Possible Rootkit

dr. · November 23, 2010

That did it, now it acts like its going to hang up but it load with out pulling the plug

Many thanks

I'm happy for your help and many thanks for getting rid of those nasty bugs I had .

Have a Great Day

Bye...

kahdah · November 23, 2010

No problem one more thing is that a custom hosts file that you have set?

dr. · November 24, 2010

what do you mean?

kahdah · November 24, 2010

These entries here:

O1 - Hosts: 127.0.0.1 ad.de.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.dk.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.es.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.fr.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.it.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.jp.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.kr.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.linkexchange.com
O1 - Hosts: 127.0.0.1 ad.linksynergy.com
O1 - Hosts: 127.0.0.1 ad.nl.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.no.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.preferences.com
O1 - Hosts: 127.0.0.1 ad.se.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.sma.punto.net
O1 - Hosts: 127.0.0.1 ad.uk.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.webprovider.com
O1 - Hosts: 127.0.0.1 ad08.focalink.com
O1 - Hosts: 127.0.0.1 ad1.adcept.net
O1 - Hosts: 127.0.0.1 ad2.adcept.net
O1 - Hosts: 127.0.0.1 ad3.adcept.net
O1 - Hosts: 127.0.0.1 ad-adex3.flycast.com
O1 - Hosts: 127.0.0.1 adcontroller.unicast.com
O1 - Hosts: 127.0.0.1 adcreatives.imaginemedia.com
O1 - Hosts: 14900 more lines...

Did you use a custom hosts file to set these entries up or Spybot's immunization feature?

dr. · November 24, 2010

These entries here:
Did you use a custom hosts file to set these entries up or Spybot's immunization feature?

maybe, I did something with spyware bot with that, look at this.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5162

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/24/2010 10:09:59 AM

mbam-log-2010-11-24 (10-09-59).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)

Objects scanned: 211862

Time elapsed: 2 hour(s), 21 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

kahdah · November 24, 2010

You can remove that file we aren't done quite yet.

Please do the following.

* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

dr. · November 24, 2010

IE8 can't load this: http://www.eset.eu/eset-online-scanner-run?i_agree=Start

IE8 is too laggy and slow to do anything...

dr. · November 24, 2010

IE8 can't load this: http://www.eset.eu/eset-online-scanner-run?i_agree=Start
IE8 is too laggy and slow to do anything...

I guess I just let it set and see if it will do anything...

dr. · November 24, 2010

I guess I'll just let it set and see if it will do anything...

okay, nevermind it loaded anti-virus was blocking it lol

dr. · November 24, 2010

C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined

C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined

C:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined

C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined

Looks like a program on infected, can I just remove it ?

dr. · November 24, 2010

C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
Looks like a program got infected, can I just remove it ?

?

dr. · November 24, 2010

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5162

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/24/2010 3:57:38 PM

mbam-log-2010-11-24 (15-57-38).txt

Scan type: Flash scan

Objects scanned: 118307

Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

dr. · November 24, 2010

I took that program off, no big deal, it didn't really speed up anything.

dr. · November 25, 2010

Hello?

kahdah · November 25, 2010

Yeah I was busy with holiday family things and my job.

Open OTL and click on Run scan at the top and post the new log that opens.

Let me know of any remaining issues.

dr. · November 25, 2010

hope your not mad

kahdah · November 25, 2010

No I am not mad.

dr. · November 25, 2010

OTL logfile created on: 11/24/2010 9:25:06 PM - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 68.35 Gb Total Space | 51.10 Gb Free Space | 74.77% Space Free | Partition Type: NTFS

Drive D: | 465.64 Gb Total Space | 327.47 Gb Free Space | 70.33% Space Free | Partition Type: FAT32

Computer Name: YOUR-LK4RLMSU41 | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)

PRC - C:\WINDOWS\system32\S3tray2.exe (S3 Graphics, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll (Symantec Corporation)

