[Resolved] need help
#16
Posted 13 April 2009 - 07:00 PM
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
Register to Remove
#17
Posted 13 April 2009 - 10:51 PM
OTListIt logfile created on: 4/13/2009 11:31:50 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.86 Gb Total Space | 75.21 Gb Free Space | 41.35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 4.43 Gb Total Space | 2.25 Gb Free Space | 50.64% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: THANKYOUBABY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe ()
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ForcewareWebInterface [Auto | Stopped]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (gupdate1c9ac1250fbe3e6 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (ioloSystemService [On_Demand | Stopped]) -- File not found
SRV - (IOLO_SRV [On_Demand | Stopped]) -- File not found
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LMIMaint [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn [Auto | Running]) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
SRV - (nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PrismXL [Auto | Running]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (RUBotted [Auto | Stopped]) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
SRV - (Security Activity Dashboard Service [Auto | Stopped]) -- File not found
SRV - (TomTomHOMEService [Auto | Running]) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc [Auto | Running]) -- C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
SRV - (uploadmgr [Auto | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (usnjsvc [Auto | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (VideoAcceleratorService [Auto | Running]) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (wwEngineSvc [Auto | Running]) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (EPSON_PM_RPCV4_01 [Auto | Running]) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ElbyCDFL [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (FileDisk [System | Running]) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LMIInfo [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaInfo.sys (LogMeIn, Inc.)
DRV - (lmimirr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lmimirr.sys (LogMeIn, Inc.)
DRV - (LMIRfsClientNP [Disabled | Stopped]) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver [Auto | Running]) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (Maplom [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\maplom.sys (SlySoft Inc.)
DRV - (MaplomL [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\maploml.sys (SlySoft Inc.)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\NPF.sys (CACE Technologies)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (scrcap [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\scrcap.sys (ZD Soft)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SRS_SSCFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys ()
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tbhsd [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (TMPassthru [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TMPassthru.sys (Trend Micro Inc.)
DRV - (TMPassthruMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\TMPassthru.sys (Trend Micro Inc.)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {9F0A1038-4327-4E22-A81F-00A8DF778F0B}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {1a71246c-3eb0-4d6c-af77-3ab756017c3a}:1.5.48.2
FF - prefs.js..extensions.enabledItems: {60270dc7-9ea0-472f-9b77-66652c06246e}:1.5.39.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\PROGRAM FILES\TREND MICRO\TRENDSECURE\TISPROTOOLBAR\FIREFOXEXTENSION
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/04 21:21:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/29 16:09:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/29 14:40:18 | 00,000,000 | ---D | M]
[2008/12/26 01:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/10/21 21:43:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/26 01:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\home2@tomtom.com
[2009/04/13 11:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\82i9g6hb.default\extensions
[2009/03/01 14:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\82i9g6hb.default\extensions\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}
[2009/03/02 13:41:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\82i9g6hb.default\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}
[2009/03/05 19:05:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\82i9g6hb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/13 11:32:42 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\82i9g6hb.default\searchplugins\btjunkie.xml
[2009/01/15 10:23:20 | 00,000,878 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\82i9g6hb.default\searchplugins\conduit.xml
[2009/04/13 11:32:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/29 14:40:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/11 13:04:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{9F0A1038-4327-4E22-A81F-00A8DF778F0B}
[2009/02/04 21:21:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/29 14:40:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/29 14:40:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/06/15 10:35:00 | 00,000,914 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SpeedBitPlus Toolbar) - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBitPlus Toolbar) - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {60270DC7-9EA0-472F-9B77-66652C06246E} - C:\Program Files\SpeedBitPlus\tbSpe1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {60270DC7-9EA0-472F-9B77-66652C06246E} - C:\Program Files\SpeedBitPlus\tbSpe1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [nTrayFw] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE" ()
O4 - HKLM..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE" (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Synchronization Agent] "C:\Program Files\Sync Manager\agent\syncagent.exe" -reportwithlogfile File not found
O4 - HKLM..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" (Trend Micro Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O15 - HKLM\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Sites: //@signup.mar@ ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 237 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - H:\autorun.inf File not found - [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\*.tmp files]
[8208/10/29 13:48:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[8208/10/29 13:48:25 | 02,874,184 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\EASetup.exe
[8208/10/29 13:03:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[8208/10/29 12:58:17 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
[8208/10/29 12:21:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\DNA
[8208/10/29 12:21:20 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[8208/10/29 12:21:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DNA
[8208/10/29 09:21:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[8208/10/29 09:20:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[8208/10/29 09:20:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[8208/10/29 09:20:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/04/13 23:30:23 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/04/13 16:07:08 | 13,593,784 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2009/04/13 15:58:26 | 30,864,05632 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/13 15:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\desktop
[2009/04/13 15:45:53 | 00,080,024 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SDFix.exe
[2009/04/13 15:42:51 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/13 14:23:42 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/13 13:35:20 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/13 13:28:00 | 00,672,331 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\PREGNANCY report.pdf
[2009/04/12 22:07:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ConvertXtoDVD
[2009/04/12 21:58:53 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2009/04/12 21:58:53 | 00,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009/04/12 21:58:52 | 01,645,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\gdiplus.dll
[2009/04/12 01:20:51 | 00,013,693 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ComboFix 09.docx
[2009/04/11 15:48:53 | 00,219,648 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/04/11 15:48:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/11 15:48:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/11 15:48:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/11 15:48:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/11 15:48:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/11 15:48:53 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/11 15:48:53 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/11 15:48:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/11 15:46:56 | 03,081,643 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/04/11 14:08:58 | 00,000,155 | ---- | C] () -- C:\WINDOWS\System32\SelfDel.bat
[2009/04/11 14:08:50 | 00,084,045 | ---- | C] () -- C:\WINDOWS\System32\ftp_non_crp.exe
[2009/04/11 13:53:52 | 00,109,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\e3d7dc26.sys
[2009/04/11 13:29:01 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/11 13:03:30 | 00,125,440 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\CheckForUpdates.exe
[2009/04/11 13:03:23 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\codecsetup3956.exe
[2009/04/11 02:09:39 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/04/10 12:47:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\The Unborn 2009 R5 LINE-Secretmyth (Kingdom-Release)
[2009/04/10 12:41:14 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/09 17:58:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/04/09 17:58:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2009/04/06 15:39:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MOVAVI
[2009/04/06 15:39:27 | 00,004,984 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hsqvmxbo.uxh
[2009/04/06 15:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\Movavi Video Editor 4
[2009/04/06 15:37:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2009/04/06 15:15:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/04/06 15:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\Video Enhancer
[2009/04/05 01:51:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Tunebite
[2009/04/05 01:49:47 | 00,000,000 | ---D | C] -- C:\Program Files\PixiePack Codec Pack
[2009/04/05 01:48:18 | 00,026,784 | ---- | C] (RapidSolution Software AG) -- C:\WINDOWS\System32\drivers\tbhsd.sys
[2009/04/05 01:48:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tunebite
[2009/04/05 01:47:41 | 00,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2009/04/05 01:47:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/04/02 00:20:57 | 00,019,310 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0402090013.jpg
[2009/03/31 20:14:41 | 00,012,366 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0331092010a.jpg
[2009/03/31 19:07:55 | 00,272,852 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0331091858.jpg
[2009/03/29 03:50:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/03/27 00:05:40 | 00,351,058 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\4144552.jpg
[2009/03/26 23:59:28 | 00,306,736 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0326091902.jpg
[2009/03/26 23:57:42 | 00,280,533 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0326091903a.jpg
[2009/03/26 23:55:47 | 00,345,005 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0326091904.jpg
[2009/03/26 23:54:19 | 00,312,434 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0326091904a.jpg
[2009/03/26 23:52:19 | 00,214,640 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0326091905.jpg
[2009/03/26 23:51:42 | 00,286,961 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0326091906.jpg
[2009/03/26 23:50:38 | 00,479,792 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0326092211.jpg
[2009/03/26 23:28:49 | 00,257,053 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0326092210.jpg
[2009/03/23 19:54:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/03/23 19:51:44 | 00,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/03/23 19:44:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/03/23 19:44:53 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/23 19:08:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn
[2009/03/23 19:08:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/03/23 19:08:22 | 00,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2009/03/23 19:08:21 | 00,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2009/03/23 19:08:21 | 00,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2009/03/23 19:07:39 | 00,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2009/03/23 19:07:35 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/03/23 19:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2009/03/23 12:23:02 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2009/03/21 00:07:55 | 00,140,127 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\0321090006.jpg
[2009/03/20 23:46:04 | 00,976,204 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\7 Specialised Training.pdf
[2009/03/20 19:37:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\medialink
[2009/03/16 12:14:07 | 00,000,027 | ---- | C] () -- C:\WINDOWS\System32\mcheck.mhf
[2009/03/16 12:13:46 | 00,037,312 | ---- | C] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maplom.sys
[2009/03/16 12:13:46 | 00,036,288 | ---- | C] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maploml.sys
[2009/03/15 19:50:51 | 00,058,812 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\-2.jpg
[2009/03/15 19:50:51 | 00,058,390 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\-4.jpg
[2009/03/15 19:50:51 | 00,056,927 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\-5.jpg
[2009/03/15 19:50:51 | 00,056,063 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\-1.jpg
[2009/03/15 19:50:51 | 00,053,724 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\-3.jpg
[2009/03/15 19:50:51 | 00,051,757 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\-6.jpg
[2009/03/15 19:50:51 | 00,049,984 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\-7.jpg
[2009/03/15 19:50:51 | 00,048,810 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\image001.jpg
[2009/03/15 19:50:51 | 00,042,423 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\-9.jpg
[2009/03/15 19:50:51 | 00,041,682 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\-8.jpg
[2009/03/15 19:50:51 | 00,024,765 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\-10.jpg
[2009/03/15 19:17:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\msxver64.sqr
[2009/03/15 19:16:12 | 00,000,000 | ---D | C] -- C:\Program Files\Sync Manager
[2008/12/12 15:25:56 | 03,747,840 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28_core_gcc__.dll
[2008/12/12 15:25:56 | 01,586,176 | ---- | C] () -- C:\WINDOWS\System32\wxbase28_gcc__.dll
[2008/12/12 15:25:56 | 00,404,550 | ---- | C] () -- C:\WINDOWS\System32\libpng12-0.dll
[2008/12/12 15:25:56 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2008/12/12 15:25:56 | 00,143,070 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll
[2008/12/11 16:38:34 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/11/29 22:47:44 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/11/09 13:13:33 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/09 13:13:32 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/02 16:11:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Terror Behind the Walls.ini
[2008/11/02 16:10:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ESP Present Day.ini
[2008/11/02 16:07:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ESP Historic.ini
[2008/10/31 17:26:37 | 00,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2008/10/31 17:26:37 | 00,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2008/10/31 17:26:37 | 00,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2008/10/31 17:26:37 | 00,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2008/10/31 09:29:42 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/29 16:21:01 | 00,000,432 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2008/10/29 15:14:11 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\iavlsp.dll
[2008/10/26 11:05:59 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/25 16:35:37 | 00,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/10/25 16:35:37 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/10/25 16:35:17 | 00,428,904 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/10/23 21:25:41 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/23 20:54:53 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/10/23 20:54:53 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\4F43AA00A7.sys
[2008/10/23 00:29:32 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/10/23 00:28:16 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/10/23 00:26:05 | 00,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX580.ini
[2008/10/22 21:46:43 | 00,000,379 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/21 22:49:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/21 20:48:26 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/09/19 17:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 17:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/01/09 16:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/11/14 15:37:26 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/23 19:30:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/28 18:54:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 18:52:18 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/08/08 05:59:46 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/03/14 20:14:12 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/14 20:14:12 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/14 20:14:11 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/14 20:14:10 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/14 20:14:09 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/14 20:14:09 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/08/27 06:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 00,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 00,000,488 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:21 | 00,001,038 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/26 12:12:17 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/07/05 06:00:00 | 00,075,232 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\*.tmp files]
[8208/10/29 13:48:30 | 02,874,184 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\EASetup.exe
[8208/10/29 12:58:24 | 33,180,5736 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
[8208/10/29 12:44:11 | 00,250,032 | RHS- | M] () -- C:\ntldr
[8208/10/29 09:14:34 | 00,072,568 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/13 23:32:55 | 00,109,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\e3d7dc26.sys
[2009/04/13 23:30:25 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/04/13 23:00:00 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/04/13 22:46:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/04/13 19:47:50 | 00,000,135 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/04/13 19:31:06 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/13 16:33:55 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-80318808-1749694936-3363987519-1003.job
[2009/04/13 16:13:16 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2009/04/13 16:13:15 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/13 16:13:01 | 00,194,742 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/13 16:12:59 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/13 16:12:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/13 16:12:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 16:12:53 | 30,864,05632 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/13 16:07:08 | 13,593,784 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2009/04/13 15:52:13 | 13,379,732 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/13 15:45:53 | 00,080,024 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SDFix.exe
[2009/04/13 13:46:27 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/13 13:35:04 | 03,081,643 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/04/13 13:28:05 | 00,237,056 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Thumbs.db
[2009/04/13 13:28:00 | 00,672,331 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PREGNANCY report.pdf
[2009/04/13 13:27:39 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2009/04/13 02:03:52 | 00,006,144 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/12 21:58:58 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/04/12 21:58:58 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2009/04/12 21:58:58 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2009/04/12 21:58:58 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2009/04/12 01:20:51 | 00,013,693 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ComboFix 09.docx
[2009/04/11 14:08:58 | 00,000,155 | ---- | M] () -- C:\WINDOWS\System32\SelfDel.bat
[2009/04/11 14:08:56 | 00,084,045 | ---- | M] () -- C:\WINDOWS\System32\ftp_non_crp.exe
[2009/04/11 13:31:03 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/11 13:29:01 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/11 13:03:39 | 00,125,440 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\CheckForUpdates.exe
[2009/04/11 13:03:27 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\codecsetup3956.exe
[2009/04/10 12:00:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\msxver64.sqr
[2009/04/06 15:39:27 | 00,004,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hsqvmxbo.uxh
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/02 00:20:57 | 00,019,310 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0402090013.jpg
[2009/03/31 20:14:41 | 00,012,366 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0331092010a.jpg
[2009/03/31 19:56:40 | 00,272,852 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0331091858.jpg
[2009/03/30 01:20:50 | 00,000,089 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/03/27 10:03:00 | 01,724,416 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/03/27 10:03:00 | 01,657,376 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2009/03/27 10:03:00 | 01,503,232 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2009/03/27 10:03:00 | 01,346,080 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/03/27 10:03:00 | 01,101,824 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/03/27 10:03:00 | 00,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2009/03/27 10:03:00 | 00,449,056 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/03/27 10:03:00 | 00,436,768 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2009/03/27 10:03:00 | 00,215,465 | ---- | M] () -- C:\WINDOWS\System32\nvapps.nvb
[2009/03/27 10:03:00 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2009/03/27 10:03:00 | 00,019,054 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/03/27 00:07:51 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/03/27 00:05:40 | 00,351,058 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\4144552.jpg
[2009/03/26 23:59:28 | 00,306,736 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0326091902.jpg
[2009/03/26 23:57:42 | 00,280,533 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0326091903a.jpg
[2009/03/26 23:55:47 | 00,345,005 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0326091904.jpg
[2009/03/26 23:54:19 | 00,312,434 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0326091904a.jpg
[2009/03/26 23:52:19 | 00,214,640 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0326091905.jpg
[2009/03/26 23:51:42 | 00,286,961 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0326091906.jpg
[2009/03/26 23:50:38 | 00,479,792 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0326092211.jpg
[2009/03/26 23:28:49 | 00,257,053 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0326092210.jpg
[2009/03/24 19:17:41 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/23 19:07:36 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/03/21 00:07:55 | 00,140,127 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\0321090006.jpg
[2009/03/20 23:46:04 | 00,976,204 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\7 Specialised Training.pdf
[2009/03/16 12:14:07 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\mcheck.mhf
[2009/03/15 19:50:51 | 00,058,812 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\-2.jpg
[2009/03/15 19:50:51 | 00,058,390 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\-4.jpg
[2009/03/15 19:50:51 | 00,056,927 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\-5.jpg
[2009/03/15 19:50:51 | 00,056,063 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\-1.jpg
[2009/03/15 19:50:51 | 00,053,724 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\-3.jpg
[2009/03/15 19:50:51 | 00,051,757 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\-6.jpg
[2009/03/15 19:50:51 | 00,049,984 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\-7.jpg
[2009/03/15 19:50:51 | 00,048,810 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\image001.jpg
[2009/03/15 19:50:51 | 00,042,423 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\-9.jpg
[2009/03/15 19:50:51 | 00,041,682 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\-8.jpg
