Trojan.horse Generic 16

View previous topic View next topic Go down

Trojan.horse Generic 16

Post by Ramrod1290 on 16th May 2010, 11:06 pm

Description: Ok so AVG has detected this trojan.horse and i tried to remove it with Malwarebytes but seems to have failed. Everytime i start windows normally and im on my desktop "windows" says please activate your windows, i think this was a cause of a Hijacker so here is the OTL Log please help.

OTL logfile created on: 5/16/2010 3:52:00 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 17.27 Gb Free Space | 24.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 116.41 Gb Free Space | 49.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FEDSBABY
Current User Name: Leo
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/16 15:51:33 | 000,571,392 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/04/09 15:21:56 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/05 11:51:51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\avgchsvx.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/16 15:51:33 | 000,571,392 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WUSB54GSSVC)
SRV - [2010/04/05 11:52:12 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- F:\Program Files\AVG\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/06 23:56:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/27 11:32:00 | 000,467,028 | ---- | M] (Atheros) [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/03/07 12:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/17 06:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/05/14 19:47:34 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/05 11:52:25 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/05 11:51:58 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/03/27 10:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/12 03:38:00 | 000,421,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WNDA31.sys -- (WNDA3100)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/08/28 21:46:02 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2007/08/28 17:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/02/25 09:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 13:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/08/25 18:05:24 | 000,176,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/06/17 11:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2005/06/14 21:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/12/31 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/09/29 00:02:00 | 000,016,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb2.sys -- (Jukebox)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/05/26 12:54:02 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: F:\Program Files/AVG\Firefox [2010/05/15 12:55:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 15:22:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 20:02:26 | 000,000,000 | ---D | M]

[2009/04/09 09:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Mozilla\Extensions
[2009/03/06 22:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/14 19:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\o0blv0ci.default\extensions
[2010/04/05 13:03:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\o0blv0ci.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/14 19:56:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/03/26 18:22:56 | 000,303,846 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10468 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CSolidBrowserObj Object) - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll (Solid State Networks)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] F:\Program Files\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [dqeimjky] C:\Documents and Settings\Leo\Application Data\yskqw7mm.exe File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [Steam] f:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Leo\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} [You must be registered and logged in to see this link.] (Liquid.LiquidHelper)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} [You must be registered and logged in to see this link.] (CSolidBrowserObj Object)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Leo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 03:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: aawservice - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - File not found
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dmadmin - File not found
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - Solid State ION Internet Explorer Plugin
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.wmv3 - C:\Program Files\Combined Community Codec Pack\Filters\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Ramrod1290
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-03-24
Gender Gender : Male
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Ramrod1290 on 16th May 2010, 11:06 pm

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/15 23:22:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Leo\Recent
[2010/05/15 17:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/15 17:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/09 11:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leo\My Documents\StarCraft II Beta
[2010/05/09 09:55:57 | 000,000,000 | ---D | C] -- C:\StarCraft II Beta enUS 13891 Installer
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/16 15:49:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/16 15:48:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/16 15:47:40 | 021,757,952 | -H-- | M] () -- C:\Documents and Settings\Leo\NTUSER.DAT
[2010/05/16 15:47:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/16 15:46:57 | 000,002,219 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\HiJackThis.lnk
[2010/05/16 15:45:33 | 060,054,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/16 15:40:05 | 000,208,135 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/16 10:58:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Leo\ntuser.ini
[2010/05/15 21:18:57 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/14 21:48:58 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\DDO Unlimited.lnk
[2010/05/14 20:43:27 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\Leo\.recently-used.xbel
[2010/05/14 19:47:34 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/14 19:41:49 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/05/09 11:04:07 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/16 15:43:56 | 000,002,219 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\HiJackThis.lnk
[2010/05/14 21:48:58 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\DDO Unlimited.lnk
[2010/05/14 20:43:27 | 000,001,029 | ---- | C] () -- C:\Documents and Settings\Leo\.recently-used.xbel
[2010/05/09 11:00:00 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/09/22 17:47:43 | 000,000,316 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/05/21 15:31:19 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/06 18:46:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2009/01/06 18:43:27 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2009/01/06 18:43:18 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2009/01/06 18:43:18 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2009/01/06 18:43:18 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/02 20:16:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 20:16:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 20:16:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 20:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 20:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/02/27 11:26:00 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/01/22 13:41:26 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/10 17:29:52 | 000,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2007/10/25 19:02:54 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/12/21 20:05:29 | 000,299,923 | ---- | C] () -- C:\WINDOWS\System32\drivers\sonyhcs.sys
[2006/12/21 20:05:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SONYHCY.DLL
[2006/12/21 20:05:29 | 000,038,739 | ---- | C] () -- C:\WINDOWS\System32\drivers\sonyhcc.sys
[2006/12/21 20:05:29 | 000,006,097 | ---- | C] () -- C:\WINDOWS\System32\drivers\sonyhcb.sys
[2006/12/21 20:05:29 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/01/29 10:57:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS21.DLL
[2006/01/19 13:32:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/01/18 15:38:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/18 15:32:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/01/18 15:32:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/01/18 15:32:04 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/01/18 15:31:54 | 000,001,772 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2006/01/16 13:06:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/16 12:58:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/16 12:56:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2006/01/16 12:53:26 | 000,000,401 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/16 12:21:12 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/31 10:07:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cpascrrc6(2).dll
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2001/07/03 18:33:00 | 000,053,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\SONYHCY.DLL
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2001/11/05 07:23:14 | 000,006,097 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcb.sys
[2001/11/05 07:23:20 | 000,038,739 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcc.sys
[2001/11/05 07:23:52 | 000,299,923 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcs.sys

