to start due

to the following error: %%31

< End of report >

ark.txt

Link to post
Share on other sites

As an update, about 5 minutes ago everything started locking up again as I described in my first post - GMER finished and shortly after programs stopped running. I had MBAM up in case this happened and when I tried to run a scan the system crashed and I had to reboot. I know I'm not supposed to reply too much to this thread but I figured this was somewhat important to know.

Link to post
Share on other sites

ok.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

ok.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

ComboFix 10-02-01.01 - Owner 02/01/2010 12:19:17.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1987 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Updated) {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\95196086.ini

c:\recycler\S-1-5-21-1708537768-152049171-725345543-500

c:\windows\Downloaded Program Files\RdxIE.dll

c:\windows\Downloaded Program Files\setup.dll

c:\windows\Fonts\MyriadPro-Regular.otf

c:\windows\patch.exe

c:\windows\system32\_003935_.tmp.dll

c:\windows\system32\_003936_.tmp.dll

c:\windows\system32\_003937_.tmp.dll

c:\windows\system32\_003938_.tmp.dll

c:\windows\system32\_003943_.tmp.dll

c:\windows\system32\_003944_.tmp.dll

c:\windows\system32\_003945_.tmp.dll

c:\windows\system32\_003946_.tmp.dll

c:\windows\system32\_003947_.tmp.dll

c:\windows\system32\_003948_.tmp.dll

c:\windows\system32\_003949_.tmp.dll

c:\windows\system32\_003950_.tmp.dll

c:\windows\system32\_003951_.tmp.dll

c:\windows\system32\_003952_.tmp.dll

c:\windows\system32\_003953_.tmp.dll

c:\windows\system32\_003954_.tmp.dll

c:\windows\system32\_003955_.tmp.dll

c:\windows\system32\_003956_.tmp.dll

c:\windows\system32\_003957_.tmp.dll

c:\windows\system32\_003958_.tmp.dll

c:\windows\system32\_003959_.tmp.dll

c:\windows\system32\_003960_.tmp.dll

c:\windows\system32\_003961_.tmp.dll

c:\windows\system32\_003963_.tmp.dll

c:\windows\system32\_003964_.tmp.dll

c:\windows\system32\_003966_.tmp.dll

c:\windows\system32\_003967_.tmp.dll

c:\windows\system32\_003968_.tmp.dll

c:\windows\system32\_003969_.tmp.dll

c:\windows\system32\_003970_.tmp.dll

c:\windows\system32\_003971_.tmp.dll

c:\windows\system32\_003973_.tmp.dll

c:\windows\system32\_003974_.tmp.dll

c:\windows\system32\_003975_.tmp.dll

c:\windows\system32\_003976_.tmp.dll

c:\windows\system32\_003977_.tmp.dll

c:\windows\system32\_003978_.tmp.dll

c:\windows\system32\_003979_.tmp.dll

c:\windows\system32\_003982_.tmp.dll

c:\windows\system32\_003983_.tmp.dll

c:\windows\system32\_003984_.tmp.dll

c:\windows\system32\_003985_.tmp.dll

c:\windows\system32\_003986_.tmp.dll

c:\windows\system32\_003987_.tmp.dll

c:\windows\system32\_003988_.tmp.dll

c:\windows\system32\_003989_.tmp.dll

c:\windows\system32\_003990_.tmp.dll

c:\windows\system32\_003991_.tmp.dll

c:\windows\system32\_003992_.tmp.dll

c:\windows\system32\_003993_.tmp.dll

c:\windows\system32\_003994_.tmp.dll

c:\windows\system32\_003995_.tmp.dll

c:\windows\system32\_003996_.tmp.dll

c:\windows\system32\_003997_.tmp.dll

c:\windows\system32\_003999_.tmp.dll

c:\windows\system32\_004000_.tmp.dll

c:\windows\system32\_004001_.tmp.dll

c:\windows\system32\_004002_.tmp.dll

c:\windows\system32\_004004_.tmp.dll

c:\windows\system32\_004005_.tmp.dll

c:\windows\system32\_004007_.tmp.dll

c:\windows\system32\_004008_.tmp.dll

c:\windows\system32\_004009_.tmp.dll

c:\windows\system32\_004010_.tmp.dll

c:\windows\system32\_004012_.tmp.dll

