Jump to content

New Member - Malware Problem


Recommended Posts

Hello, and may I begin with saying I'm glad to be a part of this forum. :)

Lately I've been having serious problems with my computer. I've run Malwarebytes and other anti-malware programs, and I have managed to detect and delete various malware, but it seems fairly irrelevant as it always has a way to get back in my system. It manages to randomly change settings on my computer when I restart, as well as slow the system down, and I fear it's going to get worse. I've run Hijack this and will post the results here. If anyone can help it would be very much appreciated. Thank you!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:33:14 PM, on 26/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ????????????????????????????????

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{E65FC075-8F4A-4A09-821E-3AB370CAA213}: NameServer = 192.168.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 9258 bytes

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Link to post
Share on other sites

Hello Elise, and thank you for replying! I managed to run both scans, but ran into a problem on the way. While scanning with gmer, my computer restarted twice and I wasn't able to save any data. Instead, I ran the program from safe mode, but I noticed there were far less results that way. I'll post everything I found, but I'm not sure how useful the information will be. I'll post each log in a new post. And thank you again.

OTL logfile created on: 27/05/2010 5:23:59 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Nicholas\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

893.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 18.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 206.22 Gb Free Space | 69.18% Space Free | Partition Type: NTFS

Drive D: | 448.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NICK

Current User Name: Nicholas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

PRC - [2010/04/21 16:35:25 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/04/21 16:35:21 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/04/02 10:16:44 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/20 10:39:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/03/20 10:39:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/03/20 10:39:00 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/12/09 08:36:56 | 000,866,200 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - [2007/04/11 07:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2003/04/09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

========== Modules (SafeList) ==========

MOD - [2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

MOD - [2009/07/02 14:54:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007/11/28 13:26:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll

MOD - [2007/11/28 13:26:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)

SRV - [2010/03/20 10:39:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/21 16:35:22 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/03/20 10:39:43 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/03/20 10:39:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2008/05/09 07:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/02/15 00:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2007/11/28 13:26:00 | 006,866,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2007/11/18 01:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2007/11/18 01:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007/04/11 07:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/12 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????????????????????????????????

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 06:46:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/26 02:20:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 02:20:13 | 000,000,000 | ---D | M]

[2009/12/16 10:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions

[2010/05/27 16:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions

[2010/05/19 21:38:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/05/18 01:17:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/05/27 17:05:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/02 02:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/04/02 02:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/04/02 02:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/04/02 02:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/21 12:00:24 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/15 19:55:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/01/19 15:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- [2004/01/19 15:00:00 | 001,085,440 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/27 17:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\logs

[2010/05/27 17:16:40 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

[2010/05/26 21:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/05/26 21:29:59 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Nicholas\Desktop\HJTInstall.exe

[2010/05/26 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\wcskpvsgk

[2010/05/26 20:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/05/26 01:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\mbkupdvli

[2010/05/25 21:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/05/25 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/05/25 20:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\SUPERAntiSpyware.com

[2010/05/25 20:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/05/25 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/05/25 18:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Malwarebytes

[2010/05/25 18:35:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/25 18:35:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/25 18:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/25 18:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/22 07:08:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/05/21 22:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6

[2010/05/21 21:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\MSN6

[2010/05/21 11:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\SpyHunter Security Suite v3.12.31 + Crack [RH]

[2010/05/21 11:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/05/21 11:37:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP

[2010/05/21 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/05/21 11:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\ltpeiqxis

[2010/05/21 01:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Temp

[2010/05/21 01:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Google

[2010/05/21 01:05:49 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Nicholas\Desktop\ChromeSetup.exe

[2010/05/19 21:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Yahoo

[2010/05/19 21:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Yahoo!

[2010/05/19 21:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2010/05/19 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/05/19 21:28:42 | 000,417,416 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\Nicholas\Desktop\msgr10au.exe

[2010/05/16 19:33:44 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010/05/12 12:02:02 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/05/09 00:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/09 00:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/06 23:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\work

[2010/04/28 15:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Hewlett-Packard

[2010/04/28 15:01:02 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

[2010/04/28 15:00:46 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys

[2010/04/28 14:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard

[2010/04/28 14:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2010/04/28 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\util

[2010/04/28 14:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Setup

[2010/04/28 14:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\enu

[2010/04/28 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Drivers

[2010/04/28 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\common

[2010/04/28 07:03:40 | 174,207,416 | ---- | C] (Hewlett-Packard Company) -- C:\Documents and Settings\Nicholas\Desktop\rw2_021_w02_enu.exe

[2010/04/27 23:36:46 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys

[2010/04/27 23:36:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fnfilter.dll

[2010/04/27 23:36:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll

[2010/04/27 23:36:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kousd.dll

[2010/04/27 23:36:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/27 17:25:02 | 000,094,248 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\prvlcl.dat

[2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

[2010/05/27 17:08:26 | 003,407,872 | ---- | M] () -- C:\Documents and Settings\Nicholas\ntuser.dat

[2010/05/27 16:39:11 | 060,422,530 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/27 16:35:54 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/05/27 16:32:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/27 07:38:35 | 004,829,464 | -H-- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\IconCache.db

[2010/05/27 01:35:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/26 21:30:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\HijackThis.lnk

[2010/05/26 21:29:53 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Nicholas\Desktop\HJTInstall.exe

[2010/05/26 21:18:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nicholas\ntuser.ini

[2010/05/26 16:28:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/05/26 02:20:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/05/26 01:59:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/25 22:41:19 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/25 21:51:12 | 000,424,347 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Naboo_World_HD_1080i.jpg

[2010/05/25 20:07:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/25 18:35:09 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/25 18:25:18 | 000,001,201 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr

[2010/05/21 11:59:33 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk

[2010/05/21 01:05:49 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas\Desktop\ChromeSetup.exe

[2010/05/19 23:52:24 | 000,020,224 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Globalization.docx

[2010/05/19 21:33:23 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo!7 Messenger.lnk

[2010/05/19 21:28:42 | 000,417,416 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Nicholas\Desktop\msgr10au.exe

[2010/05/17 09:20:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/11 21:38:10 | 005,392,192 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\07a.mp3

[2010/05/11 21:25:14 | 000,027,886 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Yo-Yo_Ma-2004-Plays_Ennio_Morricone.3252744.TPB.torrent

[2010/05/10 18:41:17 | 000,282,624 | ---- | M] () -- C:\Documents and Settings\Nicholas\My Documents\Database1.accdb

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/28 20:27:33 | 000,037,806 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Nick1 copy.jpg

[2010/04/28 15:14:49 | 000,975,958 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\picture8.jpg

[2010/04/28 15:03:57 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1272430941.job

[2010/04/28 15:02:34 | 000,000,647 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/04/28 15:02:33 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk

[2010/04/28 15:02:20 | 000,019,558 | ---- | M] () -- C:\WINDOWS\hpoins01.dat

[2010/04/28 14:58:37 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk

[2010/04/28 14:58:37 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk

[2010/04/28 14:58:37 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

[2010/04/28 07:34:22 | 174,207,416 | ---- | M] (Hewlett-Packard Company) -- C:\Documents and Settings\Nicholas\Desktop\rw2_021_w02_enu.exe

[2010/04/28 07:00:12 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/04/28 00:29:14 | 000,090,352 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/26 21:30:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\HijackThis.lnk

[2010/05/25 21:51:11 | 000,424,347 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Naboo_World_HD_1080i.jpg

[2010/05/25 20:07:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/25 18:35:09 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/24 13:47:38 | 003,407,872 | ---- | C] () -- C:\Documents and Settings\Nicholas\ntuser.dat

[2010/05/21 11:59:33 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk

[2010/05/19 23:08:29 | 000,020,224 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Globalization.docx

[2010/05/19 21:33:23 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo!7 Messenger.lnk

[2010/05/11 21:36:15 | 005,392,192 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\07a.mp3

[2010/05/11 21:25:13 | 000,027,886 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Yo-Yo_Ma-2004-Plays_Ennio_Morricone.3252744.TPB.torrent

[2010/05/10 18:41:11 | 000,282,624 | ---- | C] () -- C:\Documents and Settings\Nicholas\My Documents\Database1.accdb

[2010/04/28 20:27:28 | 000,037,806 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Nick1 copy.jpg

[2010/04/28 15:03:52 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1272430941.job

[2010/04/28 15:02:33 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk

[2010/04/28 14:58:37 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk

[2010/04/28 14:58:37 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

[2010/04/28 14:58:36 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk

[2010/04/28 14:56:26 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat

[2010/04/28 14:56:26 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/04/28 14:56:25 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat

[2010/04/28 05:12:59 | 000,975,958 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\picture8.jpg

[2010/03/16 21:28:59 | 000,000,748 | ---- | C] () -- C:\WINDOWS\LMAAL2DD.ini

[2009/12/29 14:30:39 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2009/12/15 20:41:47 | 000,025,071 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/12/15 20:31:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/12/15 20:17:47 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/12/15 20:17:44 | 000,024,892 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/12/15 20:17:33 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/11/28 13:26:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/11/28 13:26:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/11/28 13:26:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/11/28 13:26:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/11/28 13:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

< End of report >

Link to post
Share on other sites

OTL logfile created on: 27/05/2010 5:23:59 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Nicholas\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

893.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 18.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 206.22 Gb Free Space | 69.18% Space Free | Partition Type: NTFS

Drive D: | 448.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NICK

Current User Name: Nicholas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

PRC - [2010/04/21 16:35:25 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/04/21 16:35:21 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/04/02 10:16:44 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/20 10:39:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/03/20 10:39:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/03/20 10:39:00 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/12/09 08:36:56 | 000,866,200 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - [2007/04/11 07:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2003/04/09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

========== Modules (SafeList) ==========

MOD - [2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

MOD - [2009/07/02 14:54:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007/11/28 13:26:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll

MOD - [2007/11/28 13:26:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)

SRV - [2010/03/20 10:39:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/21 16:35:22 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/03/20 10:39:43 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/03/20 10:39:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2008/05/09 07:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/02/15 00:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2007/11/28 13:26:00 | 006,866,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2007/11/18 01:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2007/11/18 01:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007/04/11 07:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/12 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????????????????????????????????