MOD - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcr90.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcp90.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (NMIndexingService) -- File not found

SRV - (AppMgmt) -- C:\windows\System32\appmgmts.dll File not found

SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)

========== Driver Services (SafeList) ==========

DRV - (MEMSWEEP2) -- C:\windows\System32\4E6.tmp File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (nocashio) -- C:\WINDOWS\system32\drivers\nocashio.sys ()

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101124.004\NAVEX15.SYS (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101124.004\NAVENG.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101122.006\IDSXpx86.sys (Symantec Corporation)

DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys (Symantec Corporation)

DRV - (timounter) -- C:\windows\system32\DRIVERS\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\windows\system32\DRIVERS\snapman.sys (Acronis)

DRV - (tdrpman) -- C:\windows\system32\DRIVERS\tdrpman.sys (Acronis)

DRV - (SymEFA) -- C:\windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\windows\system32\drivers\NIS\1201000.025\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS (Symantec Corporation)

DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\windows\system32\drivers\NIS\1201000.025\SYMTDI.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\windows\system32\drivers\NIS\1201000.025\Ironx86.SYS (Symantec Corporation)

DRV - (SymDS) -- C:\windows\system32\drivers\NIS\1201000.025\SYMDS.SYS (Symantec Corporation)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)

DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (fasttx2k) -- C:\windows\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)

DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)

DRV - (nv_agp) -- C:\windows\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)

DRV - (SISAGP) -- C:\windows\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (viaagp1) -- C:\windows\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/11/12 11:48:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/11/12 11:46:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/10/25 14:56:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/11/17 09:39:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 23:09:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 22:49:31 | 000,000,000 | ---D | M]

[2010/11/17 23:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2010/11/17 23:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/11/24 20:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\extensions

[2010/11/17 23:36:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/17 23:10:03 | 000,002,470 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\searchplugins\safesearch.xml

[2010/11/17 22:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/11/17 22:49:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/10/27 00:10:18 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/27 00:10:20 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/10/27 00:10:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/10/26 22:49:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/26 22:49:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/26 22:49:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/26 22:49:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/26 22:49:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/26 22:49:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/26 22:49:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/11/24 03:27:00 | 000,425,140 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14672 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [s3TRAY2] C:\windows\System32\S3tray2.exe (S3 Graphics, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [NVIEW] C:\windows\System32\nview.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk.disabled ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1285986839921 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.7.255.188 65.164.201.148

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\windows\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\windows\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\windows\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\windows\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/07/24 02:29:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (sasnative32) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 21:18:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/11/24 20:00:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent

[2010/11/24 10:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street Fighter IV Original Soundtrack - Super Street Fighter II Turbo HD Remix Official Soundtrack

[2010/11/24 10:52:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Street Fighter III 3rd strike CPS3 Emulator

[2010/11/23 11:01:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/11/23 06:55:18 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2010/11/23 04:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/11/22 19:32:35 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2010/11/22 18:29:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

[2010/11/22 18:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PcSetup

[2010/11/22 00:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HHD Software

[2010/11/22 00:32:36 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\windows\System32\drivers\mcdbus.sys

[2010/11/22 00:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc

[2010/11/21 19:29:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\DBvsSF

[2010/11/21 19:28:48 | 000,000,000 | -H-D | C] -- C:\windows\PIF

[2010/11/21 05:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up

[2010/11/21 05:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE

[2010/11/21 05:20:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2010/11/21 05:19:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2010/11/21 05:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/21 02:53:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Virtualdub

[2010/11/21 02:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader

[2010/11/21 02:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files

[2010/11/21 02:01:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2010/11/21 02:01:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos

[2010/11/20 15:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities

[2010/11/18 15:59:39 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_7.dll

[2010/11/18 15:59:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_5.dll

[2010/11/18 15:59:38 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_43.dll

[2010/11/18 15:59:38 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_7.dll

[2010/11/18 15:59:37 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_43.dll