[2009/03/15 19:50:51 | 00,024,765 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\-10.jpg
========== LOP Check ==========
[2009/04/09 17:58:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/31 13:43:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/03/01 18:15:23 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2008/10/26 11:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/10/21 20:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/10/31 11:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/31 11:27:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[8208/10/29 13:48:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/12/22 15:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2009/01/27 21:08:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/10/29 15:02:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\comodo
[2008/10/24 00:05:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2008/12/04 22:16:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
[2009/04/09 17:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/10/23 00:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/01/04 13:16:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/04/13 00:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/02/20 00:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/10/23 23:58:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/10/29 21:56:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/03/02 14:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/03/20 01:32:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/23 19:08:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/10/22 23:19:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/29 14:30:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/10/21 23:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/10/21 20:32:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2009/03/02 22:01:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/11 01:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/11/23 20:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/10/21 21:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/10/21 22:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/12/26 17:25:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/12/03 16:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/10/31 13:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/10/21 22:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2008/10/21 22:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2008/10/21 22:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/04/05 01:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/10/23 23:41:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/03/02 13:48:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/03/02 14:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/31 17:26:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2009/04/11 15:46:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/30 20:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/04 14:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2009/03/01 18:16:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/10/21 22:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/29 03:50:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/31 00:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2008/10/28 17:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/10/21 21:37:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/04/13 13:45:20 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data
[2008/10/21 21:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2008/10/26 11:08:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2008/10/30 16:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2008/11/25 16:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2008/10/21 20:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AOL
[2008/11/14 14:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2008/10/29 15:02:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Comodo
[2009/03/13 22:28:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Corel
[2009/04/09 17:58:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2008/11/24 23:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivX
[2009/04/03 00:07:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DNA
[2008/10/22 14:24:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ESET
[2008/10/24 14:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2009/04/06 15:38:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/03/23 19:54:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/02/22 18:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Graugon
[2008/10/21 22:28:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2008/11/09 15:03:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2008/11/26 14:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2008/11/09 00:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2008/10/23 00:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/10/21 21:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2008/10/22 23:20:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/10/21 23:30:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\McAfee.com Personal Firewall
[2008/10/23 21:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic
[2009/02/20 00:28:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2008/10/21 21:19:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motive
[2009/04/06 15:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MOVAVI
[2008/10/21 21:43:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/02/20 00:27:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MozillaControl
[2009/04/13 15:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2009/03/04 00:48:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2008/10/21 23:53:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
[2008/10/21 22:58:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/10/22 21:13:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2008/12/26 01:19:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
[2009/04/10 12:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tunebite
[2009/03/01 18:16:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2009/01/09 17:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2008/10/28 17:05:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/04/13 23:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2008/10/26 19:05:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/02/20 21:16:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\vlc
[2009/04/12 21:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2009/01/31 00:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webroot
[2009/02/19 14:16:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2009/01/19 03:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xfire
[2008/10/21 22:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
[2009/04/13 23:00:00 | 00,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/04/13 22:46:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/13 16:13:15 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/04/13 16:12:59 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
[2009/04/13 16:33:55 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-80318808-1749694936-3363987519-1003.job
[2008/10/31 19:30:00 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2008/11/06 00:45:00 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
[2009/04/13 16:12:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/04/13 15:52:21 | 00,032,008 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
< End of report >
OTListIt Extras logfile created on: 4/13/2009 11:32:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.86 Gb Total Space | 75.21 Gb Free Space | 41.35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 4.43 Gb Total Space | 2.25 Gb Free Space | 50.64% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: THANKYOUBABY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe (Nexon)
C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe (Nexon)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader (America Online, Inc.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager (Nexon)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server (Apache Software Foundation)
C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe (Nexon)
C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe (Nexon)
C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core (Nexon Corp.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0CF19F73-D46F-49E1-A3D9-8FF6A4CC0A4E}" = Graugon AntiVirus
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX580 Scanner Driver Update
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{621FCD24-4498-4324-A81E-07D331376EDF}" = PixiePack Codec Pack
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76c24f39-b161-498f-bd8b-c64789812d13}_is1" = ConvertXtoDVD 3.1.0.18
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6}" = MyIdentityDefender Toolbar (CyberDefender Corporation)
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{95B7C0F4-7434-4DFB-B900-201BFC00C00B}" = Movavi Video Editor 4
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}" = Windows Live Toolbar
"{DC4DD556-DD03-422A-926B-470746D8B50D}" = Microsoft Office Outlook Connector for MSN
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites for Windows Live Toolbar
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DF81B441-BBE3-4A1E-AB7A-A430F806E682}" = Tunebite
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E397F6F0-AEE4-4236-BB05-1351350F8365}" = War Rock
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"ACE-HIGH MP3 WAV WMA OGG Converter" = ACE-HIGH MP3 WAV WMA OGG Converter
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AnyDVD" = AnyDVD
"BFGC" = Big Fish Games Client
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ™
"BigFix" = BigFix
"BurnWorld.Com BurnOn CD&DVD_is1" = BurnOn CD&DVD, Version 3.1.3 ( Build 2009-2-22, Win32, )
"CamStudio" = CamStudio
"cascadingcandycorn_3125143" = cascadingcandycorn_3125143 Screen Saver
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESP Historic_is1" = ESP Historic
"ESP Present Day_is1" = ESP Present Day
"ffdshow_is1" = ffdshow [rev 1972] [2008-05-24]
"FLV Player" = FLV Player 2.0 (build 25)
"FLVCodec" = PlayFLV
"Game Jackal_is1" = Game Jackal v3.0.1.9 (32 bit)
"Google Updater" = Google Updater
"Graboid Video" = Graboid Video 1.4
"HijackThis" = HijackThis 2.0.2
"Hitman 2 Silent Assassin" = Hitman 2 Silent Assassin
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.7
"magicalhalloween_3102797" = magicalhalloween_3102797 Screen Saver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Money2006b" = Microsoft Money 2006
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PowerISO" = PowerISO
"RealPlayer 6.0" = RealPlayer Basic
"Rumble Box" = Rumble Box Tournament Edition
"RumbleFighter" = Rumble Fighter
"Sauerbraten" = Sauerbraten
"scaryblackcat_3102800" = scaryblackcat_3102800 Screen Saver
"Smart Defrag_is1" = Smart Defrag 1.03
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBitPlus Toolbar" = SpeedBitPlus Toolbar
"SystemRequirementsLab" = System Requirements Lab
"Tansee iPod Transfer_is1" = Tansee iPod Transfer v3.8
"Terror Behind the Walls_is1" = Terror Behind the Walls
"TomTom HOME" = TomTom HOME 2.6.1.1549
"Uninstall Tool_is1" = Uninstall Tool
"V3.2_is1" = File Scavenger 3.2
"Verizon Online Help and Support" = Verizon Online Help and Support
"Window Washer" = Window Washer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winpcap-r" = winpcap-r 4.1B
"WinRAR" = WinRAR
"Winter Train_is1" = Winter Train 1.0.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"WolfTeam International_is1" = WolfTeam International
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XMicro Internet Security2.0.5" = XMicro Internet Security
"xvid" = XviD MPEG-4 Video Codec
"ZD Soft Screen Recorder" = ZD Soft Screen Recorder
"ZDSV" = ZD Soft Screen Video Decoder
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/13/2009 1:42:09 PM | Computer Name = THANKYOUBABY | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/13/2009 1:43:09 PM | Computer Name = THANKYOUBABY | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/13/2009 1:44:29 PM | Computer Name = THANKYOUBABY | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/13/2009 1:45:50 PM | Computer Name = THANKYOUBABY | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/13/2009 1:47:10 PM | Computer Name = THANKYOUBABY | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/13/2009 1:48:31 PM | Computer Name = THANKYOUBABY | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/13/2009 2:01:47 PM | Computer Name = THANKYOUBABY | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> apache.exe:
could not open document config file C:/Program Files/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf .
Error - 4/13/2009 3:58:38 PM | Computer Name = THANKYOUBABY | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> apache.exe:
could not open document config file C:/Program Files/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf .
Error - 4/13/2009 4:09:06 PM | Computer Name = THANKYOUBABY | Source = Application Error | ID = 1000
Description = Faulting application services.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x009a10e4.
Error - 4/13/2009 4:13:04 PM | Computer Name = THANKYOUBABY | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> apache.exe:
could not open document config file C:/Program Files/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf .
[ System Events ]
Error - 4/13/2009 4:13:09 PM | Computer Name = THANKYOUBABY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd pwipf6 Start1Driver
Error - 4/13/2009 4:13:09 PM | Computer Name = THANKYOUBABY | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2
Error - 4/13/2009 4:13:09 PM | Computer Name = THANKYOUBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 4/13/2009 4:13:09 PM | Computer Name = THANKYOUBABY | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2
Error - 4/13/2009 4:13:12 PM | Computer Name = THANKYOUBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 4/13/2009 4:13:12 PM | Computer Name = THANKYOUBABY | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2
Error - 4/13/2009 4:13:30 PM | Computer Name = THANKYOUBABY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.
Error - 4/13/2009 4:33:56 PM | Computer Name = THANKYOUBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 4/13/2009 4:33:56 PM | Computer Name = THANKYOUBABY | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2
Error - 4/13/2009 11:29:59 PM | Computer Name = THANKYOUBABY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.
[ TuneUp Events ]
Error - 3/1/2009 3:50:44 AM | Computer Name = THANKYOUBABY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-03-01 02:50:44', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2236',0)
Error - 3/6/2009 3:38:05 AM | Computer Name = THANKYOUBABY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-03-06 02:38:05', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5364',0)
Error - 3/13/2009 11:32:32 PM | Computer Name = THANKYOUBABY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-03-13 23:32:32', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1444',0)
Error - 4/2/2009 11:15:11 PM | Computer Name = THANKYOUBABY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-02 23:15:11', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3160',0)
Error - 4/2/2009 11:17:52 PM | Computer Name = THANKYOUBABY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-02 23:17:52', '\device\harddiskvolume1\documents
and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\mbam-setup.exe','168',0)
Error - 4/2/2009 11:18:00 PM | Computer Name = THANKYOUBABY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-02 23:18:00', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2588',0)
Error - 4/13/2009 2:02:23 PM | Computer Name = THANKYOUBABY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-13 14:02:23', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2684',0)
Error - 4/13/2009 2:21:30 PM | Computer Name = THANKYOUBABY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-04-13 14:21:30', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2352',0)
< End of report >
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2
C:\ [Fixed] - NTFS - (Total:186222 Mo/Free:3319 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Fixed] - FAT32 - (Total:4540 Mo/Free:2299 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
Mon 04/13/2009|15:43
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Google\Update\GoogleUpdate.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\LogMeIn\x86\RaMaint.exe
---------- C:\Program Files\LogMeIn\x86\LogMeIn.exe
---------- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
---------- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
---------- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
---------- C:\WINDOWS\System32\TUProgSt.exe
---------- C:\Program Files\MSN Messenger\usnsvc.exe
---------- C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
---------- C:\Program Files\Webroot\Washer\WasherSvc.exe
---------- C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\MSN Messenger\msnmsgr.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
---------- C:\Program Files\MSN\MSNCoreFiles\msn.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\Owner\Application Data\uTorrent\ConvertXtoDVD 3.3.4.106e And Keygen [1337x].torrent
C:\DOCUME~1\Owner\Application Data\uTorrent\VSO ConvertXtoDVD 3.4.7.121+keygen.torrent
C:\DOCUME~1\Owner\My Documents\Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]
C:\DOCUME~1\Owner\My Documents\Downloads\PRECRAcked-WinRAR.3.71
C:\DOCUME~1\Owner\My Documents\Downloads\VSO ConvertXtoDVD 3.4.7.121+keygen
C:\DOCUME~1\Owner\My Documents\Downloads\Winzip 11 Pro + Keygen [Multilenguaje][www.zonatorrent.com].rar
C:\DOCUME~1\Owner\My Documents\Downloads\AVS Video Converter 6.2.3.314 + Crack\AVS Video Converter.txt
C:\DOCUME~1\Owner\My Documents\Downloads\AVS Video Converter 6.2.3.314 + Crack\AVSVideoConverter.exe
C:\DOCUME~1\Owner\My Documents\Downloads\AVS Video Converter 6.2.3.314 + Crack\Crack\AVSVideoConverter.exe
C:\DOCUME~1\Owner\My Documents\Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\.tunebite
C:\DOCUME~1\Owner\My Documents\Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Enjoy And Please Seed This Torrent To Help Others.txt
C:\DOCUME~1\Owner\My Documents\Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe
C:\DOCUME~1\Owner\My Documents\Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Read Me Instructions.txt
C:\DOCUME~1\Owner\My Documents\Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\vsoConvertXtoDVD3_setup.exe
C:\DOCUME~1\Owner\My Documents\Downloads\Corel PaintShop Pro XI\Painter IX.5_keygen.exe
C:\DOCUME~1\Owner\My Documents\Downloads\Corel Photo Album 6.31 Full Retail + Keygen\CPA631_EN_Patch.exe
C:\DOCUME~1\Owner\My Documents\Downloads\Corel Photo Album 6.31 Full Retail + Keygen\Keygen.exe
C:\DOCUME~1\Owner\My Documents\Downloads\VSO ConvertXtoDVD 3.4.7.121+keygen\Keygen
C:\DOCUME~1\Owner\My Documents\Downloads\VSO ConvertXtoDVD 3.4.7.121+keygen\VSO ConvertXtoDVD 3.4.7.121.nfo
C:\DOCUME~1\Owner\My Documents\Downloads\VSO ConvertXtoDVD 3.4.7.121+keygen\vsoConvertXtoDVD3_setup_3.4.7.121.exe
C:\DOCUME~1\Owner\My Documents\Downloads\VSO ConvertXtoDVD 3.4.7.121+keygen\Keygen\Keygen.exe
C:\DOCUME~1\Owner\Recent\ConvertXtoDVD 3.3.4.106e And Keygen [1337x].lnk
1 - "C:\Rooter$\Rooter_1.txt" - Mon 04/13/2009|15:44
----------------------\\ Scan completed at 15:44
#18
Posted 14 April 2009 - 07:44 AM
#19
Posted 14 April 2009 - 08:04 AM
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#20
Posted 14 April 2009 - 03:25 PM
Are you aware of this program C:\Program Files\Sync Manager which is installed on your system - it is a ghost keylogger and can record your keystrokes.
Please advise if you installed it yourself.
Next
there are some suspicious files on your system that I would like to get analyzed:
please do this:
- Make sure to use Internet Explorer for this
- Please go to VirSCAN.org FREE on-line scan service
- Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\Documents and Settings\All Users\Application Data\hsqvmxbo.uxh
- Click on the Upload button
- If a pop-up appears saying the file has been scanned already, please select the ReScan button.