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 06:46:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/26 02:20:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 02:20:13 | 000,000,000 | ---D | M]

[2009/12/16 10:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions

[2010/05/27 16:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions

[2010/05/19 21:38:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/05/18 01:17:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/05/27 17:05:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/02 02:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/04/02 02:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/04/02 02:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/04/02 02:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/21 12:00:24 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/15 19:55:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/01/19 15:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- [2004/01/19 15:00:00 | 001,085,440 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/27 17:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\logs

[2010/05/27 17:16:40 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

[2010/05/26 21:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/05/26 21:29:59 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Nicholas\Desktop\HJTInstall.exe

[2010/05/26 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\wcskpvsgk

[2010/05/26 20:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/05/26 01:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\mbkupdvli

[2010/05/25 21:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/05/25 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/05/25 20:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\SUPERAntiSpyware.com

[2010/05/25 20:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/05/25 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/05/25 18:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Malwarebytes

[2010/05/25 18:35:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/25 18:35:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/25 18:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/25 18:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/22 07:08:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/05/21 22:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6

[2010/05/21 21:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\MSN6

[2010/05/21 11:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\SpyHunter Security Suite v3.12.31 + Crack [RH]

[2010/05/21 11:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/05/21 11:37:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP

[2010/05/21 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/05/21 11:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\ltpeiqxis

[2010/05/21 01:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Temp

[2010/05/21 01:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Google

[2010/05/21 01:05:49 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Nicholas\Desktop\ChromeSetup.exe

[2010/05/19 21:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Yahoo

[2010/05/19 21:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Yahoo!

[2010/05/19 21:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2010/05/19 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/05/19 21:28:42 | 000,417,416 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\Nicholas\Desktop\msgr10au.exe

[2010/05/16 19:33:44 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010/05/12 12:02:02 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/05/09 00:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/09 00:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/06 23:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\work

[2010/04/28 15:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Hewlett-Packard

[2010/04/28 15:01:02 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

[2010/04/28 15:00:46 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys

[2010/04/28 14:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard

[2010/04/28 14:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2010/04/28 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\util

[2010/04/28 14:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Setup

[2010/04/28 14:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\enu

[2010/04/28 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Drivers

[2010/04/28 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\common

[2010/04/28 07:03:40 | 174,207,416 | ---- | C] (Hewlett-Packard Company) -- C:\Documents and Settings\Nicholas\Desktop\rw2_021_w02_enu.exe

[2010/04/27 23:36:46 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys

[2010/04/27 23:36:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fnfilter.dll

[2010/04/27 23:36:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll

[2010/04/27 23:36:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kousd.dll

[2010/04/27 23:36:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/27 17:25:02 | 000,094,248 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\prvlcl.dat

[2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

[2010/05/27 17:08:26 | 003,407,872 | ---- | M] () -- C:\Documents and Settings\Nicholas\ntuser.dat

[2010/05/27 16:39:11 | 060,422,530 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/27 16:35:54 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/05/27 16:32:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/27 07:38:35 | 004,829,464 | -H-- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\IconCache.db

[2010/05/27 01:35:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/26 21:30:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\HijackThis.lnk

[2010/05/26 21:29:53 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Nicholas\Desktop\HJTInstall.exe

[2010/05/26 21:18:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nicholas\ntuser.ini

[2010/05/26 16:28:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/05/26 02:20:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/05/26 01:59:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/25 22:41:19 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/25 21:51:12 | 000,424,347 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Naboo_World_HD_1080i.jpg

[2010/05/25 20:07:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/25 18:35:09 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/25 18:25:18 | 000,001,201 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr

[2010/05/21 11:59:33 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk

[2010/05/21 01:05:49 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas\Desktop\ChromeSetup.exe

[2010/05/19 23:52:24 | 000,020,224 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Globalization.docx

[2010/05/19 21:33:23 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo!7 Messenger.lnk

[2010/05/19 21:28:42 | 000,417,416 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Nicholas\Desktop\msgr10au.exe

[2010/05/17 09:20:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/11 21:38:10 | 005,392,192 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\07a.mp3

[2010/05/11 21:25:14 | 000,027,886 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Yo-Yo_Ma-2004-Plays_Ennio_Morricone.3252744.TPB.torrent

[2010/05/10 18:41:17 | 000,282,624 | ---- | M] () -- C:\Documents and Settings\Nicholas\My Documents\Database1.accdb

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/28 20:27:33 | 000,037,806 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Nick1 copy.jpg

[2010/04/28 15:14:49 | 000,975,958 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\picture8.jpg

[2010/04/28 15:03:57 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1272430941.job

[2010/04/28 15:02:34 | 000,000,647 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/04/28 15:02:33 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk

[2010/04/28 15:02:20 | 000,019,558 | ---- | M] () -- C:\WINDOWS\hpoins01.dat

[2010/04/28 14:58:37 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk

[2010/04/28 14:58:37 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk

[2010/04/28 14:58:37 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

[2010/04/28 07:34:22 | 174,207,416 | ---- | M] (Hewlett-Packard Company) -- C:\Documents and Settings\Nicholas\Desktop\rw2_021_w02_enu.exe

[2010/04/28 07:00:12 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/04/28 00:29:14 | 000,090,352 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/26 21:30:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\HijackThis.lnk

[2010/05/25 21:51:11 | 000,424,347 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Naboo_World_HD_1080i.jpg

[2010/05/25 20:07:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/25 18:35:09 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/24 13:47:38 | 003,407,872 | ---- | C] () -- C:\Documents and Settings\Nicholas\ntuser.dat

[2010/05/21 11:59:33 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk

[2010/05/19 23:08:29 | 000,020,224 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Globalization.docx

[2010/05/19 21:33:23 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo!7 Messenger.lnk

[2010/05/11 21:36:15 | 005,392,192 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\07a.mp3

[2010/05/11 21:25:13 | 000,027,886 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Yo-Yo_Ma-2004-Plays_Ennio_Morricone.3252744.TPB.torrent

[2010/05/10 18:41:11 | 000,282,624 | ---- | C] () -- C:\Documents and Settings\Nicholas\My Documents\Database1.accdb

[2010/04/28 20:27:28 | 000,037,806 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Nick1 copy.jpg

[2010/04/28 15:03:52 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1272430941.job

[2010/04/28 15:02:33 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk

[2010/04/28 14:58:37 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk

[2010/04/28 14:58:37 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

[2010/04/28 14:58:36 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk

[2010/04/28 14:56:26 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat

[2010/04/28 14:56:26 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/04/28 14:56:25 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat

[2010/04/28 05:12:59 | 000,975,958 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\picture8.jpg

[2010/03/16 21:28:59 | 000,000,748 | ---- | C] () -- C:\WINDOWS\LMAAL2DD.ini

[2009/12/29 14:30:39 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2009/12/15 20:41:47 | 000,025,071 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/12/15 20:31:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/12/15 20:17:47 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/12/15 20:17:44 | 000,024,892 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/12/15 20:17:33 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/11/28 13:26:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/11/28 13:26:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/11/28 13:26:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/11/28 13:26:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/11/28 13:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

< End of report >

Link to post
Share on other sites

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-28 21:01:56

Windows 5.1.2600 Service Pack 3

Running: d81r422m.exe; Driver: C:\DOCUME~1\Nicholas\LOCALS~1\Temp\pxtdqpoc.sys

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\System32\DRIVERS\kbdclass.sys entry point in ".rsrc" section [0xF77ABE14]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A

.text C:\WINDOWS\system32\svchost.exe[540] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A

.text C:\WINDOWS\system32\svchost.exe[540] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C

.text C:\WINDOWS\system32\svchost.exe[540] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00AF000A

.text C:\WINDOWS\Explorer.EXE[896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[896] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A

.text C:\WINDOWS\Explorer.EXE[896] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 850ACEE4

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\kbdclass.sys suspicious modification

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hello again,

Unfortunately you are infected with a nasty rootkit. Before starting the clean up, please review the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

That's what I was fearing most. I have decided to go ahead with clean up process and run with the machine until further problems occur. But if I continue to have problems after the clean up, then I will reformat my computer. Here are the results I found:

ComboFix 10-05-27.03 - Nicholas 28/05/2010 22:25:30.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.893.550 [GMT 10:00]

Running from: c:\documents and settings\Nicholas\Desktop\ComboFix.exe

.

