Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Something is definitely wrong [Solved]


  • This topic is locked This topic is locked
30 replies to this topic

#1 bocrunch

bocrunch

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 12 January 2012 - 09:24 PM

Things keep happening to my pc. It started with the system acting real slow, then I couldn't access certain web sites and my browsers would freeze. Next, programs that usually start up with the system, didn't start up and more and more programs will crash wile in use or just won't start up at all. Please help!

Here are scan results from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:11:42 PM, on 1/12/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Bo Crunch\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Multi Reminders] "C:\Program Files\Multi Reminders\reminder.exe" -c
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1321140376203
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.syste...el_4.4.24.0.cab
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7563 bytes

Edited by bocrunch, 12 January 2012 - 09:26 PM.

I thought it was supposed to do that!!!

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 13 January 2012 - 06:45 AM

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • Please subscribe to this topic, if you haven't already.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

First we need to make all files and folders VISIBLE:

  • Go to start>control panel>folder options>view
  • Choose to "show hidden files and folders,"
  • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
  • Close the window with ok
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

GMER

Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
.
----------

In your next reply please post the logs created by DDS and GMER. :)
Posted Image
 
 

#3 bocrunch

bocrunch

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 13 January 2012 - 03:23 PM

Hi Jeff, thank you very much for your help. I will do my best to follow all guidelines. Here are the scan results that you asked for.


DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bo Crunch at 11:44:33 on 2012-01-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.468 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedFan\speedfan.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dogpile.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Multi Reminders] "c:\program files\multi reminders\reminder.exe" -c
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [<NO NAME>]
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
StartupFolder: c:\docume~1\bocrun~1\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exe
uPolicies-explorer: NoActiveDesktop = 01000000
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1321140376203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{981C3620-6F67-4AEE-AF5C-40EDFD946114} : DhcpNameServer = 75.75.75.75 75.75.76.76
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-4 14776]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-10-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-10-23 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-10-23 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2011-12-17 63048]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-10-23 130008]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-1-11 439632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-12-30 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120112.002\IDSXpx86.sys [2012-1-12 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120112.034\NAVENG.SYS [2012-1-13 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120112.034\NAVEX15.SYS [2012-1-13 1576312]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-25 136176]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-25 136176]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\drivers\PTQHBUS.sys [2011-10-24 55056]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\drivers\PTQHMDM.sys [2011-10-24 161040]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\drivers\PTQHVSP.sys [2011-10-24 161040]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-01-12 02:23:45 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro
2012-01-12 02:13:34 -------- d-----w- c:\program files\WinPcap
2012-01-12 02:12:41 -------- d-----w- c:\program files\Trend Micro
2012-01-12 01:11:19 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-01-12 01:11:17 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-01-11 23:51:54 -------- d-----w- c:\documents and settings\bo crunch\application data\Tific
2012-01-11 23:51:53 -------- d-----w- c:\documents and settings\bo crunch\local settings\application data\Symantec
2012-01-07 16:52:34 -------- d-sh--w- C:\Temporary Internet Files
2012-01-07 06:12:37 -------- d-----w- c:\documents and settings\bo crunch\local settings\application data\Threat Expert
2012-01-07 05:45:44 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-01-07 05:45:43 -------- d-----w- c:\program files\common files\PC Tools
2012-01-07 05:44:13 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-01-07 05:44:11 -------- d-----w- c:\documents and settings\bo crunch\application data\TestApp
2012-01-05 05:39:07 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-05 05:39:07 -------- d-----w- c:\documents and settings\bo crunch\application data\IObit
2012-01-05 05:39:06 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-05 05:38:56 -------- d-----w- c:\program files\IObit
2012-01-01 06:37:43 582144 ----a-r- c:\program files\common files\microsoft shared\dao\DAO350.DLL
2012-01-01 06:37:39 532240 ----a-r- c:\windows\system32\MSEXCH35.DLL
2012-01-01 06:37:35 169984 ----a-r- c:\windows\system32\MSLTUS35.DLL
2012-01-01 06:37:32 254976 ----a-r- c:\windows\system32\MSEXCL35.DLL
2012-01-01 06:37:28 166912 ----a-r- c:\windows\system32\MSTEXT35.DLL
2012-01-01 06:37:25 253952 ----a-r- c:\windows\system32\MSPDOX35.DLL
2012-01-01 06:37:21 290816 ----a-r- c:\windows\system32\MSXBSE35.DLL
2012-01-01 06:37:18 403216 ----a-r- c:\windows\system32\MSREPL35.DLL
2012-01-01 06:37:11 251664 ----a-r- c:\windows\system32\MSRD2X35.DLL
2012-01-01 06:37:08 1039360 ----a-r- c:\windows\system32\MSJET35.DLL
2012-01-01 06:37:05 37136 ----a-r- c:\windows\system32\MSJINT35.DLL
2012-01-01 06:37:04 24336 ----a-r- c:\windows\system32\MSJTER35.DLL
2012-01-01 06:30:21 -------- d-----w- c:\windows\Favorites
2012-01-01 00:13:41 -------- d-----w- c:\program files\Brother
2011-12-27 03:18:20 -------- d-----w- c:\windows\SxsCaPendDel
2011-12-27 03:02:07 -------- d-----w- c:\documents and settings\all users\application data\Speedbit
2011-12-27 03:01:35 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-12-27 03:01:35 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2011-12-26 22:37:34 -------- d-----w- c:\documents and settings\bo crunch\application data\HpUpdate
2011-12-26 22:37:30 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-25 21:57:09 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-12-25 21:57:08 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-12-25 14:19:08 -------- d-----w- c:\documents and settings\bo crunch\local settings\application data\IsolatedStorage
2011-12-25 14:19:03 -------- d-----w- c:\documents and settings\bo crunch\local settings\application data\HP
2011-12-25 14:12:35 -------- d-----w- c:\program files\common files\Sonic Shared
2011-12-25 14:12:03 -------- d-----w- c:\program files\common files\HP
2011-12-24 12:32:36 -------- d-----w- c:\documents and settings\bo crunch\application data\ElevatedDiagnostics
2011-12-22 01:17:15 -------- d-----w- C:\51ffea51ad657125d9e5
2011-12-21 00:29:55 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-12-21 00:26:35 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-12-21 00:26:35 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-12-21 00:25:44 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-12-21 00:25:44 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-12-21 00:25:44 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2011-12-21 00:25:44 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-12-21 00:25:44 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-12-21 00:25:44 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-12-21 00:25:39 306688 ----a-w- c:\windows\IsUninst.exe
2011-12-21 00:25:25 -------- d-----w- c:\program files\HP
2011-12-21 00:24:51 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-12-21 00:24:51 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-12-21 00:24:51 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-12-21 00:24:47 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2011-12-21 00:24:46 606208 ----a-w- c:\windows\system32\hpotscl.dll
2011-12-21 00:24:46 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2011-12-21 00:24:46 258122 ----a-w- c:\windows\system32\hpovst08.dll
2011-12-21 00:24:45 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-12-21 00:24:23 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2011-12-21 00:24:22 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2011-12-21 00:24:22 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2011-12-20 19:35:36 -------- d-----w- c:\program files\AutoCAD 2010
2011-12-20 19:35:36 -------- d-----w- c:\documents and settings\bo crunch\local settings\application data\Autodesk
2011-12-20 19:35:36 -------- d-----w- c:\documents and settings\bo crunch\application data\Autodesk
2011-12-20 19:34:26 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-12-20 19:34:26 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-12-20 19:34:24 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-12-20 19:34:13 -------- d-----w- c:\windows\Logs
2011-12-20 19:33:38 -------- d-----w- c:\program files\common files\Autodesk Shared
2011-12-20 19:33:38 -------- d-----w- c:\program files\Autodesk
2011-12-20 19:23:56 -------- d-----w- C:\Autodesk
2011-12-20 19:22:47 -------- d-----w- c:\windows\system32\KB905474
.
==================== Find3M ====================
.
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-01 05:01:08 512 ----a-w- c:\windows\system32\gfbaksm.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 10:26:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 13:12:34 256192 ------w- c:\windows\winhelp.exe
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 03:16:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-31 03:16:04 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 04:10:44 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-10-23 16:06:54 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-23 16:06:54 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-18 11:13:22 186880 -c--a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 11:45:29.35 ===============












Attach.txt:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS

LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/22/2011 11:00:35 PM
System Uptime: 1/13/2012 9:07:39 AM (2 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | |

MS-6577
Processor: Intel® Pentium® 4 CPU

3.06GHz | Socket 478 | 3066/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 114 GiB total, 82.902 GiB

free.
D: is FIXED (NTFS) - 75 GiB total, 22.402 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 12/27/2011 7:12:23 PM - System Checkpoint
RP2: 12/30/2011 12:49:53 PM -

Norton_Power_Eraser_20111230124939531
RP3: 12/31/2011 1:30:46 PM - Installed Brother

P-touch Editor 5.0
RP4: 12/31/2011 4:10:04 PM - Configured Brother

P-touch Editor 5.0
RP5: 12/31/2011 4:13:08 PM - Installed Brother

P-touch Editor 5.0
RP6: 12/31/2011 4:16:56 PM - Installed Brother

P-touch Address Book 1.1
RP7: 12/31/2011 4:18:49 PM - Installed Brother

P-touch Update Software
RP8: 1/1/2012 6:58:19 PM - System Checkpoint
RP9: 1/4/2012 5:17:26 PM - Revo Uninstaller's

restore point - Avidemux 2.5
RP10: 1/4/2012 5:19:53 PM - Revo Uninstaller's

restore point - Puran Defrag Free Edition 7.1
RP11: 1/4/2012 5:22:30 PM - Revo Uninstaller's

restore point - GuardedID
RP12: 1/4/2012 5:23:00 PM - Removed GuardedID.
RP13: 1/5/2012 5:33:18 PM - System Checkpoint
RP14: 1/6/2012 10:35:28 PM - Revo Uninstaller's

restore point - AutoCAD 2010 - English
RP15: 1/6/2012 10:42:49 PM - Revo Uninstaller's

restore point - Brother P-touch Address Book 1.1
RP16: 1/6/2012 10:43:15 PM - Configured Brother