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
Please follow the same procedure as above for the following file:
- C:\Documents and Settings\Owner\Local Settings\Application Data\codecsetup3956.exe
NEXT
Run OTList2.exe
[list]
:OTLI PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) [2009/04/11 14:08:58 | 00,000,155 | ---- | C] () -- C:\WINDOWS\System32\SelfDel.bat [2009/04/11 14:08:50 | 00,084,045 | ---- | C] () -- C:\WINDOWS\System32\ftp_non_crp.exe [2009/04/11 13:53:52 | 00,109,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\e3d7dc26.sys [2009/04/13 13:27:39 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml [2009/04/12 21:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso [2009/03/29 03:50:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk :Services :Reg :Files :Commands [purity] [emptytemp] [start explorer] [Reboot]
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#21
Posted 14 April 2009 - 04:12 PM
#22
Posted 15 April 2009 - 12:02 AM
#23
Posted 15 April 2009 - 02:22 AM
#24
Posted 15 April 2009 - 03:20 AM
run the MalwareBytes program again and have it remove what it finds...the log shows no action taken....
Files Infected:
C:\My Backup -- 08-10-21 0726PM\WINDOWS\Mafia \uninstall.exe (Trojan.Agent) -> No action taken.
The 'clipboard' is just something in the background that 'holds' the text you copy until you 'paste it into either an open notepad or this thread here...
go back to virscan and try it again...
just enter the path as I have wriiten it for those files into the box on the VirScan screen.
copy what Virscan says into an open Notepad...then when you have everything copy everything from the notepad into this thread.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#25
Posted 15 April 2009 - 11:21 PM
We are seeing an increased volume of traffic by some malware software. In order to protect our customers from damage from that malware, we are blocking your query. A few legitimate queries may get flagged, and for that we apologize. Please be assured that we are hard at work on this problem and hope to get it resolved even better as soon as possible.
If you are using phpBB, please check out the phpBB downloads site http://www.phpbb.com/downloads.php and make sure you are not vulnerable.
- MSN Search Team
http://www.phpbb.com/downloads/
File Name : hsqvmxbo.uxh
File Size : 4984 byte
File Type : data
MD5 : d2df2d5e18b1436f6a44ff183f1867b9
SHA1 : 240c98f7ba11cd4477f8f71a68b0671ce1881ddc
Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/04/16 00:43:51 (EDT)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090415043116 2009-04-15 - 1.777
AhnLab V3 2009.04.16.00 2009.04.16 2009-04-16 - 0.912
AntiVir 7.9.0.143 7.1.3.57 2009-04-15 - 2.002
Antiy 2.0.18 20090415.2296744 2009-04-15 - 0.119
Authentium 5.1.1 200904152122 2009-04-15 - 1.135
AVAST! 3.0.1 090415-0 2009-04-15 - 0.909
AVG 7.5.52.442 270.11.58/2061 2009-04-15 - 2.040
BitDefender 7.81008.2846650 7.24826 2009-04-16 - 2.629
CA (VET) 9.0.0.143 31.6.6435 2009-04-14 - 6.908
ClamAV 0.95 9241 2009-04-16 - 0.004
Comodo 3.8 1115 2009-04-15 - 0.559
CP Secure 1.1.0.715 2009.04.16 2009-04-16 - 8.209
Dr.Web 4.44.0.9170 2009.04.16 2009-04-16 - 4.435
F-Prot 4.4.4.56 20090415 2009-04-15 - 1.094
F-Secure 5.51.6100 2009.04.16.01 2009-04-16 - 5.179
Fortinet 2.81-3.117 10.286 2009-04-15 - 0.159
GData 19.4650/19.300 20090416 2009-04-16 - 3.879
Ikarus T3.1.01.49 2009.04.15.72584 2009-04-15 - 2.821
JiangMin 11.0.706 2009.04.15 2009-04-15 - 1.727
Kaspersky 5.5.10 2009.04.16 2009-04-16 - 0.030
KingSoft 2009.2.5.15 2009.4.15.18 2009-04-15 - 0.916
McAfee 5.3.00 5585 2009-04-15 - 2.747
Microsoft 1.4502 2009.04.15 2009-04-15 - 5.419
mks_vir 2.01 2009.04.15 2009-04-15 - 2.713
Norman 6.00.06 6.00.00 2009-04-15 - 10.009
nProtect 20090415.02 3471338 2009-04-15 - 4.457
Panda 9.05.01 2009.04.15 2009-04-15 - 1.347
Quick Heal 10.00 2009.04.16 2009-04-16 - 1.392
Rising 20.0 21.25.30.00 2009-04-16 - 0.346
Sophos 2.85.0 4.40 2009-04-16 - 2.137
Sunbelt 5094 5094 2009-04-15 - 0.598
Symantec 1.3.0.24 20090415.003 2009-04-15 - 0.044
The Hacker 6.3.4.0 v00309 2009-04-15 - 0.531
Trend Micro 8.700-1004 5.968.11 2009-04-15 - 0.023
VBA32 3.12.10.2 20090415.0958 2009-04-15 - 1.650
ViRobot 20090414 2009.04.14 2009-04-14 - 0.413
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 - 1.491
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database
the 2nd one still says cant upload file..
Malwarebytes' Anti-Malware 1.36
Database version: 1987
Windows 5.1.2600 Service Pack 2
4/15/2009 9:44:15 PM
mbam-log-2009-04-15 (21-44-15).txt
Scan type: Full Scan (C:\|H:\|)
Objects scanned: 244779
Time elapsed: 42 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP276\A0070590.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP276\A0070592.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Register to Remove
#26
Posted 16 April 2009 - 02:20 AM
Lets try SDFix again,
Delete the copy you have from your desktop and download a fresh copy...print out these instructions as this HAS to be run is safe mode,
I'll give you the full instructions again:
Please download SDFix and save it to your Desktop.
- You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key repeatedly;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual user account.
- Open the SDFix folder and double click on RunThis.bat to start the script.
- Type Y and press Enter to begin the script.
- It will start cleaning your PC and then prompt you to press any key to Reboot.
- Press any key to restart the PC.
- Your system will take longer than normal to restart as the fixtool will be removing files.
- When the desktop loads the Fixtool will complete the removal and display Finished.
- Press any key to end the script and to load your desktop icons.
- A text file should automatically open, so please copy the contents and post them here.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#27
Posted 16 April 2009 - 07:49 AM
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\service\17112008_TIS17_SfFniAU.log - Deleted
C:\WINDOWS\system32\service\18122008_TIS17_SfFniAU.log - Deleted
C:\WINDOWS\system32\service\28122008_TIS17_SfFniAU.log - Deleted
Folder C:\WINDOWS\system32\service - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 09:33:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e3d7dc26]
"ImagePath"="\SystemRoot\System32\drivers\e3d7dc26.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="b2tuYS1rYmUuYml6"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmqlt.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSmqlt.sys"
"TDSSl"="\systemroot\system32\TDSSoiqh.dll"
"tdssservers"="\systemroot\system32\TDSSorvd.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSriqp.dll"
"tdssadw"="\systemroot\system32\TDSSxfum.dll"
"tdssinit"="\systemroot\system32\TDSSlxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdssserf"="\systemroot\system32\TDSSrhym.dll"
"tdsserrors"="\systemroot\system32\TDSStkdu.log"
"TDSSproc"="\systemroot\system32\TDSSbubx.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys)]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpqxt.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys)\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSpqxt.sys"
"TDSSl"="\systemroot\system32\TDSSosvn.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\e3d7dc26]
"ImagePath"="\SystemRoot\System32\drivers\e3d7dc26.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="b2tuYS1rYmUuYml6"
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58F33A7D-0382-8B5C-BB44-F7DEEF6DA3E4}]
"jalkjibdolpogmamnghk"=hex:62,61,68,65,00,00
"jalkjibdolpogmamngdk"=hex:62,61,6c,65,00,00
"ialjoddbpiilpopfma"=hex:6b,61,65,65,64,6d,62,65,61,6b,61,68,68,64,63,6b,62,68,65,69,6b,..