[2010/11/18 15:59:36 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_43.dll

[2010/11/18 15:59:35 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_43.dll

[2010/11/18 15:59:35 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_43.dll

[2010/11/18 15:59:34 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_6.dll

[2010/11/18 15:59:34 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_4.dll

[2010/11/18 15:59:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_6.dll

[2010/11/18 15:59:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_7.dll

[2010/11/18 15:59:31 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_5.dll

[2010/11/18 15:59:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_5.dll

[2010/11/18 15:59:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_42.dll

[2010/11/18 15:59:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_42.dll

[2010/11/18 15:59:27 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_42.dll

[2010/11/18 15:59:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_42.dll

[2010/11/18 15:59:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_42.dll

[2010/11/18 15:59:24 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_41.dll

[2010/11/18 15:59:24 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_41.dll

[2010/11/18 15:59:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_41.dll

[2010/11/18 15:59:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_4.dll

[2010/11/18 15:59:22 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_3.dll

[2010/11/18 15:59:21 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_4.dll

[2010/11/18 15:59:21 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_6.dll

[2010/11/18 15:59:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_40.dll

[2010/11/18 15:59:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_40.dll

[2010/11/18 15:59:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_40.dll

[2010/11/18 15:59:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_3.dll

[2010/11/18 15:59:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_2.dll

[2010/11/18 15:59:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_3.dll

[2010/11/18 15:59:16 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_5.dll

[2010/11/18 15:59:15 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_2.dll

[2010/11/18 15:59:15 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_1.dll

[2010/11/18 15:59:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_2.dll

[2010/11/18 15:59:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_39.dll

[2010/11/18 15:59:13 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_39.dll

[2010/11/18 15:59:13 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_39.dll

[2010/11/18 15:59:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_1.dll

[2010/11/18 15:59:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_1.dll

[2010/11/18 15:59:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_0.dll

[2010/11/18 15:59:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_4.dll

[2010/11/18 15:59:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_38.dll

[2010/11/18 15:59:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_38.dll

[2010/11/18 15:59:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_38.dll

[2010/11/18 15:59:07 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_0.dll

[2010/11/18 15:59:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_0.dll

[2010/11/18 15:59:05 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_3.dll

[2010/11/18 15:59:04 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_37.dll

[2010/11/18 15:59:04 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_37.dll

[2010/11/18 15:59:03 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_37.dll

[2010/11/18 15:59:02 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_10.dll

[2010/11/18 15:59:01 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_36.dll

[2010/11/18 15:59:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_36.dll

[2010/11/18 15:59:00 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_36.dll

[2010/11/18 15:58:58 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_9.dll

[2010/11/18 15:58:57 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_35.dll

[2010/11/18 15:58:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_35.dll

[2010/11/18 15:58:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_35.dll

[2010/11/18 15:58:55 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_8.dll

[2010/11/18 15:58:55 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_2.dll

[2010/11/18 15:58:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_34.dll

[2010/11/18 15:58:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_34.dll

[2010/11/18 15:58:53 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_34.dll

[2010/11/18 15:58:50 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_7.dll

[2010/11/18 15:58:44 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_33.dll

[2010/11/18 15:58:44 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_33.dll

[2010/11/18 15:58:38 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_33.dll

[2010/11/18 15:58:37 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_6.dll

[2010/11/18 15:58:35 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_5.dll

[2010/11/18 15:58:34 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_32.dll

[2010/11/18 15:58:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_4.dll

[2010/11/18 15:58:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_1.dll

[2010/11/18 15:58:31 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_31.dll

[2010/11/18 15:58:30 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_3.dll

[2010/11/18 15:58:29 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_2.dll

[2010/11/18 15:58:28 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_2.dll

[2010/11/18 15:58:27 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_1.dll

[2010/11/18 15:58:25 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_1.dll

[2010/11/18 15:58:20 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_0.dll

[2010/11/18 15:58:20 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_0.dll

[2010/11/18 15:58:19 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_29.dll