P-touch Address Book 1.1
RP17: 1/6/2012 10:49:44 PM - Revo Uninstaller's

restore point - PC Tools Spyware Doctor 9.0
RP18: 1/8/2012 10:37:18 PM - System Checkpoint
RP19: 1/10/2012 7:03:32 PM - System Checkpoint
RP20: 1/10/2012 8:25:52 PM - Norton Security Suite

Registry
RP21: 1/11/2012 4:36:48 PM - Software Distribution

Service 3.0
RP22: 1/11/2012 9:22:55 PM - Norton Security Suite

Registry
.
==== Installed Programs ======================
.
1500
1500_Help
1500Trb
Adobe Acrobat 9 Pro Extended - English, Français,

Deutsch
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe Flash Player 11 ActiveX
AiO_Scan
AiOSoftware
AnalogX CacheBooster
AutoCAD 2010 - English
AutoCAD 2010 Language Pack - English
Autodesk Design Review 2010
AvaCam v3.2.0
Brother P-touch Editor 5.0
Brother P-touch Editor Label Collection - Birthday

Banners [ENU]
Brother P-touch Editor Label Collection -

Building-Facility [ENU]
Brother P-touch Editor Label Collection -

Celebration Banners [ENU]
Brother P-touch Editor Label Collection -

Enviro-Recycle [ENU]
Brother P-touch Editor Label Collection - Event

Planning [ENU]
Brother P-touch Editor Label Collection - Package

Shipping [ENU]
Brother P-touch Editor Label Collection - Retail

Store [ENU]
Brother P-touch Editor Label Collection - Sports

Preparation [ENU]
Brother P-touch Editor Label Collection - Warning

[ENU]
Brother P-touch Update Software
BufferChm
Constant Guard Protection Suite
Cool Timer 3.6
Corel Uninstaller
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Enhanced Multimedia Keyboard Solution
eSupportQFolder
EVEREST Home Edition v2.20
Fax
Final Media Player 2011
FullDPAppQFolder
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1

(KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1

(KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
InstantShareDevices
Intel Application Accelerator
IsoBuster 2.7
IZArc 4.1.2
Java Auto Updater
Java™ 6 Update 29
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update

(KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows

XP
Microsoft IntelliPoint 8.0
Microsoft Kernel-Mode Driver Framework Feature Pack

1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI

(English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI

(English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI

(English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders

(English) 12
Microsoft User-Mode Driver Framework Feature Pack

1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.17
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Multi Reminders 2.75
Nero 8
neroxml
NewCopy
Norton Security Suite
NVIDIA Windows 2000/XP Display Drivers
PanoStandAlone
PANTECH Handset USB Driver V2
Pantech PCSuite
PhotoGallery
ProductContext
QFolder
RandMap
Readme
Revo Uninstaller 1.93
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5

SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8

(KB2510531)
Security Update for Windows Internet Explorer 8

(KB2544521)
Security Update for Windows Internet Explorer 8

(KB2586448)
Security Update for Windows Internet Explorer 8

(KB2618444)
Security Update for Windows Internet Explorer 8

(KB982381)
Security Update for Windows Media Encoder

(KB2447961)
Security Update for Windows Media Player

(KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11

(KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SkinsHP1
Smart Defrag 2
SolutionCenter
Sonic_PrimoSDK
SpeedFan (remove only)
Spell Checker For OE 2.1
Status
System Requirements Lab for Intel
TrayApp
Trend Micro RUBotted 2.0 Beta
Tweak UI
UBCD4Win 3.60
Ulead VideoStudio SE DVD
Unload
Update for Microsoft .NET Framework 3.5 SP1

(KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Capture Device
VCRedistSetup
Vuze
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool

(KB892130)
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
WinPcap 4.1.1
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
XQDC X-Setup Pro 9.2.100
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
1/12/2012 9:31:42 PM, error: Service Control

Manager [7001] - The Remote Access Connection

Manager service depends on the Telephony service

which failed to start because of the following

error: The service cannot be started, either

because it is disabled or because it has no enabled

devices associated with it.
.
==== End Of File ===========================












Gmer.txt


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-13 13:21:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 Maxtor_6 rev.YAR4
Running: gmer.exe; Driver: C:\DOCUME~1\BOCRUN~1\LOCALS~1\Temp\awlcruog.sys


---- System - GMER 1.0.15 ----

SSDT 85E7B068 ZwAlertResumeThread
SSDT 85E7AB18 ZwAlertThread
SSDT 85F99CB8 ZwAllocateVirtualMemory
SSDT 85E7DC10 ZwAssignProcessToJobObject
SSDT 85E17E38 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF6ABC710]
SSDT 85E5A0B0 ZwCreateMutant
SSDT 85B64770 ZwCreateSymbolicLinkObject
SSDT 860483C0 ZwCreateThread
SSDT 85E7DA98 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF6ABC990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF6ABCEF0]
SSDT 85F8B588 ZwDuplicateObject
SSDT 8608F7F0 ZwFreeVirtualMemory
SSDT 85E7B2B8 ZwImpersonateAnonymousToken
SSDT 85E7B0A0 ZwImpersonateThread
SSDT 85BDF560 ZwLoadDriver
SSDT 86096588 ZwMapViewOfSection
SSDT 85E7BBD8 ZwOpenEvent
SSDT 85F53DE0 ZwOpenProcess
SSDT 85E79D28 ZwOpenProcessToken
SSDT 85E7D740 ZwOpenSection
SSDT 85F811D8 ZwOpenThread
SSDT 85AF6418 ZwProtectVirtualMemory
SSDT 85E7A900 ZwResumeThread
SSDT 85E7A258 ZwSetContextThread
SSDT 873DF638 ZwSetInformationProcess
SSDT 85E7D8B8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF6ABD140]
SSDT 85E7D528 ZwSuspendProcess
SSDT 85E7A6F0 ZwSuspendThread
SSDT 85E79180 ZwTerminateProcess
SSDT 85E7A438 ZwTerminateThread
SSDT 85E7A0E0 ZwUnmapViewOfSection
SSDT 86090E08 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF604A340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]
? C:\DOCUME~1\BOCRUN~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 07E4003A
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 07E40319
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 07E400F7
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 07E40263
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 07E403CF
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 07E401AD
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!CreateBindCtx + B5F 774FF15F 4 Bytes JMP 07E4053F
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!CoCreateInstanceEx 774FF164 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb}
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!CoImpersonateClient + 51 77515200 4 Bytes JMP 07E40485
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!CoGetClassObject 77515205 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb}
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2220] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
I thought it was supposed to do that!!!

#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 13 January 2012 - 06:55 PM

Hi bocrunch,

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------
Posted Image
 
 

#5 bocrunch

bocrunch

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 13 January 2012 - 09:11 PM

Ok, here is what I did. I downloaded ComboFix to my desktop. Then, being overly confident in my abilities, I disabled my security (or at least I thought I did) by right clicking on the Norton Security Suite icon on the taskbar and disabling firewall and antivirus. When I ran ComboFix, it informed me that Norton was still running and it gave me a chance to disable it before continuing. I opened Norton Security suite and turned off every setting that I could find. Then continued with ComboFix. ComboFix then informed me that Norton was still running, but that it was continuing with the scan anyway. That being said, I don't know if I should now read the "How to disable security" page that you sugested in the first place and then run ComboFix again or if the log from the first run is ok. I'll post the results below, and just let me know what you need me to do. Thank you for your patience.