"habnljeagelcgpdi"=hex:6b,61,65,65,64,6d,62,65,6e,6a,63,65,6e,68,62,62,6d,6d,6a,61,70,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 26 Feb 2009 48 ..SH. --- "C:\WINDOWS\S1A0C4467.tmp"
Wed 21 Jan 2004 61,440 ...H. --- "C:\Program Files\MSN\msnupdate!@#@.exe"
Wed 21 Jan 2004 292,864 ...H. --- "C:\Program Files\MSN\txsrvc.dll"
Wed 21 Jan 2004 302,080 ...H. --- "C:\Program Files\MSN\unicows.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Fri 24 Oct 2008 88 ..SHR --- "C:\WINDOWS\system32\4F43AA00A7.sys"
Fri 13 Mar 2009 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 9 Apr 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 25 Oct 2008 678,814 ...H. --- "C:\Program Files\iolo\System Mechanic Professional 7\unins000.exe"
Sat 25 Oct 2008 692,556 ...H. --- "C:\Program Files\iolo\System Mechanic Professional\unins000.exe"
Fri 10 Apr 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 8 Feb 2009 3,030,568 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3e9e7327f38776a4eeeb084da3eff5a\BIT32C.tmp"
Thu 17 Jul 2008 444 ...HR --- "C:\My Backup -- 08-10-21 0726PM\Documents and Settings\Owner\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!
is this something thats safe for me to use on my own as well as drweb dure it? these seem like really great programs?
#28
Posted 16 April 2009 - 08:19 AM
is this something thats safe for me to use on my own as well as drweb dure it? these seem like really great programs?
No, definitely not, they can really mess up your computer if used incorrectly, besides, these programs are constantly being updated and are out of date quickly, so we always make sure the most up to date program is downloaded....we will do a final clean up of the tools when you are completely clean. MalwareBytes Antimalware, is the only program I would want you to keep.
Now, I need you to do this:
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
- They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:
Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')
File:: C:\WINDOWS\System32\drivers\e3d7dc26.sys C:\WINDOWS\system32\drivers\TDSSmqlt.sys C:\WINDOWS\system32\TDSSoiqh.dll" C:\WINDOWS\system32\TDSSorvd.dat" C:\WINDOWS\system32\TDSSbrsr.dll" C:\WINDOWS\system32\TDSSriqp.dll" C:\WINDOWS\system32\TDSSxfum.dll" C:\WINDOWS\system32\TDSSlxwp.dll" C:\WINDOWS\system32\TDSSnmxh.log" C:\WINDOWS\system32\TDSSsihc.dll" C:\WINDOWS\system32\TDSSrhym.dll" C:\WINDOWS\system32\TDSStkdu.log" C:\WINDOWS\system32\TDSSbubx.log" C:\WINDOWS\system32\drivers\TDSSpqxt.sys C:\WINDOWS\system32\TDSSosvn.dll Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e3d7dc26] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv\modules] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys)] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys)\modules] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\e3d7dc26] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58F33A7D-0382-8B5C-BB44-F7DEEF6DA3E4}]
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')
Save this file to your desktop, Save this as "CFScript"
Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...
* Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
* ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
* When finished, it shall produce a log for you.
* Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
NOTE: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
NEXT
Please post a fresh HJT log along with the Combo Fix log and describe how your computer is running now.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#29
Posted 17 April 2009 - 10:21 AM
ComboFix 09-04-13.A2 - Owner 2009-04-16 14:33.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2943.2429 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
FW: NVIDIA Firewall *disabled*
* Created a new restore point
FILE ::
c:\windows\System32\drivers\e3d7dc26.sys
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\drivers\TDSSpqxt.sys
c:\windows\system32\TDSSbrsr.dll"
c:\windows\system32\TDSSbubx.log"
c:\windows\system32\TDSSlxwp.dll"
c:\windows\system32\TDSSnmxh.log"
c:\windows\system32\TDSSoiqh.dll"
c:\windows\system32\TDSSorvd.dat"
c:\windows\system32\TDSSosvn.dll
c:\windows\system32\TDSSrhym.dll"
c:\windows\system32\TDSSriqp.dll"
c:\windows\system32\TDSSsihc.dll"
c:\windows\system32\TDSStkdu.log"
c:\windows\system32\TDSSxfum.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\inst.exe
c:\windows\System32\drivers\e3d7dc26.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_e3d7dc26
((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.
8208-10-29 17:48 . 8208-10-29 17:48 -------- d-----w c:\documents and settings\All Users\Application Data\Applications
8208-10-29 16:58 . 8208-10-29 16:58 331805736 ----a-w C:\WindowsXP-KB936929-SP3-x86-ENU.exe
8208-10-29 16:28 . 8208-10-29 16:28 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
8208-10-29 16:27 . 8208-10-29 16:27 72568 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
8208-10-29 16:27 . 8208-10-29 16:27 -------- d-----w c:\documents and settings\Administrator\Application Data\Corel
8208-10-29 16:21 . 8208-10-29 16:21 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\DNA
8208-10-29 16:21 . 2009-04-03 04:07 -------- d-----w c:\documents and settings\Owner\Application Data\DNA
8208-10-29 16:21 . 2009-04-03 01:55 -------- d-----w c:\program files\DNA
2009-04-16 13:23 . 2009-04-16 13:23 -------- d-----w c:\windows\ERUNT
2009-04-16 13:20 . 2009-04-16 13:37 -------- d-----w C:\SDFix
2009-04-15 05:04 . 2009-04-15 05:04 -------- d-----w C:\_OTListIt
2009-04-13 20:08 . 2009-04-13 20:08 -------- d-----w c:\documents and settings\Owner\DoctorWeb
2009-04-13 19:42 . 2009-04-13 19:44 -------- d-----w C:\Rooter$
2009-04-11 17:29 . 2009-04-11 17:29 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-04-11 06:09 . 2007-08-02 03:47 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-10 16:41 . 2009-04-11 17:31 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-09 21:58 . 2009-04-09 21:58 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-09 21:58 . 2009-04-09 21:58 -------- d-----w c:\documents and settings\Owner\Application Data\CyberLink
2009-04-06 19:39 . 2009-04-06 19:39 -------- d-----w c:\documents and settings\Owner\Application Data\MOVAVI
2009-04-06 19:37 . 2009-04-06 19:37 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2009-04-06 19:15 . 2009-04-06 19:38 -------- d-----w c:\documents and settings\Owner\Application Data\GetRightToGo
2009-04-06 19:03 . 2009-04-12 06:52 -------- d-----w c:\program files\Video Enhancer
2009-04-05 05:49 . 2009-04-05 05:49 -------- d-----w c:\program files\PixiePack Codec Pack
2009-04-05 05:48 . 2007-12-11 13:52 26784 ----a-w c:\windows\system32\drivers\tbhsd.sys
2009-04-05 05:48 . 2009-04-10 16:41 -------- d-----w c:\documents and settings\Owner\Application Data\Tunebite
2009-04-05 05:47 . 2009-04-05 05:51 -------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2009-04-05 05:47 . 2009-04-05 05:47 -------- d-----w c:\program files\RapidSolution
2009-03-27 14:03 . 2009-03-27 14:03 801312 ----a-w c:\windows\system32\nvcplui.exe
2009-03-27 14:03 . 2009-03-27 14:03 4710400 ----a-w c:\windows\system32\nvdisps.dll
2009-03-27 14:03 . 2009-03-27 14:03 420384 ----a-w c:\windows\system32\nvcpl.cpl
2009-03-27 14:03 . 2009-03-27 14:03 401408 ----a-w c:\windows\system32\nvcuvid.dll
2009-03-27 14:03 . 2009-03-27 14:03 3796992 ----a-w c:\windows\system32\nvvitvs.dll
2009-03-27 14:03 . 2009-03-27 14:03 3489792 ----a-w c:\windows\system32\nvgames.dll
2009-03-27 14:03 . 2009-03-27 14:03 2744320 ----a-w c:\windows\system32\nvwss.dll
2009-03-27 14:03 . 2009-03-27 14:03 188416 ----a-w c:\windows\system32\nvmccss.dll
2009-03-27 14:03 . 2009-03-27 14:03 1560576 ----a-w c:\windows\system32\nvcuda.dll
2009-03-27 14:03 . 2009-03-27 14:03 1273856 ----a-w c:\windows\system32\nvmobls.dll