[2010/11/18 15:58:18 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput9_1_0.dll

[2010/11/18 15:58:17 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_27.dll

[2010/11/18 15:58:15 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_26.dll

[2010/11/18 15:58:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_25.dll

[2010/11/18 15:58:12 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_24.dll

[2010/11/18 15:54:20 | 000,000,000 | ---D | C] -- C:\windows\Logs

[2010/11/17 23:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics

[2010/11/17 23:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics

[2010/11/17 23:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla

[2010/11/17 23:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla

[2010/11/17 22:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/11/17 21:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX

[2010/11/17 21:05:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\dreamcast

[2010/11/17 20:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads

[2010/11/17 20:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Registry Mechanic

[2010/11/17 18:24:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\SNES ROMS

[2010/11/17 17:57:51 | 000,016,184 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\ROBoot.exe

[2010/11/17 17:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Systweak

[2010/11/17 17:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Systweak

[2010/11/17 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories

[2010/11/17 11:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert

[2010/11/16 20:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip

[2010/11/16 20:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/11/16 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2010/11/16 19:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\DFX

[2010/11/16 19:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\DFX

[2010/11/16 19:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DFX

[2010/11/16 19:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DFX

[2010/11/16 13:13:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Super Nintendo

[2010/11/16 11:40:33 | 000,000,000 | ---D | C] -- C:\windows\System32\XPSViewer

[2010/11/16 11:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2010/11/16 11:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2010/11/16 11:39:32 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll

[2010/11/16 11:39:31 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpssvcs.dll

[2010/11/16 11:39:31 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpssvcs.dll

[2010/11/16 11:39:31 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\printfilterpipelinesvc.exe

[2010/11/16 11:39:31 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpsshhdr.dll

[2010/11/16 11:39:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\filterpipelineprintproc.dll

[2010/11/16 11:39:30 | 000,000,000 | ---D | C] -- C:\c2abe63ea84c83266ac191

[2010/11/16 10:32:41 | 000,000,000 | ---D | C] -- C:\0ac34ef71f547cdfb08e67

[2010/11/16 10:32:25 | 000,000,000 | ---D | C] -- C:\56e44aa85a13a069f62108561b886a

[2010/11/16 01:18:15 | 000,043,952 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SymIM.sys

[2010/11/16 01:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/15 23:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2010/11/15 23:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/15 23:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Readon_Technology

[2010/11/15 23:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Readon Player

[2010/11/15 22:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/11/15 22:28:39 | 000,000,000 | ---D | C] -- C:\windows\Sun

[2010/11/15 17:37:53 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsgXP_2k3.dll

[2010/11/15 17:29:25 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WdfCoInstaller01007.dll

[2010/11/15 17:29:25 | 000,062,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\xusb21.sys

[2010/11/15 17:29:25 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE

[2010/11/15 17:29:14 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_3.dll

[2010/11/14 21:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Acronis

[2010/11/14 21:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2010/11/14 21:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server

[2010/11/14 19:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FFOutput

[2010/11/14 19:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime

[2010/11/13 02:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\mkv2vob

[2010/11/13 01:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo

[2010/11/13 01:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!

[2010/11/13 01:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2010/11/13 00:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/11/12 20:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/11/12 17:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Vso

[2010/11/12 17:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\VSO

[2010/11/12 16:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/11/12 16:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\JRE

[2010/11/12 16:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2010/11/12 16:36:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe

[2010/11/12 16:36:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe

[2010/11/12 16:36:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe

[2010/11/12 12:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific

[2010/11/12 12:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec

[2010/11/12 11:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec

[2010/11/12 11:47:14 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS

[2010/11/12 11:47:14 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL

[2010/11/12 11:47:02 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.sys

[2010/11/12 11:47:02 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.sys

[2010/11/12 11:47:02 | 000,369,072 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symtdi.sys