c:\windows\system32\_004013_.tmp.dll

c:\windows\system32\_004014_.tmp.dll

c:\windows\system32\_004015_.tmp.dll

c:\windows\system32\_004016_.tmp.dll

c:\windows\system32\_004017_.tmp.dll

c:\windows\system32\_004018_.tmp.dll

c:\windows\system32\_004019_.tmp.dll

c:\windows\system32\_004020_.tmp.dll

c:\windows\system32\_004021_.tmp.dll

c:\windows\system32\_004022_.tmp.dll

c:\windows\system32\_004023_.tmp.dll

c:\windows\system32\_004025_.tmp.dll

c:\windows\system32\_004027_.tmp.dll

c:\windows\system32\_004029_.tmp.dll

c:\windows\system32\_004030_.tmp.dll

c:\windows\system32\_004031_.tmp.dll

c:\windows\system32\_004035_.tmp.dll

c:\windows\system32\_004036_.tmp.dll

c:\windows\system32\_004038_.tmp.dll

c:\windows\system32\_004041_.tmp.dll

c:\windows\system32\_004043_.tmp.dll

c:\windows\system32\_004044_.tmp.dll

c:\windows\system32\_004045_.tmp.dll

c:\windows\system32\_004046_.tmp.dll

c:\windows\system32\_004049_.tmp.dll

c:\windows\system32\_004050_.tmp.dll

c:\windows\system32\_004051_.tmp.dll

c:\windows\system32\_004052_.tmp.dll

c:\windows\system32\_004053_.tmp.dll

c:\windows\system32\_004058_.tmp.dll

c:\windows\system32\_004060_.tmp.dll

c:\windows\system32\_006559_.tmp.dll

c:\windows\system32\_006560_.tmp.dll

c:\windows\system32\_006561_.tmp.dll

c:\windows\system32\_006562_.tmp.dll

c:\windows\system32\_006569_.tmp.dll

c:\windows\system32\_006570_.tmp.dll

c:\windows\system32\_006571_.tmp.dll

c:\windows\system32\_006572_.tmp.dll

c:\windows\system32\_006574_.tmp.dll

c:\windows\system32\_006575_.tmp.dll

c:\windows\system32\_006578_.tmp.dll

c:\windows\system32\_006579_.tmp.dll

c:\windows\system32\_006581_.tmp.dll

c:\windows\system32\_006582_.tmp.dll

c:\windows\system32\_006583_.tmp.dll

c:\windows\system32\_006585_.tmp.dll

c:\windows\system32\_006588_.tmp.dll

c:\windows\system32\_006589_.tmp.dll

c:\windows\system32\_006593_.tmp.dll

c:\windows\system32\_006594_.tmp.dll

c:\windows\system32\_006596_.tmp.dll

c:\windows\system32\_006599_.tmp.dll

c:\windows\system32\_006601_.tmp.dll

c:\windows\system32\_006602_.tmp.dll

c:\windows\system32\_006603_.tmp.dll

c:\windows\system32\_006604_.tmp.dll

c:\windows\system32\_006605_.tmp.dll

c:\windows\system32\_006608_.tmp.dll

c:\windows\system32\_006609_.tmp.dll

c:\windows\system32\_006610_.tmp.dll

c:\windows\system32\_006611_.tmp.dll

c:\windows\system32\_006612_.tmp.dll

c:\windows\system32\_006617_.tmp.dll

c:\windows\system32\_006619_.tmp.dll

c:\windows\system32\tmp.reg

c:\windows\system32\twain_32.dll

c:\windows\Tasks\ywsaoiqd.job

c:\windows\Tasks\zoncjmoz.job

c:\windows\wiaserviv.log

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_WIN32X

((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))

.

2010-01-30 09:43 . 2010-01-30 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-01-24 19:02 . 2010-01-24 19:02 -------- d-----w- C:\VundoFix Backups

2010-01-23 07:58 . 2010-01-26 09:09 -------- d-----w- c:\program files\Malwarebyte

2010-01-15 06:30 . 2010-01-15 10:21 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\bmsacj

2010-01-07 17:05 . 2001-08-17 19:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys

2010-01-07 17:05 . 2001-08-17 19:28 112574 ----a-w- c:\windows\system32\drivers\ptserlp.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-01 18:32 . 2009-11-04 19:06 -------- d-----w- c:\program files\PeerBlock

2010-02-01 17:59 . 2003-06-16 21:02 -------- d-----w- c:\program files\Trillian

2010-02-01 09:22 . 2008-12-03 21:08 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent

2010-02-01 09:21 . 2009-07-25 04:12 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc

2010-01-29 00:56 . 2008-06-21 04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-24 04:01 . 2005-10-22 20:01 -------- d-----w- c:\program files\TuneUp Utilities 2004

2010-01-19 06:53 . 2006-06-24 17:01 -------- d-----w- c:\program files\ffdshow

2010-01-16 19:15 . 2005-08-18 02:41 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss

2010-01-14 18:54 . 2006-11-28 06:35 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2

2010-01-13 02:12 . 2006-05-26 13:29 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-01-08 04:32 . 2009-12-05 02:30 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-07 22:07 . 2009-11-19 23:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 22:07 . 2009-11-19 23:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-01 16:09 . 2003-09-01 00:04 59640 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-30 19:35 . 2003-06-13 15:30 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-29 02:02 . 2009-06-01 19:36 98304 ----a-w- c:\windows\DUMP43b0.tmp

2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-19 21:31 . 2008-11-01 21:24 -------- d-----w- c:\program files\Creative

2009-12-19 21:30 . 2009-12-19 21:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}

2009-12-19 21:30 . 2009-12-19 21:30 2422684 ----a-w- c:\documents and settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}\setup.exe

2009-12-19 21:30 . 2009-12-19 21:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}

2009-12-19 21:26 . 2009-12-19 21:25 18041400 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative ZEN Mozaic Starter Pack 1.16.02__\ZENMozaic_PCApp_E6_1_16_02.exe

2009-12-19 21:25 . 2009-12-19 21:24 16659152 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative ZEN Mozaic Starter Pack 1.16.02__\ZENMozaic_PCApp_L4_1_16_02.exe

2009-12-19 21:24 . 2009-12-19 21:23 16591600 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative ZEN Mozaic Starter Pack 1.16.02__\ZENMozaic_PCApp_A4_1_16_02.exe

2009-12-07 18:55 . 2009-11-25 18:50 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-04 01:52 . 2009-12-19 21:30 2587772 ----a-w- c:\documents and settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\Setup.exe

2009-12-03 01:51 . 2009-12-19 21:27 257024 ----a-w- c:\documents and settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\offline\E3A6DFF8\D14A4AA6\MSCPlgu.dll

2009-12-01 18:57 . 2009-11-18 06:06 18432 ----a-w- c:\documents and settings\LocalService\Application Data\Macromedia\Common\2776005e19.exe

2009-11-30 21:00 . 2009-11-16 18:51 18432 ----a-w- c:\documents and settings\NetworkService\Application Data\Macromedia\Common\2776005e19.exe

2009-11-25 09:40 . 2009-12-19 21:27 86016 ----a-w- c:\documents and settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\offline\4672DB04\44920153\WpdMan2p.dll

2009-11-25 09:39 . 2009-12-19 21:27 504320 ----a-w- c:\documents and settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\offline\4672DB04\44920153\WpdMan2.dll

2009-11-24 08:54 . 2009-12-19 21:27 53760 ----a-w- c:\documents and settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\offline\F66A878E\9B043C32\AVCMPS64.dll

2009-11-24 08:53 . 2009-12-19 21:27 61440 ----a-w- c:\documents and settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\offline\155C26A\F15901AF\AVCMPS32.dll

2009-11-24 08:53 . 2009-12-19 21:27 348160 ----a-w- c:\documents and settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\offline\155C26A\F15901AF\AVCManU.exe

2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-17 06:48 . 2009-12-19 21:27 217088 ----a-w- c:\documents and settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\offline\E3A6DFF8\D14A4AA6\CDRipPlg.dll

2009-11-17 06:48 . 2009-12-19 21:27 11264 ----a-w- c:\documents and settings\All Users\Application Data\{C1715F68-3FE6-43EA-8B99-D0263460C398}\offline\F8115098\948DC01\CDPlgres.dll

2009-11-04 01:39 . 2009-11-04 01:39 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2003-06-03 02:56 . 2006-05-30 03:06 173732 ----a-w- c:\program files\timeless.zip

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

1601-01-01 00:03 . 1601-01-01 00:03 54784 --sha-w- c:\windows\system32\karedada.dll.tmp

1601-01-01 00:03 . 1601-01-01 00:03 54784 --sha-w- c:\windows\system32\nemarato.dll.tmp