ComboFix 12-01-13.05 - Bo Crunch 01/13/2012 18:20:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.526 [GMT -8:00]
Running from: c:\documents and settings\Bo Crunch\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\BOCRUN~1\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\BOCRUN~1\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Bo Crunch\Local Settings\Temp\sfamcc00001.dll
c:\documents and settings\Bo Crunch\Local Settings\Temp\sfareca00001.dll
c:\documents and settings\Bo Crunch\WINDOWS
c:\windows\system32\gfbaksm.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-12 02:23 . 2012-01-12 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2012-01-12 02:13 . 2012-01-12 02:13 -------- d-----w- c:\program files\WinPcap
2012-01-12 02:12 . 2012-01-12 02:12 -------- d-----w- c:\program files\Trend Micro
2012-01-12 01:11 . 2012-01-12 01:11 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-01-12 01:11 . 2012-01-12 02:15 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-01-11 23:51 . 2012-01-11 23:51 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\Tific
2012-01-11 23:51 . 2012-01-11 23:51 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Symantec
2012-01-07 16:52 . 2012-01-10 05:56 -------- d-----w- C:\Temporary Internet Files
2012-01-07 06:26 . 2012-01-07 06:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ID Vault
2012-01-07 06:12 . 2012-01-07 06:12 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Threat Expert
2012-01-07 05:45 . 2011-11-23 03:42 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-01-07 05:45 . 2012-01-07 07:08 -------- d-----w- c:\program files\Common Files\PC Tools
2012-01-07 05:44 . 2012-01-07 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-07 05:44 . 2012-01-07 05:44 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\TestApp
2012-01-05 05:39 . 2012-01-05 05:39 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\IObit
2012-01-05 05:39 . 2011-08-20 00:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-05 05:39 . 2010-11-27 02:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-05 05:38 . 2012-01-05 05:38 -------- d-----w- c:\program files\IObit
2012-01-01 06:37 . 1996-12-02 17:44 582144 ----a-r- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL
2012-01-01 06:37 . 1997-01-16 16:24 532240 ----a-r- c:\windows\system32\MSEXCH35.DLL
2012-01-01 06:37 . 1996-12-31 12:19 169984 ----a-r- c:\windows\system32\MSLTUS35.DLL
2012-01-01 06:37 . 1996-12-31 12:19 254976 ----a-r- c:\windows\system32\MSEXCL35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 166912 ----a-r- c:\windows\system32\MSTEXT35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 253952 ----a-r- c:\windows\system32\MSPDOX35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 290816 ----a-r- c:\windows\system32\MSXBSE35.DLL
2012-01-01 06:37 . 1996-12-03 12:07 403216 ----a-r- c:\windows\system32\MSREPL35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 251664 ----a-r- c:\windows\system32\MSRD2X35.DLL
2012-01-01 06:37 . 1996-12-16 17:30 1039360 ----a-r- c:\windows\system32\MSJET35.DLL
2012-01-01 06:37 . 1997-01-12 23:00 37136 ----a-r- c:\windows\system32\MSJINT35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 24336 ----a-r- c:\windows\system32\MSJTER35.DLL
2012-01-01 06:30 . 2012-01-01 06:30 -------- d-----w- c:\windows\Favorites
2012-01-01 00:13 . 2012-01-07 06:43 -------- d-----w- c:\program files\Brother
2011-12-27 03:18 . 2012-01-01 06:40 -------- d-----w- c:\windows\SxsCaPendDel
2011-12-27 03:02 . 2011-12-27 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2011-12-27 03:01 . 2011-12-27 03:21 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2011-12-27 03:01 . 2011-12-27 03:01 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-12-26 22:37 . 2011-12-26 22:42 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\HpUpdate
2011-12-26 22:37 . 2011-12-26 22:37 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-26 01:35 . 2012-01-02 05:46 -------- d-----w- c:\program files\Google
2011-12-25 21:57 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-12-25 21:57 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-12-25 14:19 . 2011-12-25 14:19 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\IsolatedStorage
2011-12-25 14:19 . 2011-12-25 14:19 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\HP
2011-12-25 14:13 . 2011-12-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 14:12 . 2011-12-25 14:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
2011-12-25 14:12 . 2011-12-25 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2011-12-25 14:12 . 2011-12-25 14:12 -------- d-----w- c:\program files\Common Files\HP
2011-12-25 14:04 . 2011-12-25 14:16 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\HP
2011-12-24 12:32 . 2011-12-24 12:32 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\ElevatedDiagnostics
2011-12-22 01:17 . 2011-12-22 01:17 -------- d-----w- C:\51ffea51ad657125d9e5
2011-12-21 00:29 . 2011-12-21 00:29 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-12-21 00:26 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-12-21 00:26 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-12-21 00:25 . 2004-09-29 20:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-12-21 00:25 . 2004-09-29 20:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-12-21 00:25 . 2004-09-29 20:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-12-21 00:25 . 2004-09-29 20:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-12-21 00:25 . 2004-09-29 20:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-12-21 00:25 . 2004-09-29 20:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2011-12-21 00:25 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-12-21 00:25 . 2011-12-26 22:37 -------- d-----w- c:\program files\HP
2011-12-21 00:24 . 2005-03-08 19:43 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-12-21 00:24 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-12-21 00:24 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-12-21 00:24 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2011-12-21 00:24 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2011-12-21 00:24 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2011-12-21 00:24 . 2005-03-08 19:39 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2011-12-21 00:24 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-12-21 00:24 . 2005-03-08 19:41 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2011-12-21 00:24 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2011-12-21 00:24 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2011-12-20 19:35 . 2011-12-27 01:11 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\Autodesk
2011-12-20 19:35 . 2011-12-27 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2011-12-20 19:35 . 2011-12-20 19:42 -------- d-----w- c:\program files\AutoCAD 2010
2011-12-20 19:35 . 2011-12-20 19:35 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Autodesk
2011-12-20 19:34 . 2008-03-05 23:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-12-20 19:34 . 2008-02-06 07:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-12-20 19:34 . 2008-03-05 23:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-12-20 19:34 . 2011-12-20 19:34 -------- d-----w- c:\windows\Logs
2011-12-20 19:33 . 2011-12-20 19:42 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-12-20 19:33 . 2011-12-20 19:33 -------- d-----w- c:\program files\Autodesk
2011-12-20 19:23 . 2011-12-20 19:23 -------- d-----w- C:\Autodesk
2011-12-20 19:22 . 2011-12-20 19:22 -------- d-----w- c:\windows\system32\KB905474
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2011-11-24 16:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 00:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-03 23:17 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 00:56 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 10:26 . 2011-10-23 10:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 13:12 . 2004-08-17 00:49 256192 ------w- c:\windows\winhelp.exe
2011-11-04 19:20 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-08-04 00:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 00:56 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-03 22:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 00:56 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 00:56 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 00:56 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 03:16 . 2011-10-31 03:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-31 03:16 . 2011-10-31 03:16 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-10-28 05:31 . 2004-08-04 00:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-03 23:18 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 04:10 . 2011-10-25 04:10 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-10-23 16:06 . 2011-10-23 07:58 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-23 16:06 . 2011-10-23 07:58 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-18 11:13 . 2004-08-04 00:56 186880 -c--a-w- c:\windows\system32\encdec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Multi Reminders"="c:\program files\Multi Reminders\reminder.exe" [2009-09-25 229376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\documents and settings\Bo Crunch\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2011-11-3 4657048]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-29 02:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-29 01:14 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/4/2012 9:39 PM 14776]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [10/23/2011 8:06 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [10/23/2011 8:06 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 6:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [10/23/2011 8:06 AM 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [12/17/2011 9:13 AM 63048]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [10/23/2011 8:06 AM 130008]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [1/11/2012 6:12 PM 439632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/30/2011 1:48 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120113.002\IDSXpx86.sys [1/13/2012 5:02 PM 356280]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2011 5:36 PM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2011 5:36 PM 136176]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\drivers\PTQHBUS.sys [10/24/2011 8:14 PM 55056]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\drivers\PTQHMDM.sys [10/24/2011 8:14 PM 161040]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\drivers\PTQHVSP.sys [10/24/2011 8:14 PM 161040]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-10-25 22:24]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-26 01:35]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-920026266-725345543-1004Core.job
- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-29 20:32]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-920026266-725345543-1004UA.job
- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-29 20:32]
.
2011-10-23 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2010-07-21 23:52]
.
2012-01-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-12-20 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dogpile.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Linkman - c:\program files\Linkman\Linkman.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-13 18:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-920026266-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\03\10\07\180?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Corel\programs\CMFFld80.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ALCXMNTR.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-01-13 18:34:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-14 02:34
.
Pre-Run: 89,044,164,608 bytes free
Post-Run: 89,556,045,824 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F9BC00ACFCA2C8CC6B4D3FF54E88B7A0
I thought it was supposed to do that!!!

#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 January 2012 - 11:46 AM

Hi bocrunch,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    DDS::
    uStart Page = hxxp://www.dogpile.com/
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    
    Folder::
    c:\documents and settings\bo crunch\application data\IObit
    c:\program files\IObit
    
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
Posted Image
 
 

#7 bocrunch

bocrunch

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 14 January 2012 - 01:15 PM

Ok, ran ComboFix as directed... all went well. I was able to disable all security. Here is the log you requested. Thanks again for your help. Just let me know if there is more I need to do...