[2010/11/12 11:47:02 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.sys

[2010/11/12 11:47:02 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symtdiv.sys

[2010/11/12 11:47:02 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symnets.sys

[2010/11/12 11:47:02 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\Ironx86.sys

[2010/11/12 11:47:02 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.sys

[2010/11/12 11:46:44 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS

[2010/11/12 11:46:44 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1201000.025

[2010/11/12 11:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar

[2010/11/12 11:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security

[2010/11/12 11:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2010/11/12 11:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2010/11/12 11:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton

[2010/11/12 11:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2010/11/12 11:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/12 11:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/11/12 11:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe

[2010/11/12 11:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt

[2010/11/12 10:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TrueCrypt

[2010/11/12 10:51:51 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\windows\System32\drivers\truecrypt.sys

[2010/11/12 10:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt

[2010/11/12 00:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic

[2010/11/12 00:16:39 | 000,156,672 | ---- | C] (Radioactive) -- C:\windows\System32\rmc_fixasf.exe

[2010/11/12 00:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\mdnslib

[2010/11/12 00:12:44 | 000,000,000 | ---D | C] -- C:\windows\Applian Director

[2010/11/12 00:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Director

[2010/11/12 00:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FLVService

[2010/11/12 00:12:19 | 000,000,000 | ---D | C] -- C:\windows\Replay Media Catcher

[2010/11/11 23:41:42 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\mp3fhg.acm

[2010/11/11 23:41:41 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll

[2010/11/11 23:41:41 | 000,151,552 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm

[2010/11/11 23:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010/11/11 23:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hoo Technologies

[2010/11/11 22:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/11/11 21:26:30 | 000,933,888 | ---- | C] (Adroit Technologies) -- C:\windows\System32\SmartTabs29.ocx

[2010/11/11 21:26:30 | 000,221,184 | ---- | C] (RSP Software - http://rspsoftware.clic3.net) -- C:\windows\System32\rspencr330.ocx

[2010/11/11 21:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR

[2010/11/11 19:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Symantec

[2010/10/27 04:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2010/10/26 13:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Acronis

[2010/10/26 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn

[2010/10/26 11:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn

[2010/10/26 11:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2010/10/26 11:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead

[2010/10/26 11:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe

[2010/10/26 08:46:49 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc42.dll

[2010/10/26 08:46:49 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40u.dll

[2010/10/26 08:46:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\comctl32.dll

========== Files - Modified Within 30 Days ==========

[2010/11/24 21:18:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/11/24 20:03:39 | 000,000,412 | ---- | M] () -- C:\windows\tasks\Symantec NetDetect.job

[2010/11/24 20:03:21 | 000,000,408 | ---- | M] () -- C:\windows\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

[2010/11/24 20:02:57 | 000,001,395 | ---- | M] () -- C:\windows\System\hpsysdrv.DAT

[2010/11/24 20:01:47 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2010/11/24 20:01:45 | 2130,235,392 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/24 18:00:40 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/24 16:35:59 | 1667,017,988 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GoodStuff.zip

[2010/11/24 03:27:00 | 000,425,140 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts

[2010/11/23 13:38:01 | 000,425,140 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20101124-032700.backup

[2010/11/23 08:02:36 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20101123-133801.backup

[2010/11/22 18:29:09 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

[2010/11/22 18:29:09 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat

[2010/11/22 18:29:09 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf

[2010/11/22 01:32:43 | 000,004,096 | ---- | M] () -- C:\windows\System32\drivers\nocashio.sys

[2010/11/22 00:40:13 | 000,002,310 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk

[2010/11/22 00:40:13 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hex Editor Neo.lnk

[2010/11/22 00:32:50 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk.disabled

[2010/11/22 00:32:49 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MagicDisc.lnk

[2010/11/21 05:20:13 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/21 02:37:08 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk

[2010/11/18 15:58:37 | 000,752,944 | ---- | M] () -- C:\windows\System32\drivers\NIS\1201000.025\Cat.DB