1601-01-01 00:03 . 1601-01-01 00:03 54784 --sha-w- c:\windows\system32\zikewapo.dll.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]

"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCTVOICE"="pctspk.exe" [2001-08-18 86016]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]

"F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2008-04-21 1597832]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"nwiz"="nwiz.exe" [2007-12-05 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2006-12-8 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"services"="c:\program files\Internet Explorer\IEXPLORE.EXE" www.detoate.home.ro/MAIN.htm

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\PeerGuardian2\\pg2.exe"=

"c:\\sysreset\\mirc.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Netscape\\Netscape\\Netscp.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\PeerBlock\\peerblock.exe"=

"c:\\WINDOWS\\system32\\logon.scr"=

"c:\\Program Files\\Avira\\AntiVir Desktop\\guardgui.exe"=

"c:\\Program Files\\FRISK Software\\F-PROT Antivirus for Windows\\FProtTray.exe"=

R0 Fasttrak;Fasttrak;c:\windows\system32\drivers\Fasttrak.sys [6/11/2003 11:15 AM 73856]

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [5/28/2009 8:36 PM 682840]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/24/2009 3:25 PM 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/24/2009 3:25 PM 107272]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/25/2009 12:50 PM 108289]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/24/2009 3:24 PM 298264]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [8/27/2009 3:26 PM 75424]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/4/2009 1:06 PM 14424]

S2 Ca536av;DV 5100M(Video);c:\windows\system32\drivers\Ca536av.sys [12/2/2006 9:16 PM 514859]

S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 5:42 AM 64000]

S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [9/21/2006 1:19 AM 17280]

S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/6/2008 1:53 AM 715248]

.

Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-03-31 23:44]

2010-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-27 c:\windows\Tasks\F-PROT Antivirus - h.job

- c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe [2008-04-22 02:26]

2003-10-19 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2100 seriesF56855811176EC24C9B302F94878AD886AF77CFF056531974.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 06:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://drmcninja.com/

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://f:\muvee\setup.exe

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xyw3599a.default\

FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-WAB - c:\documents and settings\Owner\Application Data\Macromedia\Common\2776005e19.exe

SharedTaskScheduler-{0acbbc85-ea4e-49b1-a90b-8ec7b6e7560c} - (no file)

SharedTaskScheduler-{d2ac7e52-67eb-4802-a732-cebc9604e2c7} - (no file)

SSODL-vikoruyow-{0acbbc85-ea4e-49b1-a90b-8ec7b6e7560c} - (no file)

SSODL-bitedomul-{d2ac7e52-67eb-4802-a732-cebc9604e2c7} - (no file)

MSConfigStartUp-CTFMON - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-01 12:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-606747145-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3368)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\bgsvcgen.exe

c:\program files\Creative\Shared Files\CTDevSrv.exe

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\pctspk.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\System32\MsPMSPSv.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-02-01 12:38:56 - machine was rebooted

ComboFix-quarantined-files.txt 2010-02-01 18:38

Pre-Run: 8,259,543,040 bytes free

Post-Run: 8,625,348,608 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5,7

- - End Of File - - 9BC959F69D9DEEBE92A2021269DB21DF

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    c:\windows\system32\karedada.dll.tmp
    c:\windows\system32\nemarato.dll.tmp
    c:\windows\system32\zikewapo.dll.tmp

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Here are the logs, however when MBAM was scanning Avira Antivirus caught this

--

Virus or unwanted program 'TR/Vundo.95744G.6 [trojan]'

detected in file 'C:\System Volume Information\_restore{FE560476-D74F-4E72-ABC9-7DCCB3B18D7D}\RP35\A0016041.dll.

Action performed: Move file to quarantine

--

Logs Begin Here

All processes killed

========== FILES ==========

c:\windows\system32\karedada.dll.tmp moved successfully.

c:\windows\system32\nemarato.dll.tmp moved successfully.

c:\windows\system32\zikewapo.dll.tmp moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Admin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 7618335 bytes

->FireFox cache emptied: 21829801 bytes

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 30687034 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: I

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

->Temp folder emptied: 2868 bytes

->Temporary Internet Files folder emptied: 3244718 bytes

->Java cache emptied: 34017878 bytes

->FireFox cache emptied: 110518655 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 7632017 bytes

%systemroot%\System32 .tmp files removed: 248525585 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 255 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes

RecycleBin emptied: 42915840 bytes

Total Files Cleaned = 484.00 mb

OTL by OldTimer - Version 3.1.27.1 log created on 02022010_183658

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.44

Database version: 3681

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/2/2010 9:04:24 PM

mbam-log-2010-02-02 (21-04-24).txt

Scan type: Full Scan (C:\|E:\|)

Objects scanned: 287083

Time elapsed: 1 hour(s), 42 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Owner\Desktop\Useful Progs\TMPGEnc XPress v4.4.2.238 + Key [App][www.zonatorrent.com]\Broken-keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Desktop\Useful Progs\TMPGEnc XPress v4.4.2.238 + Key [App][www.zonatorrent.com]\WORKING - TMPGEnc Xpress keygen 4.4.2.238\TMPGEnc Xpress keygen[4.4.2.238]by parag&team HAZE.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=eb3f2eb8a947864dbe1055c2fd3e2dcb

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-11-25 01:43:19

# local_time=2009-11-25 07:43:19 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 107084134 107084134 0 0

# compatibility_mode=1024 16777195 100 0 44209191 44209191 0 0

# compatibility_mode=1792 16777215 100 0 0 0 0 0

# compatibility_mode=3328 16777175 100 0 14656507 14656507 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=140054

# found=19

# cleaned=0

# scan_time=13919

C:\Documents and Settings\Owner\Desktop\Partial Downloads\nero 8 for danielle\Nero-8.3.2.1_eng_f.u.l.l\Nero-8.3.2.1_eng_trial_2.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Desktop\Useful Progs\SmitfraudFix.exe multiple threats 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Desktop\Useful Progs\SmitfraudFix\Process.exe Win32/PrcView application 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Desktop\Useful Progs\SmitfraudFix\restart.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Desktop\Useful Progs\Spyware Detectors\roguescanfix_setup.exe Win32/PrcView application 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Desktop\Useful Progs\Spyware Detectors\SmitfraudFix\Process.exe Win32/PrcView application 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Desktop\Useful Progs\Spyware Detectors\SmitfraudFix\restart.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\My Documents\Downloads\VideoGet v3.0.2.49-CrYs18[H33T][Frapmat212]\videoget-patch.exe probably a variant of Win32/HackTool.Patcher.A application 00000000000000000000000000000000 I

C:\Program Files\BSHOOTER.com\BubbleSD\bshooter.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Win32/PrcView application 00000000000000000000000000000000 I

C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I

C:\Program Files\Nuclear Coffee\VideoGet\videoget-patch.exe probably a variant of Win32/HackTool.Patcher.A application 00000000000000000000000000000000 I

C:\WINDOWS\system32\awfkkprd.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

C:\WINDOWS\system32\nTCLnnmp.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

C:\WINDOWS\system32\ptijkkui.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

C:\WINDOWS\system32\ffxdll\mirc.ini IRC/Zapchast.P trojan 00000000000000000000000000000000 I

C:\WINDOWS\system32\ffxdll\nick_vechi.txt IRC/Zapchast.P trojan 00000000000000000000000000000000 I

C:\WINDOWS\system32\ffxdll\remote.ini IRC/Zapchast.NY worm 00000000000000000000000000000000 I

C:\WINDOWS\system32\ffxdll\updater.ini IRC/Zapchast.P trojan 00000000000000000000000000000000 I

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=eb3f2eb8a947864dbe1055c2fd3e2dcb

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-11-25 05:46:38

# local_time=2009-11-25 11:46:38 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 107106126 107106126 0 0

# compatibility_mode=1024 16777195 100 0 44231183 44231183 0 0

# compatibility_mode=1792 16777215 100 0 0 0 0 0

# compatibility_mode=3328 16777175 100 0 14678499 14678499 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=140133

# found=19

# cleaned=19

# scan_time=6523

C:\Documents and Settings\Owner\Desktop\Partial Downloads\nero 8 for danielle\Nero-8.3.2.1_eng_f.u.l.l\Nero-8.3.2.1_eng_trial_2.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\Useful Progs\SmitfraudFix.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\Useful Progs\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\Useful Progs\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\Useful Progs\Spyware Detectors\roguescanfix_setup.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\Useful Progs\Spyware Detectors\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Desktop\Useful Progs\Spyware Detectors\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\My Documents\Downloads\VideoGet v3.0.2.49-CrYs18[H33T][Frapmat212]\videoget-patch.exe probably a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\BSHOOTER.com\BubbleSD\bshooter.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Nuclear Coffee\VideoGet\videoget-patch.exe probably a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\awfkkprd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\nTCLnnmp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\ptijkkui.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\ffxdll\mirc.ini IRC/Zapchast.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\ffxdll\nick_vechi.txt IRC/Zapchast.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\ffxdll\remote.ini IRC/Zapchast.NY worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\ffxdll\updater.ini IRC/Zapchast.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=eb3f2eb8a947864dbe1055c2fd3e2dcb