2009-03-27 14:03 . 2009-03-27 14:03 1253376 ----a-w c:\windows\system32\NvPVEnc.ax
2009-03-24 00:29 . 2009-03-24 00:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-03-23 23:44 . 2009-04-15 06:41 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-23 23:08 . 2009-03-23 23:08 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn
2009-03-23 23:08 . 2009-03-23 23:08 -------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2009-03-23 23:08 . 2008-10-17 00:35 28984 ----a-w c:\windows\system32\LMIport.dll
2009-03-23 23:08 . 2008-10-17 00:35 83288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2009-03-23 23:08 . 2008-07-24 22:46 47640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys
2009-03-23 23:07 . 2008-10-17 00:35 87352 ----a-w c:\windows\system32\LMIinit.dll
2009-03-23 23:07 . 2009-03-23 23:07 1024 ----a-w C:\.rnd
2009-03-23 23:07 . 2009-04-16 04:08 -------- d-----w c:\program files\LogMeIn
2009-03-23 16:23 . 2009-03-23 16:23 -------- d-----w c:\program files\TomTom International B.V
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
8208-10-29 16:44 . 2004-08-26 16:12 250032 --sha-r C:\ntldr
8208-10-29 16:42 . 2004-08-26 18:03 76487 -c--a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
8208-10-29 13:14 . 2008-10-24 04:06 72568 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 18:33 . 2008-10-22 01:06 -------- d-----w c:\documents and settings\Owner\Application Data\MSN6
2009-04-16 18:29 . 2008-10-22 01:39 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-04-16 18:28 . 2009-02-05 02:57 -------- d-----w c:\program files\Trend Micro
2009-04-16 18:28 . 2008-10-22 02:47 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 18:01 . 2009-03-02 17:41 -------- d-----w c:\program files\SpeedBitPlus
2009-04-14 17:48 . 2009-03-02 04:23 -------- d-----w c:\program files\XMicro Internet Security
2009-04-14 17:47 . 2009-03-01 22:16 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-14 17:42 . 2009-03-08 17:42 -------- d-----w c:\program files\VSO
2009-04-14 17:42 . 2009-03-08 17:42 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-04-13 19:44 . 2009-04-13 19:44 5120 ----a-w C:\Rooter.txt
2009-04-13 01:58 . 2009-03-08 17:42 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-11 19:46 . 2008-10-22 02:09 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-11 17:28 . 2008-11-26 18:45 -------- d-----w c:\program files\SystemRequirementsLab
2009-04-11 06:05 . 2009-03-15 23:16 -------- d-----w c:\program files\Sync Manager
2009-04-11 03:48 . 2009-02-05 03:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-08 00:37 . 2008-10-22 13:15 71357 ----a-w C:\MP4debug.log
2009-04-06 19:32 . 2009-02-05 03:30 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-02-05 03:30 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-27 12:14 . 2008-10-22 02:44 453152 -c--a-w c:\windows\system32\NVUNINST.EXE
2009-03-23 23:52 . 2008-10-22 02:47 -------- d-----w c:\program files\Google
2009-03-23 16:22 . 2008-12-26 05:19 -------- d-----w c:\program files\TomTom HOME 2
2009-03-20 05:32 . 2008-11-12 00:41 -------- d-----w c:\program files\Lavasoft
2009-03-20 05:32 . 2008-10-23 01:50 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-18 16:53 . 2009-02-18 04:11 9024 ----a-w C:\aaw7boot.log
2009-03-16 16:13 . 2008-10-23 13:10 -------- d-----w c:\program files\SlySoft
2009-03-14 02:28 . 2008-10-24 04:06 -------- d-----w c:\documents and settings\Owner\Application Data\Corel
2009-03-14 01:57 . 2008-10-24 00:54 3350 -csha-w c:\windows\system32\KGyGaAvL.sys
2009-03-14 01:57 . 2008-10-24 00:54 3350 -csha-w c:\windows\system32\KGyGaAvL.sys
2009-03-12 04:48 . 2008-10-25 23:57 -------- d-----w c:\program files\WarRock
2009-03-12 04:48 . 2008-10-31 15:42 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-12 04:48 . 2008-10-22 02:57 -------- d-----w c:\program files\Microsoft Works
2009-03-12 04:47 . 2009-03-02 17:48 -------- d-----w c:\program files\SpeedBit Video Accelerator
2009-03-12 04:47 . 2009-03-02 17:41 -------- d-----w c:\program files\DAP
2009-03-12 04:47 . 2008-10-08 03:25 -------- d-----w c:\program files\AnyDVD
2009-03-12 04:45 . 2008-08-24 20:43 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-03-12 04:45 . 2009-02-20 04:20 -------- d-----w c:\program files\Mozilla ActiveX Control v1.7.12
2009-03-12 04:45 . 2008-12-22 19:12 -------- d-----w c:\program files\bfgclient
2009-03-12 04:45 . 2008-10-22 02:54 -------- d-----w c:\program files\Microsoft Digital Image 2006
2009-03-12 04:45 . 2008-10-22 13:15 -------- d-----w c:\program files\WinAVI MP4 Converter
2009-03-12 04:43 . 2008-10-24 03:17 -------- d-----w c:\program files\DivX
2009-03-12 04:43 . 2008-10-22 02:57 -------- d-----w c:\program files\MSN Encarta Plus
2009-03-11 05:53 . 2008-10-22 04:09 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-08 04:20 . 2009-03-08 04:20 -------- d-----w c:\program files\GamersFirst
2009-03-04 17:34 . 2009-03-04 00:59 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-04 04:56 . 2009-03-04 04:56 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-04 04:56 . 2009-03-04 04:56 232 ---ha-w C:\sqmdata03.sqm
2009-03-04 04:53 . 2009-03-04 04:53 256 ---ha-w C:\sqmdata02.sqm
2009-03-04 04:53 . 2009-03-04 04:53 244 ---ha-w C:\sqmnoopt02.sqm
2009-03-04 04:51 . 2009-03-04 04:51 244 ---ha-w C:\sqmnoopt01.sqm
2009-03-04 04:51 . 2009-03-04 04:51 232 ---ha-w C:\sqmdata01.sqm
2009-03-04 04:48 . 2008-10-22 04:01 -------- d-----w c:\documents and settings\Owner\Application Data\MSNInstaller
2009-03-04 04:11 . 2009-03-04 04:11 -------- d-----w c:\documents and settings\NetworkService\Application Data\Webroot
2009-03-04 03:46 . 2009-03-04 03:46 -------- d-----w c:\program files\Eidos Interactive
2009-03-04 00:00 . 2009-03-04 00:00 -------- d-----w c:\documents and settings\NetworkService\Application Data\TuneUp Software
2009-03-02 18:30 . 2008-10-23 01:19 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-02 18:30 . 2008-10-23 01:19 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-02 18:29 . 2009-03-02 18:29 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-02 17:48 . 2009-03-02 17:41 -------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-03-02 17:41 . 2009-03-02 17:41 -------- d-----w c:\program files\Conduit
2009-03-02 17:41 . 2009-03-02 17:41 50688 ----a-w c:\windows\system32\wbhelp2.dll
2009-03-02 04:04 . 2009-03-02 04:01 67645 ----a-w c:\windows\system32\drivers\pshook11.sys
2009-03-02 01:59 . 2009-02-23 15:59 -------- d-----w c:\program files\a-squared Free
2009-03-02 01:59 . 2009-02-23 18:50 -------- d-----w c:\program files\a-squared Anti-Malware
2009-03-01 22:16 . 2009-03-01 22:16 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUp Software
2009-03-01 22:16 . 2009-03-01 22:16 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-01 22:15 . 2009-03-01 22:15 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-01 17:48 . 2009-03-01 17:48 -------- d-----w c:\program files\NVIDIA Corporation
2009-03-01 16:28 . 2009-03-01 16:28 -------- d-----w c:\program files\Nvidia Omega Drivers
2009-02-27 03:59 . 2009-02-25 17:29 -------- d-----w c:\program files\Softwaremile.com
2009-02-27 00:18 . 2009-02-18 02:19 48 --sh--w c:\windows\S1A0C4467.tmp
2009-02-25 18:42 . 2008-10-30 02:21 -------- d-----w c:\program files\Common Files\Agnitum Shared
2009-02-25 18:30 . 2009-02-25 18:30 -------- d-----w c:\program files\Agnitum
2009-02-23 04:48 . 2009-02-23 03:48 30670 ----a-w C:\CybDefInstallInfo.log
2009-02-22 22:16 . 2009-02-22 22:16 -------- d-----w c:\program files\Graugon
2009-02-22 22:16 . 2009-02-22 22:16 -------- d-----w c:\documents and settings\Owner\Application Data\Graugon
2009-02-22 19:48 . 2009-02-22 19:48 1234 ----a-w C:\ipconfig.txt
2009-02-22 18:54 . 2009-01-27 03:58 9480 ----a-w C:\debug.log
2009-02-22 00:35 . 2009-02-20 04:20 -------- d-----w c:\program files\VideoLAN