[2010/11/17 23:50:05 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk

[2010/11/17 23:50:04 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Auslogics BoostSpeed.lnk

[2010/11/17 23:09:12 | 000,000,000 | ---- | M] () -- C:\windows\nsreg.dat

[2010/11/17 22:49:42 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/17 22:49:42 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/17 18:01:42 | 000,002,576 | ---- | M] () -- C:\windows\System32\ASOROSet.bin

[2010/11/17 09:37:09 | 000,502,724 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2010/11/17 09:37:09 | 000,087,682 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2010/11/16 20:39:50 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk

[2010/11/16 12:25:32 | 000,153,976 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2010/11/15 17:39:53 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf

[2010/11/15 17:39:50 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2010/11/15 17:26:28 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2010/11/14 21:23:23 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/11/14 19:18:37 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Format Factory.lnk

[2010/11/13 02:15:54 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mkv2vob.lnk

[2010/11/13 01:01:54 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2010/11/13 01:01:54 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2010/11/12 20:26:03 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml

[2010/11/12 16:38:37 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk

[2010/11/12 11:47:14 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS

[2010/11/12 11:47:14 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL

[2010/11/12 11:47:14 | 000,007,456 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT

[2010/11/12 11:47:14 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF

[2010/11/12 11:47:04 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK

[2010/11/12 11:24:48 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/11/12 11:24:48 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/12 11:24:48 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

[2010/11/12 11:20:54 | 000,009,275 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20101112-093003.backup

[2010/11/12 10:51:53 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk

[2010/11/12 10:51:51 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\windows\System32\drivers\truecrypt.sys

[2010/11/12 01:39:12 | 000,237,568 | ---- | M] () -- C:\windows\System32\rmc_rtspdl.dll

[2010/11/12 01:39:12 | 000,156,672 | ---- | M] (Radioactive) -- C:\windows\System32\rmc_fixasf.exe

[2010/11/11 23:41:47 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Media Player Classic.lnk

[2010/11/11 23:38:33 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WAV MP3 Converter.lnk

[2010/11/11 22:37:56 | 000,019,734 | ---- | M] () -- C:\windows\System32\oemlogo.bmp

[2010/11/11 22:37:56 | 000,000,431 | ---- | M] () -- C:\windows\System32\oeminfo.ini

[2010/11/11 22:12:11 | 000,000,463 | ---- | M] () -- C:\windows\txp-lcn.ini

[2010/11/11 22:06:22 | 000,000,103 | ---- | M] () -- C:\windows\_vmtxp.ini

[2010/11/11 21:55:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2010/11/11 20:49:27 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2010/11/11 20:49:27 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk

[2010/10/26 11:53:22 | 000,000,608 | ---- | M] () -- C:\windows\QUICKEN.INI

[2010/10/26 11:25:27 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/26 11:25:27 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ImgBurn.lnk

========== Files Created - No Company Name ==========

[2010/11/24 16:35:59 | 1667,017,988 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GoodStuff.zip

[2010/11/22 19:43:51 | 2130,235,392 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/22 18:29:10 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log

[2010/11/22 18:29:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat

[2010/11/22 18:29:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf

[2010/11/22 01:32:43 | 000,004,096 | ---- | C] () -- C:\windows\System32\drivers\nocashio.sys

[2010/11/22 00:40:13 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk

[2010/11/22 00:40:13 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hex Editor Neo.lnk

[2010/11/22 00:32:50 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk.disabled

[2010/11/22 00:32:49 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MagicDisc.lnk

[2010/11/21 05:20:13 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/21 02:37:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk

[2010/11/17 23:50:48 | 000,000,408 | ---- | C] () -- C:\windows\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

[2010/11/17 23:50:04 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk

[2010/11/17 23:50:04 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Auslogics BoostSpeed.lnk

[2010/11/17 23:09:12 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat

[2010/11/17 22:49:42 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/17 22:49:42 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/17 17:57:51 | 000,002,576 | ---- | C] () -- C:\windows\System32\ASOROSet.bin