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-11-26 08:50:05

# local_time=2009-11-26 02:50:05 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 107162754 107162754 0 0

# compatibility_mode=1024 16777195 100 0 44287811 44287811 0 0

# compatibility_mode=1797 16775141 100 100 0 35546955 0 0

# compatibility_mode=3328 16777191 100 0 14735127 14735127 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=140669

# found=0

# cleaned=0

# scan_time=4092

esets_scanner_update returned -1 esets_gle=1

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=eb3f2eb8a947864dbe1055c2fd3e2dcb

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-02-03 08:20:29

# local_time=2010-02-03 02:20:29 (-0600, Central Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 113108556 113108556 0 0

# compatibility_mode=1024 16777195 100 0 50233613 50233613 0 0

# compatibility_mode=1797 16775125 100 100 0 41492757 0 0

# compatibility_mode=3328 16777191 100 0 20680929 20680929 0 0

# compatibility_mode=8192 67108863 100 0 5106587 5106587 0 0

# scanned=143778

# found=4

# cleaned=4

# scan_time=18117

C:\Documents and Settings\Owner\My Documents\Downloads\VideoGet 4.0.2.53\VideoGet 4.0.2.53.rar a variant of Win32/Injector.ASA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\02022010_183658\c_windows\system32\karedada.dll.tmp a variant of Win32/Kryptik.CBR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\02022010_183658\c_windows\system32\nemarato.dll.tmp a variant of Win32/Kryptik.CBR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\02022010_183658\c_windows\system32\zikewapo.dll.tmp a variant of Win32/Kryptik.CBR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.
Need to remove those keygens from your system as stated above as they are illegal.

Those will 99% of the time bundle infections.

After that let's see a new dds.txt and let me know if things are back to normal?

Link to post
Share on other sites

HiJack This! Forum Policy

Need to remove those keygens from your system as stated above as they are illegal.

Those will 99% of the time bundle infections.

After that let's see a new dds.txt and let me know if things are back to normal?

I won't get into the issues of a legal program to make illegal copies of DVD's or YouTube Vids, but I deleted all the keygens I could find.

Currently I still cannot enter Safe Mode, and Malwarebytes comes up with nothing infected

DDS (Ver_09-12-01.01) - NTFSx86

Run by Owner at 17:06:33.62 on Thu 02/04/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

============== Running Processes ===============

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\PeerBlock\peerblock.exe

C:\Program Files\Creative\Software Update 3\SoftAuto.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://drmcninja.com/

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} -

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe

uRun: [softAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [PCTVOICE] pctspk.exe

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe

mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37785.3592476852

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://f:\muvee\setup.exe

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xyw3599a.default\

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? AvgMfx86;AVG On-access Scanner Minifilter Driver x86

R? Ca536av;DV 5100M(Video)

R? CTUPnPSv;Creative Centrale Media Server

R? PLCMPR5;PLCMPR5 NDIS Protocol Driver

R? PLCNDIS5;PLCNDIS5 NDIS Protocol Driver

R? samhid;samhid

S? AntiVirSchedulerService;Avira AntiVir Scheduler

S? AntiVirService;Avira AntiVir Guard

S? avg8wd;AVG8 WatchDog

S? avgio;avgio

S? AvgLdx86;AVG AVI Loader Driver x86

S? avgntflt;avgntflt

S? AvgTdiX;AVG8 Network Redirector

S? Fasttrak;Fasttrak

S? FPAV_RTP;FPAV_RTP

S? FPAVServer;F-PROT Antivirus for Windows system

S? pbfilter;pbfilter

=============== Created Last 30 ================

2010-02-03 00:36:58 0 d-----w- C:\_OTL

2010-02-01 18:15:39 0 d-sha-r- C:\cmdcons

2010-02-01 18:14:57 98816 ----a-w- c:\windows\sed.exe

2010-02-01 18:14:57 77312 ----a-w- c:\windows\MBR.exe

2010-02-01 18:14:57 261632 ----a-w- c:\windows\PEV.exe

2010-02-01 18:14:57 161792 ----a-w- c:\windows\SWREG.exe

2010-01-30 09:43:53 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure

2010-01-26 00:08:48 20 ----a-w- c:\documents and settings\owner\defogger_reenable