The following files were disabled during the run:

c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\autorun.inf

Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected

Restored copy from - Kitty had a snack :welcome:

.

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))

.

2010-05-26 11:30 . 2010-05-26 11:30 -------- d-----w- c:\program files\Trend Micro

2010-05-26 10:48 . 2010-05-26 11:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\wcskpvsgk

2010-05-26 10:47 . 2010-05-26 10:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-05-25 15:52 . 2010-05-25 16:07 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\mbkupdvli

2010-05-25 10:07 . 2010-05-25 11:53 63488 ----a-w- c:\documents and settings\Nicholas\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-05-25 10:07 . 2010-05-25 10:07 52224 ----a-w- c:\documents and settings\Nicholas\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-05-25 10:07 . 2010-05-25 11:53 117760 ----a-w- c:\documents and settings\Nicholas\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-05-25 10:07 . 2010-05-25 10:07 -------- d-----w- c:\documents and settings\Nicholas\Application Data\SUPERAntiSpyware.com

2010-05-25 10:07 . 2010-05-25 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-05-25 10:07 . 2010-05-25 10:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-25 08:35 . 2010-05-25 08:35 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Malwarebytes

2010-05-25 08:35 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-25 08:35 . 2010-05-25 08:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-25 08:35 . 2010-05-25 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-25 08:35 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-25 07:10 . 2010-05-25 07:10 -------- d-----w- c:\windows\system32\wbem\Repository

2010-05-25 06:27 . 2010-05-25 07:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft

2010-05-25 06:27 . 2010-05-25 07:10 -------- d-s---w- c:\documents and settings\Administrator

2010-05-21 12:02 . 2010-05-21 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6

2010-05-21 11:25 . 2010-05-21 11:26 -------- d-----w- c:\documents and settings\Nicholas\Application Data\MSN6

2010-05-21 01:38 . 2010-05-21 01:38 -------- d-----w- c:\program files\Enigma Software Group

2010-05-21 01:37 . 2010-05-21 01:44 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP

2010-05-21 01:37 . 2010-05-21 01:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-05-21 01:25 . 2010-05-21 12:02 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\ltpeiqxis

2010-05-20 15:06 . 2010-05-20 16:52 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\Temp

2010-05-20 15:06 . 2010-05-21 12:11 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\Google

2010-05-19 11:46 . 2010-05-19 11:46 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\Yahoo

2010-05-19 11:38 . 2010-05-19 11:46 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Yahoo!

2010-05-19 11:33 . 2010-05-19 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2010-05-19 11:33 . 2010-05-11 02:41 607544 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

2010-05-19 11:29 . 2010-05-19 21:56 -------- d-----w- c:\program files\Yahoo!

2010-05-16 09:33 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-05-12 02:02 . 2010-05-12 02:02 -------- d-----w- C:\$AVG

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-28 12:10 . 2009-12-17 20:08 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Skype

2010-05-28 11:56 . 2010-03-24 05:05 0 ----a-w- c:\documents and settings\Nicholas\Local Settings\Application Data\prvlcl.dat

2010-05-28 11:14 . 2009-12-17 20:15 -------- d-----w- c:\documents and settings\Nicholas\Application Data\skypePM

2010-05-28 03:40 . 2009-12-17 20:30 -------- d-----w- c:\documents and settings\Nicholas\Application Data\vlc

2010-05-22 19:21 . 2009-12-17 20:21 -------- d-----w- c:\documents and settings\Nicholas\Application Data\BitTorrent

2010-05-21 21:23 . 2010-02-15 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-28 05:03 . 2010-04-28 05:03 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Hewlett-Packard

2010-04-28 05:02 . 2010-04-28 04:56 19558 ----a-w- c:\windows\hpoins01.dat

2010-04-28 04:59 . 2010-04-28 04:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2010-04-28 04:58 . 2010-04-28 04:57 -------- d-----w- c:\program files\Hewlett-Packard

2010-04-28 04:56 . 2010-04-28 04:56 -------- d-----w- c:\program files\util

2010-04-28 04:56 . 2010-04-28 04:54 -------- d-----w- c:\program files\Setup

2010-04-28 04:54 . 2010-04-28 04:54 -------- d-----w- c:\program files\enu

2010-04-28 04:54 . 2010-04-28 04:54 -------- d-----w- c:\program files\Drivers

2010-04-28 04:54 . 2010-04-28 04:54 -------- d-----w- c:\program files\common

2010-04-27 14:29 . 2009-12-16 00:31 90352 ----a-w- c:\documents and settings\Nicholas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-21 06:35 . 2010-03-19 18:17 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-20 00:39 . 2010-03-20 00:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-20 00:39 . 2010-03-19 18:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-20 00:39 . 2010-03-19 18:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-11 12:38 . 2006-06-23 00:33 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-11 12:38 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll

2010-03-11 12:38 . 2002-08-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-03-09 11:09 . 2002-08-29 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll

2003-04-22 00:46 . 2003-04-22 00:46 2719744 ------w- c:\program files\aiodrv.msi

2003-04-22 00:42 . 2003-04-22 00:42 2588672 ------w- c:\program files\aiosw.msi

2003-04-22 00:24 . 2003-04-22 00:24 16606 ----a-w- c:\program files\hpomdl01.dat

2003-04-22 00:23 . 2003-04-22 00:23 267 ----a-w- c:\program files\readme.html

2003-04-09 08:19 . 2003-04-09 08:19 2848 ----a-w- c:\program files\hpound08.inf

2003-04-09 08:19 . 2003-04-09 08:19 14157 ----a-w- c:\program files\hpousc08.inf

2003-04-09 08:00 . 2003-04-09 08:00 2889 ----a-w- c:\program files\hpousb08.inf

2003-04-09 08:00 . 2003-04-09 08:00 4715 ----a-w- c:\program files\hpoglu08.inf

2003-03-20 06:20 . 2003-03-20 06:20 22523 ----a-w- c:\program files\HPZius12.cat

2003-03-20 06:20 . 2003-03-20 06:20 22082 ----a-w- c:\program files\hpzist12.cat

2003-03-20 06:20 . 2003-03-20 06:20 24728 ----a-w- c:\program files\HPZipr12.cat

2003-03-20 06:20 . 2003-03-20 06:20 22082 ----a-w- c:\program files\HPZid412.cat

2003-03-20 06:20 . 2003-03-20 06:20 21641 ----a-w- c:\program files\HPOunp08.cat

2003-03-20 06:20 . 2003-03-20 06:20 24285 ----a-w- c:\program files\hposcu08.cat

2003-03-20 06:20 . 2003-03-20 06:20 205503 ----a-w- c:\program files\hpoprn08.cat

2003-03-09 11:30 . 2003-03-09 11:30 3667 ----a-w- c:\program files\hpzist12.inf

2003-03-09 11:30 . 2003-03-09 11:30 184320 ----a-w- c:\program files\hpzscr07.dll

2003-03-09 11:30 . 2003-03-09 11:30 14285 ----a-w- c:\program files\hpzius12.inf

2003-03-09 11:30 . 2003-03-09 11:30 10325 ----a-w- c:\program files\hpzipr12.inf

2003-03-09 11:30 . 2003-03-09 11:30 63562 ----a-w- c:\program files\hposcu08.inf

2003-03-09 11:30 . 2003-03-09 11:30 51266 ----a-w- c:\program files\hpoprn08.inf

2003-03-09 11:30 . 2003-03-09 11:30 3898 ----a-w- c:\program files\hpounp08.inf

2003-03-09 11:30 . 2003-03-09 11:30 33952 ----a-w- c:\program files\hpzid412.inf

2003-03-09 11:30 . 2003-03-09 11:30 274432 ----a-w- c:\program files\hpzglu07.exe

2003-03-09 11:30 . 2003-03-09 11:30 237568 ----a-w- c:\program files\hpzc3212.dll

2003-03-09 11:30 . 2003-03-09 11:30 23186 ----a-w- c:\program files\hpzcin06.ex_

2002-09-09 08:48 . 2002-09-09 08:48 22608 ----a-w- c:\program files\usbprint.sys

2002-09-09 08:48 . 2002-09-09 08:48 12288 ----a-w- c:\program files\usbmon.dll

2002-09-09 08:47 . 2002-09-09 08:47 254005 ----a-w- c:\program files\msvcrt.dll

2002-09-09 08:47 . 2002-09-09 08:47 70656 ----a-w- c:\program files\msvcirt.dll

2002-09-09 08:47 . 2002-09-09 08:47 55155 ----a-w- c:\program files\hpzusb00.sy_

2002-09-09 08:47 . 2002-09-09 08:47 5705 ----a-w- c:\program files\hpzuci02.dl_

2002-09-09 08:47 . 2002-09-09 08:47 25639 ----a-w- c:\program files\hpzpom04.dl_

2002-09-09 08:47 . 2002-09-09 08:47 212992 ----a-w- c:\program files\hpzpnp07.dll