[2010/11/16 20:39:50 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk

[2010/11/15 17:39:53 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf

[2010/11/15 17:39:50 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2010/11/14 21:23:22 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/11/14 19:18:37 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Format Factory.lnk

[2010/11/13 02:15:52 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mkv2vob.lnk

[2010/11/13 01:01:54 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2010/11/13 01:01:54 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2010/11/12 17:46:21 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml

[2010/11/12 16:38:37 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk

[2010/11/12 11:47:20 | 000,752,944 | ---- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\Cat.DB

[2010/11/12 11:47:14 | 000,007,456 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT

[2010/11/12 11:47:14 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF

[2010/11/12 11:47:04 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK

[2010/11/12 11:46:45 | 000,003,373 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.inf

[2010/11/12 11:46:45 | 000,002,792 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.inf

[2010/11/12 11:46:45 | 000,001,473 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNetV.inf

[2010/11/12 11:46:45 | 000,001,445 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNet.inf

[2010/11/12 11:46:45 | 000,001,389 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.inf

[2010/11/12 11:46:45 | 000,001,383 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.inf

[2010/11/12 11:46:45 | 000,000,741 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\Iron.inf

[2010/11/12 11:46:44 | 000,007,787 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\symnetv.cat

[2010/11/12 11:46:44 | 000,007,446 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNet.cat

[2010/11/12 11:46:44 | 000,007,444 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.cat

[2010/11/12 11:46:44 | 000,007,442 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.cat

[2010/11/12 11:46:44 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.cat

[2010/11/12 11:46:44 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.cat

[2010/11/12 11:46:44 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\iron.cat

[2010/11/12 11:46:44 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\isolate.ini

[2010/11/12 11:24:48 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/11/12 11:24:48 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/12 11:24:48 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

[2010/11/12 10:51:53 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk

[2010/11/12 00:16:38 | 000,237,568 | ---- | C] () -- C:\windows\System32\rmc_rtspdl.dll

[2010/11/11 23:41:47 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Media Player Classic.lnk

[2010/11/11 23:41:45 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll

[2010/11/11 23:41:44 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini

[2010/11/11 23:41:41 | 000,790,528 | ---- | C] () -- C:\windows\System32\xvidcore.dll

[2010/11/11 23:41:40 | 000,134,144 | ---- | C] () -- C:\windows\System32\xvidvfw.dll

[2010/11/11 23:41:40 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll

[2010/11/11 23:38:33 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WAV MP3 Converter.lnk

[2010/11/11 22:12:11 | 000,000,463 | ---- | C] () -- C:\windows\txp-lcn.ini

[2010/11/11 22:06:08 | 000,000,103 | ---- | C] () -- C:\windows\_vmtxp.ini

[2010/11/11 21:55:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2010/10/26 13:11:08 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/26 11:25:27 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/26 11:25:27 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ImgBurn.lnk

[2010/10/01 20:49:03 | 000,067,630 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin

[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\windows\System32\vuins32.dll

[2003/07/26 04:17:16 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini

[2003/07/26 04:16:43 | 000,000,000 | ---- | C] () -- C:\windows\System32\iAlmcoin.dll

[2003/07/26 02:57:44 | 000,000,051 | ---- | C] () -- C:\windows\System32\mshrml.ini

[2003/07/24 04:05:31 | 000,167,936 | ---- | C] () -- C:\windows\System32\PCDrJNI_1_1.dll

[2003/07/24 04:02:11 | 000,025,438 | ---- | C] () -- C:\windows\System32\CHODDI.SYS

[2003/07/24 04:01:47 | 000,024,576 | ---- | C] () -- C:\windows\System32\syscontr.dll

[2003/07/24 04:01:15 | 000,045,056 | ---- | C] () -- C:\windows\System32\hpreg.dll