ComboFix 12-01-13.05 - Bo Crunch 01/14/2012 10:58:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.490 [GMT -8:00]
Running from: c:\documents and settings\Bo Crunch\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bo Crunch\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\bo crunch\application data\IObit
c:\documents and settings\bo crunch\application data\IObit\Smart Defrag 2\Config.ini
c:\program files\IObit
c:\program files\IObit\Smart Defrag 2\drivers\win7_x64\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\win7_x64\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\win7_x86\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\win7_x86\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wlh_x64\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wlh_x64\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wlh_x86\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wlh_x86\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wnet_x64\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wnet_x64\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wnet_x86\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wnet_x86\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wxp_x64\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wxp_x64\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wxp_x86\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wxp_x86\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\EULA.rtf
c:\program files\IObit\Smart Defrag 2\fav.ico
c:\program files\IObit\Smart Defrag 2\Freeware\Check.dll
c:\program files\IObit\Smart Defrag 2\Freeware\SD_FreeSoftwareDownloader.exe
c:\program files\IObit\Smart Defrag 2\Help\Images\001.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\002.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\003.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\004.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\005.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\006.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\007.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\008.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\009.jpg
c:\program files\IObit\Smart Defrag 2\Help\Index.html
c:\program files\IObit\Smart Defrag 2\Language\Albanian.lng
c:\program files\IObit\Smart Defrag 2\Language\Arabic.lng
c:\program files\IObit\Smart Defrag 2\Language\Bulgarian.lng
c:\program files\IObit\Smart Defrag 2\Language\ChineseSimp.lng
c:\program files\IObit\Smart Defrag 2\Language\ChineseTrad.lng
c:\program files\IObit\Smart Defrag 2\Language\Czech.lng
c:\program files\IObit\Smart Defrag 2\Language\Danish.lng
c:\program files\IObit\Smart Defrag 2\Language\Dutch.lng
c:\program files\IObit\Smart Defrag 2\Language\English.lng
c:\program files\IObit\Smart Defrag 2\Language\Finnish.lng
c:\program files\IObit\Smart Defrag 2\Language\Flemish.lng
c:\program files\IObit\Smart Defrag 2\Language\French.lng
c:\program files\IObit\Smart Defrag 2\Language\Georgian.lng
c:\program files\IObit\Smart Defrag 2\Language\German.lng
c:\program files\IObit\Smart Defrag 2\Language\Greek.lng
c:\program files\IObit\Smart Defrag 2\Language\Hebrew.lng
c:\program files\IObit\Smart Defrag 2\Language\Hungarian.lng
c:\program files\IObit\Smart Defrag 2\Language\Indonesia.lng
c:\program files\IObit\Smart Defrag 2\Language\Italian.lng
c:\program files\IObit\Smart Defrag 2\Language\Japanese.lng
c:\program files\IObit\Smart Defrag 2\Language\Korean.lng
c:\program files\IObit\Smart Defrag 2\Language\Kurdish.lng
c:\program files\IObit\Smart Defrag 2\Language\Malay.lng
c:\program files\IObit\Smart Defrag 2\Language\Malayalam.lng
c:\program files\IObit\Smart Defrag 2\Language\Norwegian.lng
c:\program files\IObit\Smart Defrag 2\Language\Polish.lng
c:\program files\IObit\Smart Defrag 2\Language\Portuguese(Brazil).lng
c:\program files\IObit\Smart Defrag 2\Language\Portuguese(Portugal).lng
c:\program files\IObit\Smart Defrag 2\Language\Romanian.lng
c:\program files\IObit\Smart Defrag 2\Language\Russian.lng
c:\program files\IObit\Smart Defrag 2\Language\Serbian.lng
c:\program files\IObit\Smart Defrag 2\Language\Slovak.lng
c:\program files\IObit\Smart Defrag 2\Language\Slovenian.lng
c:\program files\IObit\Smart Defrag 2\Language\Spanish.lng
c:\program files\IObit\Smart Defrag 2\Language\Swedish.lng
c:\program files\IObit\Smart Defrag 2\Language\Turkish.lng
c:\program files\IObit\Smart Defrag 2\Language\Vietnamese.lng
c:\program files\IObit\Smart Defrag 2\LatestNews\LatestNews.ini
c:\program files\IObit\Smart Defrag 2\Log\SDBootTime_2012-01-06-21-28-32.log
c:\program files\IObit\Smart Defrag 2\Log\SDBootTime_2012-01-13-08-45-33.log
c:\program files\IObit\Smart Defrag 2\NtfsData.dll
c:\program files\IObit\Smart Defrag 2\rtl120.bpl
c:\program files\IObit\Smart Defrag 2\SDDriverMgr.dll
c:\program files\IObit\Smart Defrag 2\SDInit.exe
c:\program files\IObit\Smart Defrag 2\Skins\Black\Add_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Add_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Add_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Add_Shadow.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Analyze_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Analyze_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Analyze_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Analyze_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Center.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Checkbox_Checked.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Checkbox_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Checkbox_Unchecked.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Close_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Close_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\ColumnDivider.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\ColumnHeader.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Corner_Bottom_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Corner_Bottom_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Corner_Top_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Corner_Top_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Option_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Option_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Option_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Option_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Bottom.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Left_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Right_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Hide.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Item_Selected.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Layout.ini
c:\program files\IObit\Smart Defrag 2\Skins\Black\line.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Logo.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Maximize_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Maximize_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Minimize_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Minimize_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\News_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\News_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\News_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Page_Body.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Pause_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Pause_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Pause_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Pause_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Bg_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Bg_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Bg_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Fg_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Fg_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Fg_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Restore_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Restore_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Setting_Text_Shadow.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Show.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Statistics.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Stop_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Stop_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Stop_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Stop_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Tab_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Tab_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Tab_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Title.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Top.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Add_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Add_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Add_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Add_Shadow.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Analyze_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Analyze_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Analyze_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Analyze_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\center.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Checkbox_Checked.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Checkbox_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Checkbox_Unchecked.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Close_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Close_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\ColumnDivider.png
c:\program files\IObit\Smart Defrag 2\Skins\White\ColumnHeader.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Corner_Bottom_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Corner_Bottom_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Corner_Top_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Corner_Top_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Option_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Option_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Option_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Option_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Bottom.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Left_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Right_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Hide.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Item_Selected.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Layout.ini
c:\program files\IObit\Smart Defrag 2\Skins\White\line.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Logo.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Maximize_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Maximize_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Minimize_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Minimize_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\News_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\News_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\White\News_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Page_Body.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Pause_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Pause_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Pause_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Pause_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Bg_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Bg_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Bg_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Fg_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Fg_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Fg_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Restore_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Restore_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Setting_Text_Shadow.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Show.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Statistics.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Stop_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Stop_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Stop_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Stop_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Tab_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Tab_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Tab_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Title.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Top.png
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\IObit\Smart Defrag 2\taskMgr.dll
c:\program files\IObit\Smart Defrag 2\unins000.dat
c:\program files\IObit\Smart Defrag 2\unins000.exe
c:\program files\IObit\Smart Defrag 2\unins000.msg
c:\program files\IObit\Smart Defrag 2\vcl120.bpl
c:\program files\IObit\Smart Defrag 2\vclx120.bpl
.
.
((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-12 02:23 . 2012-01-12 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2012-01-12 02:13 . 2012-01-12 02:13 -------- d-----w- c:\program files\WinPcap
2012-01-12 02:12 . 2012-01-12 02:12 -------- d-----w- c:\program files\Trend Micro
2012-01-12 01:11 . 2012-01-12 01:11 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-01-12 01:11 . 2012-01-12 02:15 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-01-11 23:51 . 2012-01-11 23:51 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\Tific
2012-01-11 23:51 . 2012-01-11 23:51 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Symantec
2012-01-07 16:52 . 2012-01-10 05:56 -------- d-----w- C:\Temporary Internet Files
2012-01-07 06:26 . 2012-01-07 06:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ID Vault
2012-01-07 06:12 . 2012-01-07 06:12 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Threat Expert
2012-01-07 05:45 . 2011-11-23 03:42 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-01-07 05:45 . 2012-01-07 07:08 -------- d-----w- c:\program files\Common Files\PC Tools
2012-01-07 05:44 . 2012-01-07 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-07 05:44 . 2012-01-07 05:44 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\TestApp
2012-01-05 05:39 . 2011-08-20 00:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-05 05:39 . 2010-11-27 02:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-01 06:37 . 1996-12-02 17:44 582144 ----a-r- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL
2012-01-01 06:37 . 1997-01-16 16:24 532240 ----a-r- c:\windows\system32\MSEXCH35.DLL
2012-01-01 06:37 . 1996-12-31 12:19 169984 ----a-r- c:\windows\system32\MSLTUS35.DLL
2012-01-01 06:37 . 1996-12-31 12:19 254976 ----a-r- c:\windows\system32\MSEXCL35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 166912 ----a-r- c:\windows\system32\MSTEXT35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 253952 ----a-r- c:\windows\system32\MSPDOX35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 290816 ----a-r- c:\windows\system32\MSXBSE35.DLL
2012-01-01 06:37 . 1996-12-03 12:07 403216 ----a-r- c:\windows\system32\MSREPL35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 251664 ----a-r- c:\windows\system32\MSRD2X35.DLL
2012-01-01 06:37 . 1996-12-16 17:30 1039360 ----a-r- c:\windows\system32\MSJET35.DLL
2012-01-01 06:37 . 1997-01-12 23:00 37136 ----a-r- c:\windows\system32\MSJINT35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 24336 ----a-r- c:\windows\system32\MSJTER35.DLL
2012-01-01 06:30 . 2012-01-01 06:30 -------- d-----w- c:\windows\Favorites
2012-01-01 00:13 . 2012-01-07 06:43 -------- d-----w- c:\program files\Brother
2011-12-27 03:18 . 2012-01-01 06:40 -------- d-----w- c:\windows\SxsCaPendDel
2011-12-27 03:02 . 2011-12-27 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2011-12-27 03:01 . 2011-12-27 03:21 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2011-12-27 03:01 . 2011-12-27 03:01 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-12-26 22:37 . 2011-12-26 22:42 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\HpUpdate
2011-12-26 22:37 . 2011-12-26 22:37 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-26 01:35 . 2012-01-02 05:46 -------- d-----w- c:\program files\Google
2011-12-25 21:57 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-12-25 21:57 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-12-25 14:19 . 2011-12-25 14:19 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\IsolatedStorage
2011-12-25 14:19 . 2011-12-25 14:19 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\HP
2011-12-25 14:13 . 2011-12-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 14:12 . 2011-12-25 14:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
2011-12-25 14:12 . 2011-12-25 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2011-12-25 14:12 . 2011-12-25 14:12 -------- d-----w- c:\program files\Common Files\HP
2011-12-25 14:04 . 2011-12-25 14:16 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\HP
2011-12-24 12:32 . 2011-12-24 12:32 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\ElevatedDiagnostics
2011-12-22 01:17 . 2011-12-22 01:17 -------- d-----w- C:\51ffea51ad657125d9e5
2011-12-21 00:29 . 2011-12-21 00:29 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-12-21 00:26 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-12-21 00:26 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-12-21 00:25 . 2004-09-29 20:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-12-21 00:25 . 2004-09-29 20:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-12-21 00:25 . 2004-09-29 20:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-12-21 00:25 . 2004-09-29 20:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-12-21 00:25 . 2004-09-29 20:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-12-21 00:25 . 2004-09-29 20:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2011-12-21 00:25 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-12-21 00:25 . 2011-12-26 22:37 -------- d-----w- c:\program files\HP
2011-12-21 00:24 . 2005-03-08 19:43 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-12-21 00:24 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-12-21 00:24 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-12-21 00:24 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2011-12-21 00:24 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2011-12-21 00:24 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2011-12-21 00:24 . 2005-03-08 19:39 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2011-12-21 00:24 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-12-21 00:24 . 2005-03-08 19:41 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2011-12-21 00:24 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2011-12-21 00:24 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2011-12-20 19:35 . 2011-12-27 01:11 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\Autodesk
2011-12-20 19:35 . 2011-12-27 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2011-12-20 19:35 . 2011-12-20 19:42 -------- d-----w- c:\program files\AutoCAD 2010
2011-12-20 19:35 . 2011-12-20 19:35 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Autodesk
2011-12-20 19:34 . 2008-03-05 23:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-12-20 19:34 . 2008-02-06 07:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-12-20 19:34 . 2008-03-05 23:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-12-20 19:34 . 2011-12-20 19:34 -------- d-----w- c:\windows\Logs
2011-12-20 19:33 . 2011-12-20 19:42 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-12-20 19:33 . 2011-12-20 19:33 -------- d-----w- c:\program files\Autodesk
2011-12-20 19:23 . 2011-12-20 19:23 -------- d-----w- C:\Autodesk
2011-12-20 19:22 . 2011-12-20 19:22 -------- d-----w- c:\windows\system32\KB905474
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2011-11-24 16:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 00:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-03 23:17 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 00:56 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 10:26 . 2011-10-23 10:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 13:12 . 2004-08-17 00:49 256192 ------w- c:\windows\winhelp.exe
2011-11-04 19:20 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-08-04 00:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 00:56 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-03 22:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 00:56 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 00:56 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 00:56 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 03:16 . 2011-10-31 03:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-31 03:16 . 2011-10-31 03:16 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-10-28 05:31 . 2004-08-04 00:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-03 23:18 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 04:10 . 2011-10-25 04:10 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-10-23 16:06 . 2011-10-23 07:58 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-23 16:06 . 2011-10-23 07:58 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-18 11:13 . 2004-08-04 00:56 186880 -c--a-w- c:\windows\system32\encdec.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-14_02.30.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-17 00:49 . 2012-01-14 02:33 72278 c:\windows\system32\perfc009.dat
+ 2004-08-17 00:49 . 2012-01-14 02:33 444020 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Multi Reminders"="c:\program files\Multi Reminders\reminder.exe" [2009-09-25 229376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\documents and settings\Bo Crunch\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2011-11-3 4657048]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-29 02:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-29 01:14 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/4/2012 9:39 PM 14776]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [10/23/2011 8:06 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [10/23/2011 8:06 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 6:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [10/23/2011 8:06 AM 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [12/17/2011 9:13 AM 63048]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [10/23/2011 8:06 AM 130008]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [1/11/2012 6:12 PM 439632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/30/2011 1:48 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120113.002\IDSXpx86.sys [1/13/2012 5:02 PM 356280]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2011 5:36 PM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2011 5:36 PM 136176]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\drivers\PTQHBUS.sys [10/24/2011 8:14 PM 55056]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\drivers\PTQHMDM.sys [10/24/2011 8:14 PM 161040]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\drivers\PTQHVSP.sys [10/24/2011 8:14 PM 161040]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-10-25 22:24]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-26 01:35]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-920026266-725345543-1004Core.job
- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-29 20:32]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-920026266-725345543-1004UA.job
- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-29 20:32]
.
2011-10-23 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2010-07-21 23:52]
.
2012-01-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-12-20 06:18]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Smart Defrag 2_is1 - c:\program files\IObit\Smart Defrag 2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 11:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-920026266-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-01-14 11:09:47
ComboFix-quarantined-files.txt 2012-01-14 19:09
ComboFix2.txt 2012-01-14 02:34
.
Pre-Run: 89,530,765,312 bytes free
Post-Run: 89,508,552,704 bytes free
.
- - End Of File - - FCF3D0FC4D2D46221F035F9015F2F971
I thought it was supposed to do that!!!