2002-09-09 08:46 . 2002-09-09 08:46 49212 ----a-w- c:\program files\hpzjvp01.dll

2002-09-09 08:46 . 2002-09-09 08:46 249913 ----a-w- c:\program files\hpzjut01.dll

2002-09-09 08:46 . 2002-09-09 08:46 417849 ----a-w- c:\program files\hpzjpp01.dll

2002-09-09 08:46 . 2002-09-09 08:46 28722 ----a-w- c:\program files\hpzjlog.dll

2002-09-09 08:46 . 2002-09-09 08:46 52552 ----a-w- c:\program files\hpziou01.dl_

2002-09-09 08:46 . 2002-09-09 08:46 46017 ----a-w- c:\program files\hpzion00.sy_

2002-09-06 00:54 . 2002-09-06 00:54 995383 ----a-w- c:\program files\MFC42.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-11-28 8491008]

"nwiz"="nwiz.exe" [2007-11-28 1626112]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-11-28 81920]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]

"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-12-08 866200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Nicholas\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-20 00:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 0 (0x0)

"AllowInboundTimestampRequest"= 0 (0x0)

"AllowInboundMaskRequest"= 0 (0x0)

"AllowInboundRouterRequest"= 0 (0x0)

"AllowOutboundDestinationUnreachable"= 0 (0x0)

"AllowOutboundSourceQuench"= 0 (0x0)

"AllowOutboundParameterProblem"= 0 (0x0)

"AllowOutboundTimeExceeded"= 0 (0x0)

"AllowRedirect"= 0 (0x0)

"AllowOutboundPacketTooBig"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/03/2010 4:17 AM 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/03/2010 4:17 AM 242896]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/02/2010 4:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67656]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [20/03/2010 10:39 AM 308064]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [15/12/2009 9:26 PM 238080]

.

Contents of the 'Scheduled Tasks' folder

2010-05-28 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4272430941.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 07:56]

.

.

------- Supplementary Scan -------

.

uStart Page = ????????????????????????????????

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: {E65FC075-8F4A-4A09-821E-3AB370CAA213} = 192.168.1.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2010-05-28 22:31:38

ComboFix-quarantined-files.txt 2010-05-28 12:31

Pre-Run: 224,160,665,600 bytes free

Post-Run: 225,016,938,496 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - EC415C1FCEBB57AE1EB873D46D2264D8

Link to post
Share on other sites

Hi there,

Things look good, Combofix took out the rootkit nicely, but we still have to fix some leftovers.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please visit the Adobe website and install the latest version of Adobe reader. Your log shows you are using an older version; these are known to have certain security vulnerabilities.

Also, please run a full scan with MBAM (first update) and post me the log.

Link to post
Share on other sites

Thank you! I've run Combofix and MBAM, and will post the logs now:

ComboFix 10-05-27.03 - Nicholas 29/05/2010 0:41.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.893.338 [GMT 10:00]

Running from: c:\documents and settings\Nicholas\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Nicholas\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

The following files were disabled during the run:

c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))

.

2010-05-26 11:30 . 2010-05-26 11:30 -------- d-----w- c:\program files\Trend Micro

2010-05-26 10:48 . 2010-05-26 11:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\wcskpvsgk

2010-05-26 10:47 . 2010-05-26 10:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-05-25 15:52 . 2010-05-25 16:07 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\mbkupdvli

2010-05-25 10:07 . 2010-05-25 11:53 63488 ----a-w- c:\documents and settings\Nicholas\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-05-25 10:07 . 2010-05-25 10:07 52224 ----a-w- c:\documents and settings\Nicholas\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-05-25 10:07 . 2010-05-25 11:53 117760 ----a-w- c:\documents and settings\Nicholas\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-05-25 10:07 . 2010-05-25 10:07 -------- d-----w- c:\documents and settings\Nicholas\Application Data\SUPERAntiSpyware.com

2010-05-25 10:07 . 2010-05-25 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-05-25 10:07 . 2010-05-28 13:38 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-25 08:35 . 2010-05-25 08:35 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Malwarebytes

2010-05-25 08:35 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-25 08:35 . 2010-05-25 08:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-25 08:35 . 2010-05-25 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-25 08:35 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-25 07:10 . 2010-05-25 07:10 -------- d-----w- c:\windows\system32\wbem\Repository

2010-05-25 06:27 . 2010-05-25 07:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft

2010-05-25 06:27 . 2010-05-25 07:10 -------- d-s---w- c:\documents and settings\Administrator

2010-05-21 12:02 . 2010-05-21 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6

2010-05-21 11:25 . 2010-05-21 11:26 -------- d-----w- c:\documents and settings\Nicholas\Application Data\MSN6

2010-05-21 01:38 . 2010-05-21 01:38 -------- d-----w- c:\program files\Enigma Software Group

2010-05-21 01:37 . 2010-05-21 01:44 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP

2010-05-21 01:37 . 2010-05-21 01:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-05-21 01:25 . 2010-05-21 12:02 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\ltpeiqxis

2010-05-20 15:06 . 2010-05-20 16:52 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\Temp

2010-05-20 15:06 . 2010-05-21 12:11 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\Google

2010-05-19 11:46 . 2010-05-19 11:46 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\Yahoo

2010-05-19 11:38 . 2010-05-19 11:46 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Yahoo!

2010-05-19 11:33 . 2010-05-19 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2010-05-19 11:33 . 2010-05-11 02:41 607544 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

2010-05-19 11:29 . 2010-05-19 21:56 -------- d-----w- c:\program files\Yahoo!

2010-05-16 09:33 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-05-12 02:02 . 2010-05-12 02:02 -------- d-----w- C:\$AVG

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-28 14:16 . 2009-12-17 20:08 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Skype

2010-05-28 14:05 . 2009-12-17 20:15 -------- d-----w- c:\documents and settings\Nicholas\Application Data\skypePM

2010-05-28 13:53 . 2010-03-24 05:05 0 ----a-w- c:\documents and settings\Nicholas\Local Settings\Application Data\prvlcl.dat

2010-05-28 03:40 . 2009-12-17 20:30 -------- d-----w- c:\documents and settings\Nicholas\Application Data\vlc

2010-05-22 19:21 . 2009-12-17 20:21 -------- d-----w- c:\documents and settings\Nicholas\Application Data\BitTorrent

2010-05-21 21:23 . 2010-02-15 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-28 05:03 . 2010-04-28 05:03 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Hewlett-Packard

2010-04-28 05:02 . 2010-04-28 04:56 19558 ----a-w- c:\windows\hpoins01.dat

2010-04-28 04:59 . 2010-04-28 04:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2010-04-28 04:58 . 2010-04-28 04:57 -------- d-----w- c:\program files\Hewlett-Packard

2010-04-28 04:56 . 2010-04-28 04:56 -------- d-----w- c:\program files\util

2010-04-28 04:56 . 2010-04-28 04:54 -------- d-----w- c:\program files\Setup

2010-04-28 04:54 . 2010-04-28 04:54 -------- d-----w- c:\program files\enu

2010-04-28 04:54 . 2010-04-28 04:54 -------- d-----w- c:\program files\Drivers

2010-04-28 04:54 . 2010-04-28 04:54 -------- d-----w- c:\program files\common

2010-04-27 14:29 . 2009-12-16 00:31 90352 ----a-w- c:\documents and settings\Nicholas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-21 06:35 . 2010-03-19 18:17 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-20 00:39 . 2010-03-20 00:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-20 00:39 . 2010-03-19 18:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-20 00:39 . 2010-03-19 18:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-11 12:38 . 2006-06-23 00:33 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-11 12:38 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll

2010-03-11 12:38 . 2002-08-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-03-09 11:09 . 2002-08-29 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll

2003-04-22 00:46 . 2003-04-22 00:46 2719744 ------w- c:\program files\aiodrv.msi

2003-04-22 00:42 . 2003-04-22 00:42 2588672 ------w- c:\program files\aiosw.msi

2003-04-22 00:24 . 2003-04-22 00:24 16606 ----a-w- c:\program files\hpomdl01.dat

2003-04-22 00:23 . 2003-04-22 00:23 267 ----a-w- c:\program files\readme.html

2003-04-09 08:19 . 2003-04-09 08:19 2848 ----a-w- c:\program files\hpound08.inf

2003-04-09 08:19 . 2003-04-09 08:19 14157 ----a-w- c:\program files\hpousc08.inf

2003-04-09 08:00 . 2003-04-09 08:00 2889 ----a-w- c:\program files\hpousb08.inf

2003-04-09 08:00 . 2003-04-09 08:00 4715 ----a-w- c:\program files\hpoglu08.inf

2003-03-20 06:20 . 2003-03-20 06:20 22523 ----a-w- c:\program files\HPZius12.cat

2003-03-20 06:20 . 2003-03-20 06:20 22082 ----a-w- c:\program files\hpzist12.cat

2003-03-20 06:20 . 2003-03-20 06:20 24728 ----a-w- c:\program files\HPZipr12.cat

2003-03-20 06:20 . 2003-03-20 06:20 22082 ----a-w- c:\program files\HPZid412.cat

2003-03-20 06:20 . 2003-03-20 06:20 21641 ----a-w- c:\program files\HPOunp08.cat

2003-03-20 06:20 . 2003-03-20 06:20 24285 ----a-w- c:\program files\hposcu08.cat

2003-03-20 06:20 . 2003-03-20 06:20 205503 ----a-w- c:\program files\hpoprn08.cat