[2003/07/24 03:47:54 | 000,000,052 | ---- | C] () -- C:\windows\intuprof.ini

[2003/07/24 03:47:40 | 000,000,608 | ---- | C] () -- C:\windows\QUICKEN.INI

[2003/07/24 03:19:54 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini

[2003/07/24 02:52:31 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll

[2003/07/24 02:44:55 | 000,299,073 | ---- | C] () -- C:\windows\System32\PythonCOM22.dll

[2003/07/24 02:44:55 | 000,065,536 | ---- | C] () -- C:\windows\System32\PyWinTypes22.dll

[2003/07/24 02:44:37 | 000,016,896 | ---- | C] () -- C:\windows\System32\bcbmm.dll

[2003/07/24 02:32:33 | 000,000,802 | ---- | C] () -- C:\windows\orun32.ini

[2003/07/24 02:18:12 | 000,000,431 | ---- | C] () -- C:\windows\System32\oeminfo.ini

[2003/07/23 23:46:21 | 000,000,438 | ---- | C] () -- C:\windows\System32\1_ssetup.ini

[2003/07/23 23:46:21 | 000,000,000 | ---- | C] () -- C:\windows\System32\sunistlog.ini

[2003/07/23 19:22:12 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI

========== LOP Check ==========

[2010/10/02 07:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2010/10/01 20:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2010/11/16 19:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX

[2010/10/26 11:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2010/11/21 04:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak

[2010/11/24 20:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/12 11:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt

[2010/11/12 20:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/11/16 20:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/10/26 13:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis

[2010/11/17 23:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics

[2010/10/26 11:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn

[2010/10/25 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute

[2010/11/12 16:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/10/02 06:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera

[2010/11/17 20:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Registry Mechanic

[2003/07/24 04:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2010/11/21 04:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Systweak

[2010/11/12 12:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific

[2010/11/12 11:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TrueCrypt

[2010/11/14 21:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2010/11/22 18:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso

[2010/11/24 20:03:21 | 000,000,408 | ---- | M] () -- C:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:??????????

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

dr. · November 25, 2010

Issues- Slow Start up, task bar-glitches on start up, IE8- Is still nearly unstable not very usable.

The OS seems stable, no-blue screens yet, I've only had the system crash one time and thats when I was trying to run Gmer.

Norton seems to acting as a resource HOG, but not really stopping anything bad, Norton isn't very good is it?

kahdah · November 25, 2010

Norton isn't very good in my opinion.

Please explain the task bar-glitches on start up.

For the slow startup please do the following:

Go to start > Run type in cmd then hit ok.

In the command prompt window type in chkdsk /r c: then hit enter.

Hit Y when prompted to do the check on restart.

Then restart the system.

Let it run through it's process and let me know if that helps.

========

Also for IE try resetting it back to defaults:

Open IE go to Tools >Internet Options > Advanced then click on the Reset button.

Let it go through it's process and see if it works better after that.

dr. · November 25, 2010

Norton isn't very good in my opinion.
Please explain the task bar-glitches on start up.
For the slow startup please do the following:
Go to start > Run type in cmd then hit ok.
In the command prompt window type in chkdsk /r c: then hit enter.
Hit Y when prompted to do the check on restart.
Then restart the system.
Let it run through it's process and let me know if that helps.
========
Also for IE try resetting it back to defaults:
Open IE go to Tools >Internet Options > Advanced then click on the Reset button.
Let it go through it's process and see if it works better after that.

I think, that did it..

Everything seems fine now.

dr. · November 25, 2010

Thanks for all your help

I'll try and donate, soon..

Thanks again.

kahdah · November 26, 2010

You are welcome and safe surfing :angry:

======Next======

Double click on OTL to run it.
Click on the Cleanup button at the top.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
Scroll down to where it says "(JRE) then click on it
Click the "Download" button to the right.
Select your Platform: "Windows".
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "Accept License Agreement".
Click Continue and the page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Possible Rootkit

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information