#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 January 2012 - 08:56 PM

Hi bocrunch,

I see that you have Malwarebytes on your system. Please open Malwarebytes, update it and then run a Quick Scan. Please save the log that is created for your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scanner. :)
Posted Image
 
 

#9 bocrunch

bocrunch

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 15 January 2012 - 04:19 PM

Here are the logs that you requested.... Thanks again for your help. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.14.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Bo Crunch :: GROUNDSCORE [administrator] 1/14/2012 8:59:17 PM mbam-log-2012-01-14 (20-59-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 180788 Time elapsed: 4 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) D:\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application D:\Downloads\media\Setup_FreeAVCHDConverter.exe Win32/Adware.Toolbar.Dealio application D:\Downloads\Utilities\defragsetup.exe a variant of Win32/Toolbar.Widgi application D:\Downloads\Utilities\reg\registrybooster.exe Win32/RegistryBooster application D:\My Documents\Bak\midnight pool 3d.exe a variant of Win32/TrojanDropper.Agent.OTR trojan D:\Temps\cnet2_TSLSetup_exe.exe a variant of Win32/InstallCore.D application D:\Temps\FLVPlayerSetup.exe a variant of Win32/InstallCore.C application
I thought it was supposed to do that!!!

#10 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 January 2012 - 05:23 PM

Hi bocrunch,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    File::
    D:\Downloads\YouTubeDownloaderSetup34.exe	
    D:\Downloads\media\Setup_FreeAVCHDConverter.exe	
    D:\Downloads\Utilities\defragsetup.exe	
    D:\Downloads\Utilities\reg\registrybooster.exe	
    D:\My Documents\Bak\midnight pool 3d.exe
    D:\Temps\cnet2_TSLSetup_exe.exe	
    D:\Temps\FLVPlayerSetup.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

In your next reply please post the ComboFix log and let me know how your system is running now? :)
Posted Image
 
 

    Advertisements

Register to Remove


#11 bocrunch

bocrunch

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 16 January 2012 - 05:33 PM

PC is still a little disconbobulated... NVidia icon is still missing from taskbar, not able to sign into some websites.... message pops up saying wrong password, but I can still access some of the links that are only available when logged in. I'm not getting bombarded with ads anymore. Definite improvement though. Here is the log you requested from ComboFix.... Thanks again for all your help!