2009-02-21 01:16 . 2009-02-20 04:28 -------- d-----w c:\documents and settings\Owner\Application Data\vlc
2009-02-20 19:59 . 2009-02-20 19:59 4096 ----a-w c:\windows\d3dx.dat
2009-02-20 04:28 . 2009-02-20 04:28 -------- d-----w c:\documents and settings\All Users\Application Data\Graboid Inc
2009-02-20 04:27 . 2009-02-20 04:27 -------- d-----w c:\documents and settings\Owner\Application Data\MozillaControl
2009-02-20 04:20 . 2009-02-20 04:19 -------- d-----w c:\program files\Graboid
2009-02-18 01:03 . 2009-02-18 01:03 -------- d-----w c:\documents and settings\Administrator\Application Data\Sunbelt
2009-02-09 10:19 . 2008-10-28 21:49 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-05 01:21 . 2008-10-23 01:15 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-02-04 05:43 . 2009-02-04 05:43 107 ----a-w c:\documents and settings\Owner\Application Data\netstat.bat
2009-02-04 02:44 . 2009-02-04 02:44 3584 ----a-w c:\windows\system32\DisspyUninstall.exe
2009-02-04 02:44 . 2009-02-04 02:44 32768 ----a-w c:\windows\system32\REGTOOL5.DLL
2009-02-04 02:44 . 2009-02-04 02:44 147456 ----a-w c:\windows\system32\VBZIP11.DLL
2009-02-04 02:44 . 2009-02-04 02:44 143360 ----a-w c:\windows\system32\vbuzip10.dll
2009-01-31 04:47 . 2009-01-31 04:47 987896 ----a-w C:\coreuninstall.log
2009-01-31 03:41 . 2008-11-12 21:19 81984 -c--a-w c:\windows\system32\bdod.bin
2008-11-12 00:13 . 2008-11-12 00:13 700 -c--a-w c:\program files\ownvrxto.txt
2008-10-30 19:24 . 2008-10-30 19:24 61224 -c--a-w c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
2008-10-11 16:40 . 2008-10-11 16:02 354750534 -c--a-w c:\program files\WolfTeam_IS_20080918_Ver262.exe
2008-10-11 16:04 . 2008-10-11 16:04 0 -c--a-w c:\program files\CombatArmsSetup.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-13_13.46.58.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-16 18:37 . 2009-04-16 18:37 16384 c:\windows\Temp\Perflib_Perfdata_694.dat
+ 2009-04-16 13:23 . 2009-04-16 13:23 253952 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-04-16 13:23 . 2008-08-07 19:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-04-16 13:24 . 2009-04-16 13:24 253952 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-04-16 13:24 . 2008-08-07 19:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-04-16 18:35 . 2005-10-21 00:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-16 13:23 . 2009-04-16 13:23 10399744 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-04-16 13:24 . 2009-04-16 13:24 10399744 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2009-03-02 13:41 140880 --a------ c:\progra~1\DAP\DAPIEL~1.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2005-09-22 14854144]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-29 270336]
"Synchronization Agent"="c:\program files\Sync Manager\agent\syncagent.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"nwiz"="nwiz.exe" [2009-03-27 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-03-02 2823784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ZDSV"= scrvid.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"SpeedBitVideoAccelerator"=c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe"
"High Definition Audio Property Page Shortcut"="c:\windows\system32\HDAShCut.exe"
"TotalSecurityUpdate"="c:\program files\XMicro Internet Security\TSAtUdt.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
2009-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 19:44]
2009-04-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 19:51]
2009-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80318808-1749694936-3363987519-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 17:34]
2008-10-31 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 15:00]
2008-11-06 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 15:00]
.
- - - - ORPHANS REMOVED - - - -
BHO-{60270dc7-9ea0-472f-9b77-66652c06246e} - (no file)
.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\82i9g6hb.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 14:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-80318808-1749694936-3363987519-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58F33A7D-0382-8B5C-BB44-F7DEEF6DA3E4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jalkjibdolpogmamnghk"=hex:62,61,68,65,00,00
"jalkjibdolpogmamngdk"=hex:62,61,6c,65,00,00
"ialjoddbpiilpopfma"=hex:6b,61,65,65,64,6d,62,65,61,6b,61,68,68,64,63,6b,62,68,
65,69,6b,6b,00,00
"habnljeagelcgpdi"=hex:6b,61,65,65,64,6d,62,65,6e,6a,63,65,6e,68,62,62,6d,6d,
6a,61,70,6e,00,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(3740)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe
c:\program files\Webroot\Washer\WasherSvc.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorEngine.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-16 14:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-16 18:39
ComboFix2.txt 2009-04-13 17:48
ComboFix3.txt 2009-04-12 05:15
ComboFix4.txt 2009-04-11 19:56
ComboFix5.txt 2009-04-16 18:32
Pre-Run: 81,387,823,104 bytes free
Post-Run: 81,437,573,120 bytes free
358 --- E O F --- 2009-04-11 17:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:56 PM, on 4/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe"
O4 - HKLM\..\Run: [Synchronization Agent] "C:\Program Files\Sync Manager\agent\syncagent.exe" -reportwithlogfile
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...20Installer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (epson_pm_rpcv4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c9ac1250fbe3e6) (gupdate1c9ac1250fbe3e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Security Activity Dashboard Service - Unknown owner - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 11320 bytes
#30
Posted 17 April 2009 - 10:31 AM
good news, your log is clean
Now we need to clean up after ourselves,
please do the following:
Follow these steps to uninstall Combofix
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
>>>NEXT<<<
Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )
- Click the Pt. Restauration button and press OK to the prompts.
- Click the Corbeille button and press OK to the prompt.
- Click the Fichiers temp button and press OK to the prompt.
- Click the Recherche button and let it run ( it may look like it freezes but let it continue )
- Once it is done click the Suppression button and let it remove anything it finds.
- Close the program
>>>NEXT<<<
Recommended AV's (all free - personally I use Avira)
Avira AntiVir
Avast
AVG
set the one you choose to receive automatic updates so you are always as fully protected as possible from the newest virus threats.
NOTE: DO NOT install more than one anti-virus program as they will conflict, and provide less protection, not more.
Recommended Firewalls (all free - prersonally I use Comodo)
Three excellent free firewalls are:
Comodo
Sunbelt Kerio
Sygate
NOTE: DO NOT install more than one firewall.
Note: If you choose Comodo - Please be careful with the installation of the Comodo program, it comes bundled with an adware toolbar which you need to de-select when you are going through the installation process. It's not a malicious program, but it may be a privacy risk and I don't think you want it on your system.
Below I have included a number of recommendations for how to protect your computer against malware infections.
- Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
- SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
- SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
- Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
- For Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
- Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
- Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
- Please read the guide by Rorschach112 on how to prevent malware and about safe computing here
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users