2003-03-09 11:30 . 2003-03-09 11:30 3667 ----a-w- c:\program files\hpzist12.inf

2003-03-09 11:30 . 2003-03-09 11:30 184320 ----a-w- c:\program files\hpzscr07.dll

2003-03-09 11:30 . 2003-03-09 11:30 14285 ----a-w- c:\program files\hpzius12.inf

2003-03-09 11:30 . 2003-03-09 11:30 10325 ----a-w- c:\program files\hpzipr12.inf

2003-03-09 11:30 . 2003-03-09 11:30 63562 ----a-w- c:\program files\hposcu08.inf

2003-03-09 11:30 . 2003-03-09 11:30 51266 ----a-w- c:\program files\hpoprn08.inf

2003-03-09 11:30 . 2003-03-09 11:30 3898 ----a-w- c:\program files\hpounp08.inf

2003-03-09 11:30 . 2003-03-09 11:30 33952 ----a-w- c:\program files\hpzid412.inf

2003-03-09 11:30 . 2003-03-09 11:30 274432 ----a-w- c:\program files\hpzglu07.exe

2003-03-09 11:30 . 2003-03-09 11:30 237568 ----a-w- c:\program files\hpzc3212.dll

2003-03-09 11:30 . 2003-03-09 11:30 23186 ----a-w- c:\program files\hpzcin06.ex_

2002-09-09 08:48 . 2002-09-09 08:48 22608 ----a-w- c:\program files\usbprint.sys

2002-09-09 08:48 . 2002-09-09 08:48 12288 ----a-w- c:\program files\usbmon.dll

2002-09-09 08:47 . 2002-09-09 08:47 254005 ----a-w- c:\program files\msvcrt.dll

2002-09-09 08:47 . 2002-09-09 08:47 70656 ----a-w- c:\program files\msvcirt.dll

2002-09-09 08:47 . 2002-09-09 08:47 55155 ----a-w- c:\program files\hpzusb00.sy_

2002-09-09 08:47 . 2002-09-09 08:47 5705 ----a-w- c:\program files\hpzuci02.dl_

2002-09-09 08:47 . 2002-09-09 08:47 25639 ----a-w- c:\program files\hpzpom04.dl_

2002-09-09 08:47 . 2002-09-09 08:47 212992 ----a-w- c:\program files\hpzpnp07.dll

2002-09-09 08:46 . 2002-09-09 08:46 49212 ----a-w- c:\program files\hpzjvp01.dll

2002-09-09 08:46 . 2002-09-09 08:46 249913 ----a-w- c:\program files\hpzjut01.dll

2002-09-09 08:46 . 2002-09-09 08:46 417849 ----a-w- c:\program files\hpzjpp01.dll

2002-09-09 08:46 . 2002-09-09 08:46 28722 ----a-w- c:\program files\hpzjlog.dll

2002-09-09 08:46 . 2002-09-09 08:46 52552 ----a-w- c:\program files\hpziou01.dl_

2002-09-09 08:46 . 2002-09-09 08:46 46017 ----a-w- c:\program files\hpzion00.sy_

2002-09-06 00:54 . 2002-09-06 00:54 995383 ----a-w- c:\program files\MFC42.DLL

.

((((((((((((((((((((((((((((( SnapShot@2010-05-28_12.30.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2002-08-29 12:00 . 2010-05-28 14:08 59644 c:\windows\system32\perfc009.dat

+ 2005-09-22 21:28 . 2005-09-22 21:28 32768 c:\windows\system32\netfxperf.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 74240 c:\windows\system32\mscories.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 83456 c:\windows\system32\dfshim.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2005-09-22 21:28 . 2005-09-22 21:28 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 47616 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 59072 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 14848 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 96440 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe

+ 2005-09-22 21:29 . 2005-09-22 21:29 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 66240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

+ 2005-09-22 20:36 . 2005-09-22 20:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll

+ 2005-09-22 20:29 . 2005-09-22 20:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll

+ 2005-09-22 20:47 . 2005-09-22 20:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll

+ 2005-09-22 20:30 . 2005-09-22 20:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll

+ 2005-09-22 20:47 . 2005-09-22 20:47 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll

+ 2005-09-22 20:47 . 2005-09-22 20:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll

+ 2005-09-22 20:47 . 2005-09-22 20:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll

+ 2005-09-22 20:47 . 2005-09-22 20:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll

+ 2005-09-22 20:46 . 2005-09-22 20:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll

+ 2005-09-22 20:46 . 2005-09-22 20:46 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll

+ 2005-09-22 20:46 . 2005-09-22 20:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll

+ 2005-09-22 20:44 . 2005-09-22 20:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll

+ 2005-09-22 20:42 . 2005-09-22 20:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll

+ 2005-09-22 20:40 . 2005-09-22 20:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll

+ 2005-09-22 20:40 . 2005-09-22 20:40 83968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll

+ 2005-09-22 20:40 . 2005-09-22 20:40 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll

+ 2005-09-22 20:38 . 2005-09-22 20:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll

+ 2005-09-22 20:38 . 2005-09-22 20:38 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll

+ 2005-09-22 17:46 . 2005-09-22 17:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll

+ 2005-09-22 20:36 . 2005-09-22 20:36 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll

+ 2005-09-22 20:34 . 2005-09-22 20:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll

+ 2005-09-22 20:34 . 2005-09-22 20:34 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll

+ 2005-09-22 20:34 . 2005-09-22 20:34 82944 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll

+ 2005-09-22 20:32 . 2005-09-22 20:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll

+ 2005-09-22 20:29 . 2005-09-22 20:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 31936 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 68608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 76984 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 88576 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 29888 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 29896 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 26824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 70656 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 23552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 55488 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 86528 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2010-05-28 14:04 . 2010-05-28 14:04 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 6144 c:\windows\system32\mui\0409\mscorees.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 5120 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2002-08-29 12:00 . 2010-05-28 14:08 395530 c:\windows\system32\perfh009.dat

+ 2005-09-22 21:28 . 2005-09-22 21:28 150016 c:\windows\system32\mscorier.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 270848 c:\windows\system32\mscoree.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 298496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 260096 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 368640 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 700416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 884736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 716800 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 482304 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 389120 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 377344 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 226816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 102400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 326144 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 800768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 647168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 413696 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2005-09-22 21:57 . 2005-09-22 21:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll

+ 2005-09-22 21:01 . 2005-09-22 21:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 224952 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 503808 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

+ 2010-05-28 14:07 . 2010-05-28 14:07 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\04b88dcbf116dd47bdcf436fd5187935\System.Drawing.Design.ni.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 700416 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 884736 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 389120 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 745472 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 503808 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-05-28 14:03 . 2010-05-28 14:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 1306624 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

+ 2005-09-22 21:29 . 2005-09-22 21:29 1140920 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

+ 2005-09-22 21:28 . 2005-09-22 21:28 2035712 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 5316608 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 3018752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 5050368 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 2878976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 5615616 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 4308992 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2005-09-22 21:28 . 2005-09-22 21:28 1144832 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 2109440 c:\windows\Installer\2094db.msi

+ 2010-05-28 14:07 . 2010-05-28 14:07 8093696 c:\windows\assembly\NativeImages_v2.0.50727_32\System\a7f80ec55fb7984ea5951e2339ccac50\System.ni.dll

+ 2010-05-28 14:08 . 2010-05-28 14:08 5640192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0e2cc602ebadac47b6710c3f5fa00e4f\System.Xml.ni.dll

+ 2010-05-28 14:07 . 2010-05-28 14:07 1626112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c63bbff37ab83944a0465f7db8c3d7f1\System.Drawing.ni.dll

+ 2010-05-28 14:08 . 2010-05-28 14:08 6688768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0e62cd0fa66ef74a96869960ee6316fd\System.Data.ni.dll

+ 2010-05-28 14:05 . 2010-05-28 14:05 3018752 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 2035712 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 5316608 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 5050368 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 5025792 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 2878976 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2010-05-28 14:04 . 2010-05-28 14:04 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2005-09-22 21:48 . 2005-09-22 21:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi

+ 2010-05-28 14:07 . 2010-05-28 14:07 13107200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\159dd93961fd704ea91df48537f850e7\System.Windows.Forms.ni.dll

+ 2010-05-28 14:08 . 2010-05-28 14:08 10723328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fbb9d9e9900eea4c8d44f7735e06e8d3\System.Design.ni.dll

+ 2010-05-28 14:06 . 2010-05-28 14:06 11411456 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9061a9bfb2bcb146823ed180604c85ae\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-11-28 8491008]

"nwiz"="nwiz.exe" [2007-11-28 1626112]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-11-28 81920]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]

"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-12-08 866200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Nicholas\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-20 00:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 0 (0x0)

"AllowInboundTimestampRequest"= 0 (0x0)

"AllowInboundMaskRequest"= 0 (0x0)

"AllowInboundRouterRequest"= 0 (0x0)

"AllowOutboundDestinationUnreachable"= 0 (0x0)

"AllowOutboundSourceQuench"= 0 (0x0)

"AllowOutboundParameterProblem"= 0 (0x0)

"AllowOutboundTimeExceeded"= 0 (0x0)

"AllowRedirect"= 0 (0x0)

"AllowOutboundPacketTooBig"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/03/2010 4:17 AM 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/03/2010 4:17 AM 242896]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/02/2010 4:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67656]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [20/03/2010 10:39 AM 308064]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [15/12/2009 9:26 PM 238080]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

.

Contents of the 'Scheduled Tasks' folder

2010-05-28 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4272430941.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 07:56]

.

.

------- Supplementary Scan -------

.

uStart Page = ????????????????????????????????

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: {E65FC075-8F4A-4A09-821E-3AB370CAA213} = 192.168.1.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-29 00:45

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(712)

c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'explorer.exe'(3744)

c:\windows\system32\WININET.dll

c:\windows\system32\nview.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-05-29 00:47:16

ComboFix-quarantined-files.txt 2010-05-28 14:47

ComboFix2.txt 2010-05-28 12:31

Pre-Run: 224,732,123,136 bytes free

Post-Run: 224,706,818,048 bytes free

- - End Of File - - 69B8EAA3064164D5D64184B3319B1FB3

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

29/05/2010 2:13:21 AM

mbam-log-2010-05-29 (02-13-21).txt

Scan type: Full scan (C:\|)

Objects scanned: 196994

Time elapsed: 47 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi again,

Please let me know how things are running now. What problems do you still have left?

Please rerun OTL and click the NONE button, then under Extra Registry, tick "use safelist". Click Run Scan and post me the resulting log.

Link to post
Share on other sites

So far my computer has been running a lot better. The only problem as far as I can tell that remains is with IE; the home page, instead of being set to google, is set to something in Chinese (I think) that I can't change, and it warns me that the site can't be found everytime I open IE.

Link to post
Share on other sites

OTL Extras logfile created on: 29/05/2010 2:46:00 AM - Run 4

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Nicholas\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

893.00 Mb Total Physical Memory | 220.00 Mb Available Physical Memory | 25.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 209.04 Gb Free Space | 70.13% Space Free | Partition Type: NTFS

Drive D: | 448.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NICK

Current User Name: Nicholas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)

"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype

Link to post
Share on other sites

Hi again,

I was actually planning to ask you about that homepage since the logs were showing it as a bunch of question marks. Lets see if we can fix that.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen OTL on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????????????????????????????????

    :commands
    [emptytemp]


  3. Push the Run Fix button.
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click OK.
  6. A report will open. Copy and Paste that report in your next reply.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hi,

I ran both scans, but the problem still remains. I did find a trojan while using ESET, though. I will post both logs now:

OTL logfile created on: 29/05/2010 5:59:19 AM - Run 5

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Nicholas\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

893.00 Mb Total Physical Memory | 277.00 Mb Available Physical Memory | 31.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 209.06 Gb Free Space | 70.14% Space Free | Partition Type: NTFS

Drive D: | 448.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NICK

Current User Name: Nicholas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

PRC - [2010/04/21 16:35:21 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/04/02 10:16:44 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/20 10:39:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/03/20 10:39:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/03/20 10:39:00 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/12/09 08:36:56 | 000,866,200 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - [2007/04/11 07:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2003/04/09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

========== Modules (SafeList) ==========

MOD - [2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

MOD - [2009/07/02 14:54:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007/11/28 13:26:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll

MOD - [2007/11/28 13:26:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)

SRV - [2010/03/20 10:39:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/21 16:35:22 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/03/20 10:39:43 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/03/20 10:39:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2008/05/09 07:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/02/15 00:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2007/11/28 13:26:00 | 006,866,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2007/11/18 01:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2007/11/18 01:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007/04/11 07:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/12 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????????????????????????????????

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 06:46:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/26 02:20:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 02:20:13 | 000,000,000 | ---D | M]

[2009/12/16 10:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions

[2010/05/28 17:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions

[2010/05/19 21:38:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/05/18 01:17:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/05/29 04:29:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/02 02:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/04/02 02:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/04/02 02:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/04/02 02:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/28 23:04:21 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/15 19:55:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/01/19 15:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/29 04:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/05/29 04:27:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/05/29 04:26:36 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/05/29 02:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\logs2

[2010/05/29 01:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/05/29 01:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/05/29 01:15:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/05/29 00:47:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/05/29 00:03:17 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2010/05/29 00:00:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET

[2010/05/28 22:20:14 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/05/28 22:14:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/05/28 22:14:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/05/28 22:14:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/05/28 22:14:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/05/28 22:11:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/05/28 22:08:28 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/05/27 17:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\logs

[2010/05/27 17:16:40 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

[2010/05/26 21:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/05/26 21:29:59 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Nicholas\Desktop\HJTInstall.exe

[2010/05/26 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\wcskpvsgk

[2010/05/26 20:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/05/26 01:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\mbkupdvli

[2010/05/25 21:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/05/25 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/05/25 20:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\SUPERAntiSpyware.com

[2010/05/25 20:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/05/25 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/05/25 18:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Malwarebytes

[2010/05/25 18:35:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/25 18:35:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/25 18:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/25 18:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/21 22:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6

[2010/05/21 21:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\MSN6

[2010/05/21 11:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\SpyHunter Security Suite v3.12.31 + Crack [RH]

[2010/05/21 11:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/05/21 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/05/21 11:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\ltpeiqxis

[2010/05/21 01:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Temp

[2010/05/21 01:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Google

[2010/05/21 01:05:49 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Nicholas\Desktop\ChromeSetup.exe

[2010/05/19 21:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Yahoo

[2010/05/19 21:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Yahoo!

[2010/05/19 21:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2010/05/19 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/05/19 21:28:42 | 000,417,416 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\Nicholas\Desktop\msgr10au.exe

[2010/05/16 19:33:44 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010/05/12 12:02:02 | 000,000,000 | ---D | C] -- C:\$AVG

[2010/05/09 00:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/09 00:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/06 23:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\work

========== Files - Modified Within 30 Days ==========

[2010/05/29 05:52:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\prvlcl.dat

[2010/05/29 04:32:48 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\esetsmartinstaller_enu.exe

[2010/05/29 04:29:33 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/05/29 04:28:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/29 04:28:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/29 04:27:46 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Nicholas\ntuser.dat

[2010/05/29 03:59:22 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/05/29 01:18:11 | 004,834,256 | -H-- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\IconCache.db

[2010/05/29 01:16:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/05/29 00:45:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/29 00:08:44 | 000,409,140 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/05/29 00:08:44 | 000,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/29 00:08:44 | 000,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/28 23:22:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nicholas\ntuser.ini

[2010/05/28 23:04:21 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/28 22:24:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/28 22:20:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/05/28 22:04:46 | 003,700,273 | R--- | M] () -- C:\Documents and Settings\Nicholas\Desktop\ComboFix.exe

[2010/05/28 16:49:11 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\d81r422m.exe

[2010/05/28 15:03:10 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1272430941.job

[2010/05/28 10:56:16 | 060,450,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

[2010/05/26 21:30:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\HijackThis.lnk

[2010/05/26 21:29:53 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Nicholas\Desktop\HJTInstall.exe

[2010/05/26 02:20:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/05/25 22:41:19 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/25 21:51:12 | 000,424,347 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Naboo_World_HD_1080i.jpg

[2010/05/25 20:07:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/25 18:35:09 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/25 18:25:18 | 000,001,201 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr

[2010/05/21 12:00:24 | 000,000,727 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2010/05/21 11:59:33 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk

[2010/05/21 01:05:49 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas\Desktop\ChromeSetup.exe

[2010/05/19 23:52:24 | 000,020,224 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Globalization.docx

[2010/05/19 21:33:23 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo!7 Messenger.lnk

[2010/05/19 21:28:42 | 000,417,416 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Nicholas\Desktop\msgr10au.exe

[2010/05/17 09:20:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/10 18:41:17 | 000,282,624 | ---- | M] () -- C:\Documents and Settings\Nicholas\My Documents\Database1.accdb