ComboFix 12-01-13.05 - Bo Crunch 01/15/2012 20:05:23.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.319 [GMT -8:00]
Running from: c:\documents and settings\Bo Crunch\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bo Crunch\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
FILE ::
"d:\downloads\media\Setup_FreeAVCHDConverter.exe"
"d:\downloads\Utilities\defragsetup.exe"
"d:\downloads\Utilities\reg\registrybooster.exe"
"d:\downloads\YouTubeDownloaderSetup34.exe"
"d:\my documents\Bak\midnight pool 3d.exe"
"d:\temps\cnet2_TSLSetup_exe.exe"
"d:\temps\FLVPlayerSetup.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-15 05:10 . 2012-01-15 05:10 -------- d-----w- c:\program files\ESET
2012-01-12 02:23 . 2012-01-12 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2012-01-12 02:13 . 2012-01-12 02:13 -------- d-----w- c:\program files\WinPcap
2012-01-12 02:12 . 2012-01-12 02:12 -------- d-----w- c:\program files\Trend Micro
2012-01-12 01:11 . 2012-01-12 01:11 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-01-12 01:11 . 2012-01-12 02:15 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-01-11 23:51 . 2012-01-11 23:51 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\Tific
2012-01-11 23:51 . 2012-01-11 23:51 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Symantec
2012-01-07 16:52 . 2012-01-10 05:56 -------- d-----w- C:\Temporary Internet Files
2012-01-07 06:26 . 2012-01-07 06:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ID Vault
2012-01-07 06:12 . 2012-01-07 06:12 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Threat Expert
2012-01-07 05:45 . 2011-11-23 03:42 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-01-07 05:45 . 2012-01-07 07:08 -------- d-----w- c:\program files\Common Files\PC Tools
2012-01-07 05:44 . 2012-01-07 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-07 05:44 . 2012-01-07 05:44 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\TestApp
2012-01-05 05:39 . 2011-08-20 00:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-05 05:39 . 2010-11-27 02:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-01 06:37 . 1996-12-02 17:44 582144 ----a-r- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL
2012-01-01 06:37 . 1997-01-16 16:24 532240 ----a-r- c:\windows\system32\MSEXCH35.DLL
2012-01-01 06:37 . 1996-12-31 12:19 169984 ----a-r- c:\windows\system32\MSLTUS35.DLL
2012-01-01 06:37 . 1996-12-31 12:19 254976 ----a-r- c:\windows\system32\MSEXCL35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 166912 ----a-r- c:\windows\system32\MSTEXT35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 253952 ----a-r- c:\windows\system32\MSPDOX35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 290816 ----a-r- c:\windows\system32\MSXBSE35.DLL
2012-01-01 06:37 . 1996-12-03 12:07 403216 ----a-r- c:\windows\system32\MSREPL35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 251664 ----a-r- c:\windows\system32\MSRD2X35.DLL
2012-01-01 06:37 . 1996-12-16 17:30 1039360 ----a-r- c:\windows\system32\MSJET35.DLL
2012-01-01 06:37 . 1997-01-12 23:00 37136 ----a-r- c:\windows\system32\MSJINT35.DLL
2012-01-01 06:37 . 1996-12-02 17:44 24336 ----a-r- c:\windows\system32\MSJTER35.DLL
2012-01-01 06:30 . 2012-01-01 06:30 -------- d-----w- c:\windows\Favorites
2012-01-01 00:13 . 2012-01-07 06:43 -------- d-----w- c:\program files\Brother
2011-12-27 03:18 . 2012-01-01 06:40 -------- d-----w- c:\windows\SxsCaPendDel
2011-12-27 03:02 . 2011-12-27 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2011-12-27 03:01 . 2011-12-27 03:21 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2011-12-27 03:01 . 2011-12-27 03:01 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-12-26 22:37 . 2011-12-26 22:42 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\HpUpdate
2011-12-26 22:37 . 2011-12-26 22:37 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-26 01:35 . 2012-01-02 05:46 -------- d-----w- c:\program files\Google
2011-12-25 21:57 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-12-25 21:57 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-12-25 14:19 . 2011-12-25 14:19 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\IsolatedStorage
2011-12-25 14:19 . 2011-12-25 14:19 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\HP
2011-12-25 14:13 . 2011-12-25 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 14:12 . 2011-12-25 14:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
2011-12-25 14:12 . 2011-12-25 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2011-12-25 14:12 . 2011-12-25 14:12 -------- d-----w- c:\program files\Common Files\HP
2011-12-25 14:04 . 2011-12-25 14:16 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\HP
2011-12-24 12:32 . 2011-12-24 12:32 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\ElevatedDiagnostics
2011-12-22 01:17 . 2011-12-22 01:17 -------- d-----w- C:\51ffea51ad657125d9e5
2011-12-21 00:29 . 2011-12-21 00:29 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-12-21 00:26 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-12-21 00:26 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-12-21 00:25 . 2004-09-29 20:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-12-21 00:25 . 2004-09-29 20:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-12-21 00:25 . 2004-09-29 20:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-12-21 00:25 . 2004-09-29 20:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-12-21 00:25 . 2004-09-29 20:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-12-21 00:25 . 2004-09-29 20:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2011-12-21 00:25 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-12-21 00:25 . 2011-12-26 22:37 -------- d-----w- c:\program files\HP
2011-12-21 00:24 . 2005-03-08 19:43 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-12-21 00:24 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-12-21 00:24 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-12-21 00:24 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2011-12-21 00:24 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2011-12-21 00:24 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2011-12-21 00:24 . 2005-03-08 19:39 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2011-12-21 00:24 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-12-21 00:24 . 2005-03-08 19:41 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2011-12-21 00:24 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2011-12-21 00:24 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2011-12-20 19:35 . 2011-12-27 01:11 -------- d-----w- c:\documents and settings\Bo Crunch\Application Data\Autodesk
2011-12-20 19:35 . 2011-12-27 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2011-12-20 19:35 . 2011-12-20 19:42 -------- d-----w- c:\program files\AutoCAD 2010
2011-12-20 19:35 . 2011-12-20 19:35 -------- d-----w- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Autodesk
2011-12-20 19:34 . 2008-03-05 23:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-12-20 19:34 . 2008-02-06 07:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-12-20 19:34 . 2008-03-05 23:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-12-20 19:34 . 2011-12-20 19:34 -------- d-----w- c:\windows\Logs
2011-12-20 19:33 . 2011-12-20 19:42 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-12-20 19:33 . 2011-12-20 19:33 -------- d-----w- c:\program files\Autodesk
2011-12-20 19:23 . 2011-12-20 19:23 -------- d-----w- C:\Autodesk
2011-12-20 19:22 . 2011-12-20 19:22 -------- d-----w- c:\windows\system32\KB905474
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2011-11-24 16:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 00:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-03 23:17 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 00:56 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 10:26 . 2011-10-23 10:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 13:12 . 2004-08-17 00:49 256192 ------w- c:\windows\winhelp.exe
2011-11-04 19:20 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-08-04 00:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 00:56 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-03 22:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 00:56 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 00:56 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 00:56 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 03:16 . 2011-10-31 03:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-31 03:16 . 2011-10-31 03:16 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-10-28 05:31 . 2004-08-04 00:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-03 23:18 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 04:10 . 2011-10-25 04:10 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-10-23 16:06 . 2011-10-23 07:58 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-23 16:06 . 2011-10-23 07:58 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-18 11:13 . 2004-08-04 00:56 186880 -c--a-w- c:\windows\system32\encdec.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-14_02.30.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-15 04:43 . 2012-01-15 04:43 16384 c:\windows\Temp\Perflib_Perfdata_164.dat
+ 2012-01-15 04:40 . 2012-01-15 04:40 16384 c:\windows\Temp\Perflib_Perfdata_134.dat
+ 2004-08-17 00:49 . 2012-01-14 02:33 72278 c:\windows\system32\perfc009.dat
+ 2004-08-17 00:49 . 2012-01-14 02:33 444020 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Multi Reminders"="c:\program files\Multi Reminders\reminder.exe" [2009-09-25 229376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\documents and settings\Bo Crunch\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2011-11-3 4657048]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-29 02:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-29 01:14 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/4/2012 9:39 PM 14776]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [10/23/2011 8:06 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [10/23/2011 8:06 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 6:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [10/23/2011 8:06 AM 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [12/17/2011 9:13 AM 63048]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [10/23/2011 8:06 AM 130008]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [1/11/2012 6:12 PM 439632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/30/2011 1:48 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120113.002\IDSXpx86.sys [1/13/2012 5:02 PM 356280]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2011 5:36 PM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2011 5:36 PM 136176]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\drivers\PTQHBUS.sys [10/24/2011 8:14 PM 55056]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\drivers\PTQHMDM.sys [10/24/2011 8:14 PM 161040]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\drivers\PTQHVSP.sys [10/24/2011 8:14 PM 161040]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-15 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-10-25 22:24]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-26 01:35]
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-920026266-725345543-1004Core.job
- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-29 20:32]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-920026266-725345543-1004UA.job
- c:\documents and settings\Bo Crunch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-29 20:32]
.
2011-10-23 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2010-07-21 23:52]
.
2012-01-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-12-20 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dogpile.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-15 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-920026266-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\WININET.dll
c:\program files\Norton Security Suite\Engine\5.1.0.29\Microsoft.VC90.CRT\MSVCR90.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-15 20:16:17
ComboFix-quarantined-files.txt 2012-01-16 04:16
ComboFix2.txt 2012-01-14 19:09
ComboFix3.txt 2012-01-14 02:34
.
Pre-Run: 89,335,898,112 bytes free
Post-Run: 89,318,920,192 bytes free
.
- - End Of File - - 62F37EB547FBA13187494D0A5389223D
I thought it was supposed to do that!!!

#12 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 January 2012 - 05:41 PM

Hi bocrunch,

Thanks for posting that log and letting me know how your system is running. :)
------------

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
----------
Posted Image
 
 

#13 bocrunch

bocrunch

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 16 January 2012 - 09:21 PM

Here are the logs you requested from OTL.... Thank you for your time.....


OTL logfile created on: 1/16/2012 6:55:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bo Crunch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 475.85 Mb Available Physical Memory | 46.49% Memory free
3.90 Gb Paging File | 3.50 Gb Available in Paging File | 89.55% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 95.61 Gb Free Space | 83.51% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 11.85 Gb Free Space | 15.90% Space Free | Partition Type: NTFS