2010-01-24 19:02:12 0 d-----w- C:\VundoFix Backups

2010-01-23 07:58:46 0 d-----w- c:\program files\Malwarebyte

2010-01-19 06:58:30 127808 ----a-w- c:\windows\system32\MSWINSCK.ocx

2010-01-07 17:05:57 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys

2010-01-07 17:05:57 112574 ----a-w- c:\windows\system32\drivers\ptserlp.sys

==================== Find3M ====================

2010-01-13 02:12:36 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-30 19:35:23 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll

2009-12-07 18:55:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2003-06-03 02:56:12 173732 ----a-w- c:\program files\timeless.zip

2009-06-02 14:00:48 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060220090603\index.dat

============= FINISH: 17:08:39.04 ===============

Link to post
Share on other sites

You have 2 antivirus programs running need to uninstall either Avira or Fprotect (FSecure).

Click here and save that to your desktop.

Right click on the .zip file to extract it.

Double click on the file inside of the folder and choose yes for it to merge with your registry.

Then see if Safe Mode works then please.

Link to post
Share on other sites

I am able to enter Safe Mode normally, and uninstalled F-Prot as it caught nothing whereas the free Avira caught some things MalwareBytes couldn't.

I still don't trust that my system is clean yet, though the scans come back fine. I also don't know if F-Prot left behind pieces like AVG antivirus did.

I also wonder if burning a DVD would result in a virus-corrupted DVD somehow, using my Nero Burning ROM?

Link to post
Share on other sites

I still don't trust that my system is clean yet, though the scans come back fine.
What makes you think this show me the sign of infections?

You can use the AVG remover found here: http://download.avg.com/filedir/util/avg_a.../avgremover.exe

THere is also a removal tool for F Portect here : http://support.f-prot.com/index.php?_m=dow...ownloaditemid=4

About dwwin.exe http://www.liutilities.com/products/wintas...slibrary/dwwin/

I also wonder if burning a DVD would result in a virus-corrupted DVD somehow
This can happen with some older nasty worms like mazebat but this was not the c ase for you.
Link to post
Share on other sites

What makes you think this show me the sign of infections?

It seems my guess was correct, Avira is still catching nuggets of Vundo in the System Restore information when MalwareBytes scanned last night while I was asleep

Virus or unwanted program 'TR/Vundo.96256G.8 [trojan]'

detected in file 'C:\System Volume Information\_restore{FE560476-D74F-4E72-ABC9-7DCCB3B18D7D}\RP34\A0015930.dll.

Action performed: Move file to quarantine

Virus or unwanted program 'WORM/Vundo.B.1191 [worm]'

detected in file 'C:\System Volume Information\_restore{FE560476-D74F-4E72-ABC9-7DCCB3B18D7D}\RP35\A0016040.dll.

Action performed: Move file to quarantine

You can use the AVG remover found here: http://download.avg.com/filedir/util/avg_a.../avgremover.exe

THere is also a removal tool for F Portect here : http://support.f-prot.com/index.php?_m=dow...ownloaditemid=4

About dwwin.exe http://www.liutilities.com/products/wintas...slibrary/dwwin/

This can happen with some older nasty worms like mazebat but this was not the c ase for you.

Thanks for this, and for all your help.

Link to post
Share on other sites

Your suspicions are only system restore points when we are done they will be gone I leave them until the system is fully clean then I remove them.

Was that all you were referring too?

That seems to be it, nothing fresh but I'm thinking about running GMER to see if the system locks up for the 3rd time after it runs for the 3rd time

Link to post
Share on other sites

Gmer does that from time to time with any system under any type of configuration.

It would not surprise me if it still does it that does not mean that you are infected.

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Link to post
Share on other sites

Gmer does that from time to time with any system under any type of configuration.

It would not surprise me if it still does it that does not mean that you are infected.

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Thank you for all of your help, and I hope I haven't come across as unappreciative. This will let me get back to work finally, so again thank you very much!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.