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/29 04:32:34 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\esetsmartinstaller_enu.exe

[2010/05/29 01:16:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/05/28 22:20:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/05/28 22:20:15 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/05/28 22:14:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/05/28 22:14:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/05/28 22:14:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/05/28 22:14:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/05/28 22:14:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/05/28 22:02:41 | 003,700,273 | R--- | C] () -- C:\Documents and Settings\Nicholas\Desktop\ComboFix.exe

[2010/05/28 16:49:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\d81r422m.exe

[2010/05/26 21:30:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\HijackThis.lnk

[2010/05/25 21:51:11 | 000,424,347 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Naboo_World_HD_1080i.jpg

[2010/05/25 20:07:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/25 18:35:09 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/24 13:47:38 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\Nicholas\ntuser.dat

[2010/05/21 11:59:33 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk

[2010/05/19 23:08:29 | 000,020,224 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Globalization.docx

[2010/05/19 21:33:23 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo!7 Messenger.lnk

[2010/05/10 18:41:11 | 000,282,624 | ---- | C] () -- C:\Documents and Settings\Nicholas\My Documents\Database1.accdb

[2010/03/16 21:28:59 | 000,000,748 | ---- | C] () -- C:\WINDOWS\LMAAL2DD.ini

[2009/12/29 14:30:39 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2009/12/15 20:41:47 | 000,025,071 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/12/15 20:31:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/12/15 20:17:47 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/12/15 20:17:44 | 000,024,892 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/12/15 20:17:33 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/11/28 13:26:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/11/28 13:26:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/11/28 13:26:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/11/28 13:26:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/11/28 13:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== Custom Scans ==========

< :otl >

< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ???????????????????????????????? >

< >

< :commands >

< [emptytemp] >

< End of report >

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\kbdclass.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined

Link to post
Share on other sites

Ah, I'm sorry! I ran OTL again, but the problem still remains. Here are the right logs:

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.NICK

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Nicholas

->Temp folder emptied: 111508 bytes

->Temporary Internet Files folder emptied: 2196394 bytes

->FireFox cache emptied: 54587450 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1481 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05292010_195119

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hi,

The startpage is the only problem I'm still having. Everything else is running fine. Again, thank you for that. Here are the results for the most recent OTL scan:

OTL logfile created on: 29/05/2010 9:25:20 PM - Run 6

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Nicholas\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

893.00 Mb Total Physical Memory | 144.00 Mb Available Physical Memory | 16.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 208.66 Gb Free Space | 70.00% Space Free | Partition Type: NTFS

Drive D: | 448.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NICK

Current User Name: Nicholas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

PRC - [2010/05/11 12:39:52 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

PRC - [2010/04/21 16:35:21 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/04/02 10:16:44 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/20 10:39:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/03/20 10:39:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/03/20 10:39:00 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/12/09 08:36:56 | 000,866,200 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - [2007/04/11 07:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2003/04/09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

========== Modules (SafeList) ==========

MOD - [2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

MOD - [2009/07/02 14:54:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007/11/28 13:26:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll

MOD - [2007/11/28 13:26:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)

SRV - [2010/03/20 10:39:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/21 16:35:22 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/03/20 10:39:43 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/03/20 10:39:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2008/05/09 07:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/02/15 00:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2007/11/28 13:26:00 | 006,866,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2007/11/18 01:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2007/11/18 01:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007/04/11 07:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/12 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-838170752-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????????????????????????????????

IE - HKU\S-1-5-21-1715567821-838170752-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 06:46:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/29 15:55:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 02:20:13 | 000,000,000 | ---D | M]

[2009/12/16 10:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions

[2010/05/29 20:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions

[2010/05/19 21:38:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/05/18 01:17:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/05/29 20:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/02 02:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/04/02 02:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/04/02 02:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/04/02 02:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/28 23:04:21 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1715567821-838170752-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1715567821-838170752-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1715567821-838170752-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1715567821-838170752-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/15 19:55:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/01/19 15:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{1b8e18c2-eb4d-11de-926c-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{1b8e18c2-eb4d-11de-926c-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1b8e18c2-eb4d-11de-926c-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- [2004/01/19 15:00:00 | 001,085,440 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/29 04:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/05/29 04:27:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/05/29 04:26:36 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/05/29 02:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\logs2

[2010/05/29 01:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/05/29 01:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/05/29 00:47:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/05/29 00:03:17 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2010/05/29 00:00:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET

[2010/05/28 22:20:14 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/05/28 22:14:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/05/28 22:14:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/05/28 22:14:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/05/28 22:14:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/05/28 22:11:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/05/28 22:08:28 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/05/27 17:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\logs

[2010/05/27 17:16:40 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

[2010/05/26 21:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/05/26 21:29:59 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Nicholas\Desktop\HJTInstall.exe

[2010/05/26 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\wcskpvsgk

[2010/05/26 20:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/05/26 01:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\mbkupdvli

[2010/05/25 21:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/05/25 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/05/25 20:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\SUPERAntiSpyware.com

[2010/05/25 20:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/05/25 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/05/25 18:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Malwarebytes

[2010/05/25 18:35:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/25 18:35:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/25 18:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/25 18:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/21 22:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6

[2010/05/21 21:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\MSN6

[2010/05/21 11:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\SpyHunter Security Suite v3.12.31 + Crack [RH]

[2010/05/21 11:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/05/21 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/05/21 11:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\ltpeiqxis

[2010/05/21 01:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Temp

[2010/05/21 01:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Google

[2010/05/21 01:05:49 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Nicholas\Desktop\ChromeSetup.exe

[2010/05/19 21:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Yahoo

[2010/05/19 21:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Yahoo!

[2010/05/19 21:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2010/05/19 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/05/19 21:28:42 | 000,417,416 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\Nicholas\Desktop\msgr10au.exe

[2010/05/16 19:33:44 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010/05/12 12:02:02 | 000,000,000 | ---D | C] -- C:\$AVG

[2010/05/09 00:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/09 00:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/06 23:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\work

========== Files - Modified Within 30 Days ==========

[2010/05/29 20:07:42 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/05/29 20:02:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/29 20:02:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/29 20:01:36 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Nicholas\ntuser.dat

[2010/05/29 17:02:34 | 005,364,852 | -H-- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\IconCache.db

[2010/05/29 16:52:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\prvlcl.dat

[2010/05/29 13:28:00 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/05/29 13:05:10 | 060,486,014 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/29 12:59:18 | 000,090,352 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/05/29 12:58:18 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/29 06:17:49 | 000,000,647 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/29 04:32:48 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\esetsmartinstaller_enu.exe

[2010/05/29 01:16:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/05/29 00:45:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/29 00:08:44 | 000,409,140 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/05/29 00:08:44 | 000,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/29 00:08:44 | 000,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/28 23:22:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nicholas\ntuser.ini

[2010/05/28 23:04:21 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/28 22:24:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/28 22:20:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/05/28 22:04:46 | 003,700,273 | R--- | M] () -- C:\Documents and Settings\Nicholas\Desktop\ComboFix.exe

[2010/05/28 16:49:11 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\d81r422m.exe

[2010/05/28 15:03:10 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1272430941.job

[2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

[2010/05/26 21:30:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\HijackThis.lnk

[2010/05/26 21:29:53 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Nicholas\Desktop\HJTInstall.exe

[2010/05/26 02:20:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/05/25 22:41:19 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/25 21:51:12 | 000,424,347 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Naboo_World_HD_1080i.jpg

[2010/05/25 20:07:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/25 18:35:09 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/25 18:25:18 | 000,001,201 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr

[2010/05/21 12:00:24 | 000,000,727 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2010/05/21 11:59:33 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk

[2010/05/21 01:05:49 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas\Desktop\ChromeSetup.exe

[2010/05/19 23:52:24 | 000,020,224 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Globalization.docx

[2010/05/19 21:33:23 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo!7 Messenger.lnk

[2010/05/19 21:28:42 | 000,417,416 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Nicholas\Desktop\msgr10au.exe

[2010/05/17 09:20:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/10 18:41:17 | 000,282,624 | ---- | M] () -- C:\Documents and Settings\Nicholas\My Documents\Database1.accdb

========== Files Created - No Company Name ==========

[2010/05/29 04:32:34 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\esetsmartinstaller_enu.exe

[2010/05/29 01:16:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/05/28 22:20:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/05/28 22:20:15 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/05/28 22:14:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/05/28 22:14:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/05/28 22:14:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/05/28 22:14:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/05/28 22:14:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/05/28 22:02:41 | 003,700,273 | R--- | C] () -- C:\Documents and Settings\Nicholas\Desktop\ComboFix.exe

[2010/05/28 16:49:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\d81r422m.exe

[2010/05/26 21:30:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\HijackThis.lnk

[2010/05/25 21:51:11 | 000,424,347 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Naboo_World_HD_1080i.jpg

[2010/05/25 20:07:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/25 18:35:09 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/24 13:47:38 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\Nicholas\ntuser.dat

[2010/05/21 11:59:33 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk

[2010/05/19 23:08:29 | 000,020,224 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Globalization.docx

[2010/05/19 21:33:23 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo!7 Messenger.lnk

[2010/05/10 18:41:11 | 000,282,624 | ---- | C] () -- C:\Documents and Settings\Nicholas\My Documents\Database1.accdb

[2010/03/16 21:28:59 | 000,000,748 | ---- | C] () -- C:\WINDOWS\LMAAL2DD.ini

[2009/12/29 14:30:39 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2009/12/15 20:41:47 | 000,025,071 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/12/15 20:31:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/12/15 20:17:47 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/12/15 20:17:44 | 000,024,892 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/12/15 20:17:33 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/11/28 13:26:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/11/28 13:26:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/11/28 13:26:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/11/28 13:26:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/11/28 13:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

< End of report >

Link to post
Share on other sites

Good we doublechecked that; besides the startpage there are a few other settings that need corrected :D

Please copy/paste the following into OTL and click Run Fix.