Computer Name: GROUNDSCORE | User Name: Bo Crunch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bo Crunch\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
PRC - C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Bo Crunch\Local Settings\temp\sfamcc00001.dll ()
MOD - C:\Documents and Settings\Bo Crunch\Local Settings\temp\sfareca00001.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Trend Micro\RUBotted\hc_help.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (IDVaultSvc) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (RUBotSrv) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (Trend Micro Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (StkASSrv) -- C:\WINDOWS\system32\StkASv2K.exe (Syntek America Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120116.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120116.002\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120113.002\IDSXpx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (PTQHVSP) PANTECH HSUSB Diagnostic Serial Port(MSM6290) -- C:\WINDOWS\system32\drivers\PTQHVSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTQHMDM) PANTECH HSUSB Modem(MSM6290) -- C:\WINDOWS\system32\drivers\PTQHMDM.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTQHBUS) PANTECH Handset HSUSB Composite Device(MSM6290) -- C:\WINDOWS\system32\drivers\PTQHBUS.sys (DEVGURU Co., LTD.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (StkAMini) -- C:\WINDOWS\system32\drivers\StkAMini.sys (Syntek America Inc.)
DRV - (StkScan) -- C:\WINDOWS\system32\drivers\StkScan.sys (Syntek America Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (IdeChnDr) Intel® -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys (Intel Corporation)
DRV - (IdeBusDr) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys (Intel Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 5B 1F 87 F0 D2 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/23 09:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/10/23 08:06:22 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Dogpile (Enabled)
CHR - default_search_provider: search_url = http://www.dogpile.c...y={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/14 11:07:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Multi Reminders] C:\Program Files\Multi Reminders\reminder.exe ()
O4 - Startup: C:\Documents and Settings\Bo Crunch\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{981C3620-6F67-4AEE-AF5C-40EDFD946114}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) -C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/20 11:23:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/10/22 21:58:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/17 10:48:49 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 18:46:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bo Crunch\Desktop\OTL.exe
[2012/01/16 15:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Application Data\ieSpell
[2012/01/16 15:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2012/01/15 21:37:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/15 21:28:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/15 21:28:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/15 21:28:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/15 20:41:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bo Crunch\Recent
[2012/01/14 21:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/13 18:18:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/13 18:14:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/13 18:14:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/13 18:14:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/13 18:14:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/13 18:14:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/13 18:11:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/13 18:09:00 | 004,383,253 | R--- | C] (Swearware) -- C:\Documents and Settings\Bo Crunch\Desktop\ComboFix.exe
[2012/01/13 11:26:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Bo Crunch\Desktop\dds.com
[2012/01/12 19:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Desktop\PC Help
[2012/01/12 19:09:08 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Bo Crunch\Desktop\HiJackThis.exe
[2012/01/11 18:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2012/01/11 18:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Desktop\TMRBLog
[2012/01/11 18:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Desktop\log
[2012/01/11 18:14:56 | 008,570,384 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Bo Crunch\Desktop\RootkitBuster.exe
[2012/01/11 18:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2012/01/11 18:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/01/11 18:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro RUBotted
[2012/01/11 18:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/11 18:10:30 | 006,018,568 | ---- | C] (Trend Micro, Inc. ) -- C:\Documents and Settings\Bo Crunch\Desktop\RUBottedSetup.exe
[2012/01/11 17:11:19 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/01/11 17:11:17 | 000,065,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2012/01/11 16:26:53 | 002,562,040 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Bo Crunch\Desktop\NPE.exe
[2012/01/11 15:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Application Data\Tific
[2012/01/11 15:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Symantec
[2012/01/07 08:52:34 | 000,000,000 | -HSD | C] -- C:\Temporary Internet Files
[2012/01/06 22:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ID Vault
[2012/01/06 22:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Threat Expert
[2012/01/06 21:45:44 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/01/06 21:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/06 21:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/06 21:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Application Data\TestApp
[2012/01/04 21:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2012/01/01 21:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/12/31 22:37:39 | 000,532,240 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSEXCH35.DLL
[2011/12/31 22:37:35 | 000,169,984 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSLTUS35.DLL
[2011/12/31 22:37:32 | 000,254,976 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSEXCL35.DLL
[2011/12/31 22:37:28 | 000,166,912 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSTEXT35.DLL
[2011/12/31 22:37:25 | 000,253,952 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSPDOX35.DLL
[2011/12/31 22:37:21 | 000,290,816 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXBSE35.DLL
[2011/12/31 22:37:18 | 000,403,216 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSREPL35.DLL
[2011/12/31 22:37:11 | 000,251,664 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRD2X35.DLL
[2011/12/31 22:37:08 | 001,039,360 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJET35.DLL
[2011/12/31 22:37:05 | 000,037,136 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJINT35.DLL
[2011/12/31 22:37:04 | 000,024,336 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJTER35.DLL
[2011/12/31 22:30:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Favorites
[2011/12/31 16:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother P-touch
[2011/12/31 16:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2011/12/29 15:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\My Documents\Xmas
[2011/12/28 16:15:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/12/26 19:18:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/12/26 19:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Speedbit
[2011/12/26 19:01:35 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2011/12/26 19:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Accelerator
[2011/12/26 14:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Application Data\HpUpdate
[2011/12/26 14:37:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2011/12/25 17:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Application Data\Google
[2011/12/25 17:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/12/25 13:57:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/12/25 13:57:08 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/12/25 06:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\My Documents\My Albums
[2011/12/25 06:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\IsolatedStorage
[2011/12/25 06:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\HP
[2011/12/25 06:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/12/25 06:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2011/12/25 06:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2011/12/25 06:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/12/25 06:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/12/25 06:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Application Data\HP
[2011/12/24 04:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Application Data\ElevatedDiagnostics
[2011/12/24 04:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/12/24 04:31:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/12/24 04:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/12/21 17:17:15 | 000,000,000 | ---D | C] -- C:\51ffea51ad657125d9e5
[2011/12/20 16:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/12/20 16:26:35 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/12/20 16:25:44 | 000,278,584 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll
[2011/12/20 16:25:44 | 000,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2011/12/20 16:25:44 | 000,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2011/12/20 16:25:44 | 000,069,632 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2011/12/20 16:25:44 | 000,061,440 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2011/12/20 16:25:44 | 000,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2011/12/20 16:25:39 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/12/20 16:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/12/20 16:25:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/20 16:24:47 | 000,098,304 | ---- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2011/12/20 16:24:46 | 000,606,208 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl.dll
[2011/12/20 16:24:46 | 000,274,432 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll
[2011/12/20 16:24:46 | 000,258,122 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst08.dll
[2011/12/20 16:24:45 | 000,278,528 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpgwiamd.dll
[2011/12/20 16:24:23 | 000,139,345 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzlnt12.dll
[2011/12/20 16:24:22 | 000,393,216 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzcon12.dll
[2011/12/20 16:24:22 | 000,196,608 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzcoi12.dll
[2011/12/20 11:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\Autodesk
[2011/12/20 11:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo Crunch\Application Data\Autodesk
[2011/12/20 11:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/12/20 11:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2011/12/20 11:34:26 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/12/20 11:34:26 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/12/20 11:34:24 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/12/20 11:34:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/12/20 11:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2011/12/20 11:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/12/20 11:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/12/20 11:23:56 | 000,000,000 | ---D | C] -- C:\Autodesk
[2011/12/20 11:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2004/11/24 11:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 18:46:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bo Crunch\Desktop\OTL.exe
[2012/01/16 18:38:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-920026266-725345543-1004UA.job
[2012/01/16 17:48:29 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 17:47:57 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2012/01/16 17:47:56 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 17:47:56 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/01/16 17:47:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/16 17:47:50 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 17:37:08 | 000,065,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2012/01/16 15:41:48 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/16 10:08:26 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2012/01/16 08:55:28 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/01/15 13:38:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-920026266-725345543-1004Core.job
[2012/01/14 11:07:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/13 18:33:29 | 000,444,020 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 18:33:29 | 000,072,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/13 18:18:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/13 18:09:12 | 004,383,253 | R--- | M] (Swearware) -- C:\Documents and Settings\Bo Crunch\Desktop\ComboFix.exe
[2012/01/13 11:27:29 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Desktop\gmer.zip
[2012/01/13 11:26:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Bo Crunch\Desktop\dds.com
[2012/01/12 21:31:31 | 000,482,581 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\My Documents\sp-studio.cpt
[2012/01/12 19:09:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Bo Crunch\Desktop\HiJackThis.exe
[2012/01/11 18:11:34 | 004,104,900 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Desktop\RootkitBuster_5.00.1041.zip
[2012/01/11 18:10:39 | 006,018,568 | ---- | M] (Trend Micro, Inc. ) -- C:\Documents and Settings\Bo Crunch\Desktop\RUBottedSetup.exe
[2012/01/11 17:11:14 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/01/11 16:53:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/11 16:35:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/11 16:26:56 | 002,562,040 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Bo Crunch\Desktop\NPE.exe
[2012/01/07 00:24:05 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Start Menu\Programs\Startup\SpeedFan.lnk
[2012/01/06 23:08:48 | 000,374,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/06 21:46:47 | 000,649,638 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/06 13:29:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\housecall.guid.cache
[2012/01/06 13:17:43 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 12:44:08 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/06 12:44:07 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Desktop\Google Chrome.lnk
[2012/01/01 21:47:13 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/31 16:19:27 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\P-touch Update Software.lnk
[2011/12/31 16:18:50 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2011/12/31 16:14:14 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\P-touch Editor 5.0.lnk
[2011/12/30 12:50:03 | 000,001,263 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/12/29 23:10:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/12/27 12:01:15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/26 19:01:35 | 000,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2011/12/26 14:40:36 | 000,000,214 | ---- | M] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2011/12/26 14:40:21 | 000,000,217 | ---- | M] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2011/12/26 14:39:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2011/12/26 14:39:34 | 000,000,214 | ---- | M] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/12/26 14:38:49 | 000,000,221 | ---- | M] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/12/25 22:01:11 | 000,000,021 | ---- | M] () -- C:\WINDOWS\rgsavacam.rgk
[2011/12/25 06:19:02 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\fusioncache.dat
[2011/12/25 06:13:45 | 000,112,446 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2011/12/25 06:13:06 | 000,001,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2011/12/25 06:12:15 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2011/12/25 06:10:43 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/12/20 16:30:16 | 000,102,262 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
[2011/12/20 14:51:18 | 000,020,231 | ---- | M] () -- C:\Documents and Settings\Bo Crunch\My Documents\Auto Cad Activation.pdf
[2011/12/20 11:37:59 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
[2011/12/20 11:33:49 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Design Review.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/13 18:18:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/13 18:18:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/13 18:14:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/13 18:14:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/13 18:14:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/13 18:14:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/13 18:14:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/13 12:05:13 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Bo Crunch\Desktop\gmer.exe
[2012/01/13 11:27:27 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Bo Crunch\Desktop\gmer.zip
[2012/01/12 21:31:31 | 000,482,581 | ---- | C] () -- C:\Documents and Settings\Bo Crunch\My Documents\sp-studio.cpt
[2012/01/11 18:11:20 | 004,104,900 | ---- | C] () -- C:\Documents and Settings\Bo Crunch\Desktop\RootkitBuster_5.00.1041.zip
[2012/01/06 21:46:23 | 000,649,638 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/06 13:29:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\housecall.guid.cache
[2012/01/06 13:17:43 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/04 21:39:07 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2012/01/04 21:39:06 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/01/01 21:47:13 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/31 16:18:50 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\P-touch Update Software.lnk
[2011/12/31 16:18:50 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\Bo Crunch\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2011/12/31 16:14:14 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\P-touch Editor 5.0.lnk
[2011/12/26 14:40:36 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2011/12/26 14:40:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2011/12/26 14:39:38 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2011/12/26 14:39:34 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/12/26 14:38:49 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/12/25 17:36:12 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/25 06:19:02 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\fusioncache.dat
[2011/12/25 06:13:06 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2011/12/25 06:12:15 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2011/12/25 06:11:25 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/12/25 06:10:43 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/12/25 06:04:14 | 000,112,446 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/12/25 06:04:13 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2011/12/20 16:24:53 | 000,102,262 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/12/20 16:24:53 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/12/20 14:51:18 | 000,020,231 | ---- | C] () -- C:\Documents and Settings\Bo Crunch\My Documents\Auto Cad Activation.pdf
[2011/12/20 11:37:59 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
[2011/12/20 11:33:49 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Design Review.lnk
[2011/12/20 11:22:47 | 000,000,266 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/12/08 19:56:02 | 000,000,106 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/12/08 19:54:54 | 000,000,553 | ---- | C] () -- C:\WINDOWS\ASLPC.INI
[2011/11/30 21:01:08 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dat
[2011/11/13 14:11:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/02 16:54:34 | 000,084,616 | ---- | C] () -- C:\WINDOWS\StkUnist.exe
[2011/10/31 19:41:57 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2011/10/31 19:41:20 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2011/10/24 20:02:54 | 000,042,108 | ---- | C] () -- C:\WINDOWS\System32\fun_avutil.dll
[2011/10/24 20:02:53 | 003,566,434 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2011/10/24 20:02:53 | 000,827,392 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4System.dll
[2011/10/24 20:02:53 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\AMR.dll
[2011/10/24 20:02:53 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4Tools.dll
[2011/10/24 20:02:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4DSF.dll
[2011/10/24 20:02:53 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\EvrcDecDll.dll
[2011/10/24 20:02:53 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\AMRDSF.dll
[2011/10/23 22:03:49 | 001,157,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/23 02:03:43 | 000,007,696 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/23 00:54:36 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Bo Crunch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 22:00:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/22 21:55:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/22 14:41:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/22 14:39:59 | 000,374,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/20 10:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/12/19 07:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 09:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 09:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 09:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 09:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 08:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/11/02 08:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/09/22 10:30:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PTQL5F.DLL
[2006/01/10 05:00:00 | 000,000,110 | ---- | C] () -- C:\WINDOWS\Win_wpt_100_h_.dat
[2006/01/10 05:00:00 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\Sys_wpt_100_h_.dat
[2004/10/03 09:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/16 16:49:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/16 16:49:20 | 000,444,020 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/16 16:49:20 | 000,072,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/16 16:49:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/16 16:49:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/16 16:49:19 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/16 16:49:13 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/16 16:49:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/16 16:49:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/16 16:48:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 17:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 06:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/12/26 17:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/10/29 20:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/11/11 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011/10/22 23:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/12/26 19:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Speedbit
[2011/11/02 16:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/10/22 23:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2011/11/18 21:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Setup Pro
[2011/12/08 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/12/26 17:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\Autodesk
[2012/01/04 17:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\avidemux
[2011/12/08 21:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\Azureus
[2011/12/24 04:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\ElevatedDiagnostics
[2011/10/24 22:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\FinalMediaPlayer
[2011/10/22 23:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\ID Vault
[2012/01/16 15:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\ieSpell
[2011/11/08 18:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\ldw_data
[2011/11/15 22:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\MakeupGuide
[2011/10/23 21:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\SolwaySoftware
[2011/11/07 21:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\SystemRequirementsLab
[2012/01/06 21:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\TestApp
[2012/01/11 15:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\Tific
[2011/11/02 17:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\Ulead Systems
[2011/11/24 06:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\VSRevoGroup
[2011/11/18 21:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo Crunch\Application Data\X-Setup Pro
[2012/01/16 17:47:57 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job
[2012/01/16 17:47:56 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 54 bytes -> C:\Documents and Settings\Bo Crunch\ntuser.ini:l_encryption_d