:otl
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\S-1-5-21-1715567821-838170752-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????????????????????????????????

:commands
[emptytemp]

Link to post
Share on other sites

I've run the scan again, but the same problem remains. I'll post the log:

All processes killed

========== OTL ==========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

HKU\S-1-5-21-1715567821-838170752-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.NICK

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Nicholas

->Temp folder emptied: 54862 bytes

->Temporary Internet Files folder emptied: 1804623 bytes

->FireFox cache emptied: 39972069 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1084 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 61728 bytes

Total Files Cleaned = 40.00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05292010_222049

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

OTL logfile created on: 29/05/2010 10:55:24 PM - Run 7

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Nicholas\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

893.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 16.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 208.66 Gb Free Space | 70.00% Space Free | Partition Type: NTFS

Drive D: | 448.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NICK

Current User Name: Nicholas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

PRC - [2010/04/21 16:35:21 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/04/02 10:16:44 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/20 10:39:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/03/20 10:39:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/03/20 10:39:00 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/12/09 08:36:56 | 000,866,200 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - [2007/04/11 07:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2003/04/09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

========== Modules (SafeList) ==========

MOD - [2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

MOD - [2009/07/02 14:54:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007/11/28 13:26:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll

MOD - [2007/11/28 13:26:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)

SRV - [2010/03/20 10:39:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/21 16:35:22 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/03/20 10:39:43 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/03/20 10:39:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2008/05/09 07:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/02/15 00:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2007/11/28 13:26:00 | 006,866,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2007/11/18 01:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2007/11/18 01:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007/04/11 07:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/12 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-838170752-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????????????????????????????????

IE - HKU\S-1-5-21-1715567821-838170752-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 06:46:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/29 15:55:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 02:20:13 | 000,000,000 | ---D | M]

[2009/12/16 10:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions

[2010/05/29 20:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions

[2010/05/19 21:38:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/05/18 01:17:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\hitiqr5e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/05/29 22:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/02 02:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/04/02 02:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/04/02 02:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/04/02 02:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/28 23:04:21 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1715567821-838170752-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1715567821-838170752-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1715567821-838170752-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1715567821-838170752-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/15 19:55:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/01/19 15:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/29 04:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/05/29 04:27:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/05/29 04:26:36 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/05/29 02:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\logs2

[2010/05/29 01:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/05/29 01:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/05/29 00:47:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/05/29 00:03:17 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2010/05/29 00:00:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET

[2010/05/28 22:20:14 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/05/28 22:14:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/05/28 22:14:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/05/28 22:14:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/05/28 22:14:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/05/28 22:11:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/05/28 22:08:28 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/05/27 17:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\logs

[2010/05/27 17:16:40 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

[2010/05/26 21:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/05/26 21:29:59 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Nicholas\Desktop\HJTInstall.exe

[2010/05/26 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\wcskpvsgk

[2010/05/26 20:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/05/26 01:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\mbkupdvli

[2010/05/25 21:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/05/25 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/05/25 20:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\SUPERAntiSpyware.com

[2010/05/25 20:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/05/25 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/05/25 18:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Malwarebytes

[2010/05/25 18:35:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/25 18:35:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/25 18:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/25 18:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/21 22:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6

[2010/05/21 21:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\MSN6

[2010/05/21 11:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\SpyHunter Security Suite v3.12.31 + Crack [RH]

[2010/05/21 11:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/05/21 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/05/21 11:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\ltpeiqxis

[2010/05/21 01:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Temp

[2010/05/21 01:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Google

[2010/05/21 01:05:49 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Nicholas\Desktop\ChromeSetup.exe

[2010/05/19 21:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Yahoo

[2010/05/19 21:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Yahoo!

[2010/05/19 21:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2010/05/19 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/05/19 21:28:42 | 000,417,416 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\Nicholas\Desktop\msgr10au.exe

[2010/05/16 19:33:44 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010/05/12 12:02:02 | 000,000,000 | ---D | C] -- C:\$AVG

[2010/05/09 00:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/09 00:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/06 23:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\work

========== Files - Modified Within 30 Days ==========

[2010/05/29 22:35:49 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/05/29 22:22:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/29 22:22:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/29 22:21:53 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Nicholas\ntuser.dat

[2010/05/29 21:52:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\prvlcl.dat

[2010/05/29 17:02:34 | 005,364,852 | -H-- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\IconCache.db

[2010/05/29 13:28:00 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/05/29 13:05:10 | 060,486,014 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/29 12:59:18 | 000,090,352 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/05/29 12:58:18 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/29 06:17:49 | 000,000,647 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/29 04:32:48 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\esetsmartinstaller_enu.exe

[2010/05/29 01:16:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/05/29 00:45:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/29 00:08:44 | 000,409,140 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/05/29 00:08:44 | 000,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/29 00:08:44 | 000,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/28 23:22:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nicholas\ntuser.ini

[2010/05/28 23:04:21 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/28 22:24:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/28 22:20:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/05/28 22:04:46 | 003,700,273 | R--- | M] () -- C:\Documents and Settings\Nicholas\Desktop\ComboFix.exe

[2010/05/28 16:49:11 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\d81r422m.exe

[2010/05/28 15:03:10 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1272430941.job

[2010/05/27 17:16:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe

[2010/05/26 21:30:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\HijackThis.lnk

[2010/05/26 21:29:53 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Nicholas\Desktop\HJTInstall.exe

[2010/05/26 02:20:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/05/25 22:41:19 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/25 21:51:12 | 000,424,347 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Naboo_World_HD_1080i.jpg

[2010/05/25 20:07:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/25 18:35:09 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/25 18:25:18 | 000,001,201 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr

[2010/05/21 12:00:24 | 000,000,727 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2010/05/21 11:59:33 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk

[2010/05/21 01:05:49 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nicholas\Desktop\ChromeSetup.exe

[2010/05/19 23:52:24 | 000,020,224 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Globalization.docx

[2010/05/19 21:33:23 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo!7 Messenger.lnk

[2010/05/19 21:28:42 | 000,417,416 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Nicholas\Desktop\msgr10au.exe

[2010/05/17 09:20:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/10 18:41:17 | 000,282,624 | ---- | M] () -- C:\Documents and Settings\Nicholas\My Documents\Database1.accdb

========== Files Created - No Company Name ==========

[2010/05/29 04:32:34 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\esetsmartinstaller_enu.exe

[2010/05/29 01:16:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/05/28 22:20:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/05/28 22:20:15 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/05/28 22:14:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/05/28 22:14:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/05/28 22:14:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/05/28 22:14:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/05/28 22:14:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/05/28 22:02:41 | 003,700,273 | R--- | C] () -- C:\Documents and Settings\Nicholas\Desktop\ComboFix.exe

[2010/05/28 16:49:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\d81r422m.exe

[2010/05/26 21:30:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\HijackThis.lnk

[2010/05/25 21:51:11 | 000,424,347 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Naboo_World_HD_1080i.jpg

[2010/05/25 20:07:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/05/25 18:35:09 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/24 13:47:38 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\Nicholas\ntuser.dat

[2010/05/21 11:59:33 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk

[2010/05/19 23:08:29 | 000,020,224 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Globalization.docx

[2010/05/19 21:33:23 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo!7 Messenger.lnk

[2010/05/10 18:41:11 | 000,282,624 | ---- | C] () -- C:\Documents and Settings\Nicholas\My Documents\Database1.accdb

[2010/03/16 21:28:59 | 000,000,748 | ---- | C] () -- C:\WINDOWS\LMAAL2DD.ini

[2009/12/29 14:30:39 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2009/12/15 20:41:47 | 000,025,071 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/12/15 20:31:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/12/15 20:17:47 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/12/15 20:17:44 | 000,024,892 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/12/15 20:17:33 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/11/28 13:26:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/11/28 13:26:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/11/28 13:26:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/11/28 13:26:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/11/28 13:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

< End of report >

Link to post
Share on other sites

Can you please disable Spywarehunter and rerun the same fix as earlier? I think this program prevents the registry changes we ask OTL to make with our fix.

If you do not know how to disable it, please let me know and we will find a work around.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.