< End of report >



OTL Extras logfile created on: 1/16/2012 6:55:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bo Crunch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 475.85 Mb Available Physical Memory | 46.49% Memory free
3.90 Gb Paging File | 3.50 Gb Available in Paging File | 89.55% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 95.61 Gb Free Space | 83.51% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 11.85 Gb Free Space | 15.90% Space Free | Partition Type: NTFS

Computer Name: GROUNDSCORE | User Name: Bo Crunch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{08BAC163-A5E8-4838-90A9-8C9343400579}" = Brother P-touch Update Software
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{175B2216-D8B0-46E3-9DF6-C26AE13DF43B}" = Brother P-touch Editor Label Collection - Event Planning [ENU]
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 30
"{2C4EFE5A-C7B6-4162-8A8B-F616B35B8E3C}" = Brother P-touch Editor Label Collection - Birthday Banners [ENU]
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC26D3D-3FA4-40C7-8957-FBC32289BB51}" = Pantech PCSuite
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B5FE75F-A999-45e7-AE6B-5B85E1DD0577}" = PANTECH Handset USB Driver V2
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{814DFF88-1736-4C0C-8296-E9DFCF91AC11}" = Brother P-touch Editor Label Collection - Sports Preparation [ENU]
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{939D460F-DFD7-45D1-A4B2-7418856250C0}" = Brother P-touch Editor Label Collection - Building-Facility [ENU]
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3F33D3-E2BC-4BAE-93AB-41700072F680}" = Pantech PCSuite
"{9C7AEE33-3558-4F35-A7C8-6C19F2D3D665}" = Brother P-touch Editor Label Collection - Package Shipping [ENU]
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE1DE490-DC58-4C7A-B6CA-D0D5DA2BABA1}" = Brother P-touch Editor Label Collection - Retail Store [ENU]
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C46EA53C-F04B-47C1-9D56-F944D6D78A78}" = Brother P-touch Editor Label Collection - Warning [ENU]
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EAC6F977-98A2-4E9C-8FC7-8BC9F92B8258}" = Brother P-touch Editor Label Collection - Celebration Banners [ENU]
"{F0808C84-16BF-44CB-AADA-B1E614C7F1FC}" = Brother P-touch Editor Label Collection - Enviro-Recycle [ENU]
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"AvaCam_is1" = AvaCam v3.2.0
"Cool Timer_is1" = Cool Timer 3.6
"Corel Uninstaller" = Corel Uninstaller
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FinalMediaPlayer_is1" = Final Media Player 2011
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ID Vault" = Constant Guard Protection Suite
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"IsoBuster_is1" = IsoBuster 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multi Reminders" = Multi Reminders 2.75
"N360" = Norton Security Suite
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Revo Uninstaller" = Revo Uninstaller 1.93
"SpeedFan" = SpeedFan (remove only)
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"Tweak UI 2.10" = Tweak UI
"UBCD4Win_is1" = UBCD4Win 3.60
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"xqdcXSP_is1" = XQDC X-Setup Pro 9.2.100

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2012 8:55:56 PM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/11/2012 10:02:18 PM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/11/2012 10:02:18 PM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/11/2012 11:16:35 PM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/11/2012 11:16:35 PM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/11/2012 11:22:28 PM | Computer Name = GROUNDSCORE | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Driver Tool\Driver Tool\DriverTool.exe .
Error code = 0x80131047

Error - 1/12/2012 12:47:37 AM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/12/2012 12:47:37 AM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/12/2012 4:52:45 AM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/12/2012 4:52:45 AM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

[ Application Events ]
Error - 1/11/2012 8:55:56 PM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/11/2012 10:02:18 PM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/11/2012 10:02:18 PM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/11/2012 11:16:35 PM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/11/2012 11:16:35 PM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/11/2012 11:22:28 PM | Computer Name = GROUNDSCORE | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Driver Tool\Driver Tool\DriverTool.exe .
Error code = 0x80131047

Error - 1/12/2012 12:47:37 AM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/12/2012 12:47:37 AM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/12/2012 4:52:45 AM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 1/12/2012 4:52:45 AM | Computer Name = GROUNDSCORE | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

[ System Events ]
Error - 1/16/2012 10:52:59 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:14 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:14 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:14 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

[ System Events ]
Error - 1/16/2012 10:52:59 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:14 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:14 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:14 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/16/2012 10:53:29 PM | Computer Name = GROUNDSCORE | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >
I thought it was supposed to do that!!!

#14 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 January 2012 - 12:56 PM

Hi bocrunch,

I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis

To submit a file to virustotal, please click VirusTotal

copy and paste the following into the upload a file box (one at a time if more than one file is listed)

C:\WINDOWS\ASLPC.INI
C:\WINDOWS\rgsavacam.rgk


scroll down a bit and click "send file", wait for the results and post them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------
Posted Image
 
 

#15 bocrunch

bocrunch

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 17 January 2012 - 02:20 PM

Here are the results from VirusTotal that you requested. I believe the ASLPC.INI is from my American Sign Language CD. The executable on the CD is named ASLPC.exe. The rgsavacam.rgk is from a small program called AvaCam that I downloaded from Freefiles.com, but I am not familiar with the "rgk" extension. Thanks again for all your help. ASLPC.INI SHA256: 249b3399b22ae5518961009548f7f744fe76d07d429730bbab3b814496f8dffe SHA1: ae5473bd8c48adac8dfdc01af2a651b5b3303ae0 MD5: 9977d6898799ba1782d06ccecd9c322d File size: 553 bytes ( 553 bytes ) File type: Text Detection ratio: 0 / 42 Analysis date: 2012-01-17 20:04:27 UTC ( 0 minutes ago ) ssdeep file piecewise hash 12:9da99+xu5XiNcXMwj4XBfGYHtNrB+93OaWBg658Dn:bajeQXFccaJx903ea TrID file type information Generic INI configuration (100.0%) First seen by VirusTotal 2012-01-17 20:04:27 UTC ( 1 minute ago ) Last seen by VirusTotal 2012-01-17 20:04:27 UTC ( 1 minute ago ) File names (max. 25) 1.C:\WINDOWS\ASLPC.INI rgsavacam.rgk SHA256: 71d590cf4d758a47f8249295eebeffcbeb8cf7aaa6c6f7ea34d7d3c71d1538ce SHA1: adda87c144f4387b5a712f54958021c8961262a6 MD5: 6a1dbe545ae5961f4e355a6d0b3e50d4 File size: 21 bytes ( 21 bytes ) File type: Text Detection ratio: 0 / 41 Analysis date: 2012-01-17 20:10:57 UTC ( 1 minute ago ) ssdeep file piecewise hash 3:QQSVKEU4vn:QQSL TrID file type information Unknown! First seen by VirusTotal 2012-01-17 20:10:57 UTC ( 1 minute ago ) Last seen by VirusTotal 2012-01-17 20:10:57 UTC ( 1 minute ago ) File names (max. 25) 1.C:\WINDOWS\rgsavacam.rgk

Edited by bocrunch, 17 January 2012 - 02:35 PM.

I thought it was supposed to do that!!!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users