< %systemroot%\System32\config\*.sav >
[2005/08/16 03:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 03:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 03:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/10 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/10 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/06/09 09:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[2005/03/13 15:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.sys
[1996/04/03 12:33:26 | 000,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys
[2005/02/08 11:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2004/06/15 15:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys
[2004/08/10 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2007/08/28 21:46:02 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\jswscimd.sys
[2004/08/10 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/12/31 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2004/08/10 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 04:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 04:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 04:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 06:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\wsimd.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2001/07/03 18:39:00 | 000,003,654 | ---- | M] () -- C:\WINDOWS\system32\drivers\Sonyhcp.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/02 19:58:37 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/01/16 12:32:20 | 000,006,335 | RH-- | M] () -- C:\dell.sdr
[2007/04/27 13:09:10 | 000,000,061 | ---- | M] () -- C:\DVDPATH.TXT
[2009/03/12 18:47:59 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2009/03/12 18:48:27 | 000,011,273 | ---- | M] () -- C:\hijackthis.log
[2006/01/18 15:03:15 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/12/29 06:59:19 | 000,001,500 | -H-- | M] () -- C:\IPH.PH
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/19 10:51:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/16 15:48:10 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009/03/12 18:50:58 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2006/01/16 12:52:05 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2009/06/10 17:02:20 | 001,092,535 | ---- | M] () -- C:\TF2C2_final.png
[2007/02/15 18:14:51 | 000,002,005 | ---- | M] () -- C:\tracert.txt
[2009/04/30 19:42:16 | 000,037,056 | ---- | M] () -- C:\UPSShippingLabel.aspx.gif
[2006/03/24 23:15:24 | 000,066,027 | ---- | M] () -- C:\VETlog.dmp
[2006/03/24 23:15:24 | 000,001,805 | ---- | M] () -- C:\VETlog.txt
[2006/03/12 08:04:49 | 000,000,350 | ---- | M] () -- C:\_arm_errors.log

< %PROGRAMFILES%\*. >
[2009/03/07 00:05:20 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/22 21:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\Advanced Spyware Remover
[2009/04/09 10:10:58 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/01/20 07:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/10/29 08:35:06 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/09/22 17:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\Basic Webcam
[2009/10/27 18:38:59 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/03/31 09:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\Bucketizer
[2009/03/22 16:06:30 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/06/13 19:15:22 | 000,000,000 | ---D | M] -- C:\Program Files\Codemasters
[2009/03/31 09:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\Collector
[2006/02/26 11:22:53 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2010/04/05 11:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/08/16 03:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/03/31 09:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\Compressor
[2006/02/26 11:13:07 | 000,000,000 | ---D | M] -- C:\Program Files\CoreCodec
[2006/01/16 12:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2006/01/16 12:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2007/02/14 05:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/01/27 15:16:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/04/09 07:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2006/01/19 13:32:22 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2009/04/09 20:29:53 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2006/11/05 14:18:43 | 000,000,000 | ---D | M] -- C:\Program Files\Finale NotePad 2005a
[2006/08/30 18:20:14 | 000,000,000 | ---D | M] -- C:\Program Files\FreeHand Systems
[2010/03/06 15:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2008/10/14 15:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/01/16 13:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\GoogleAFE
[2008/11/22 20:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\Guild Wars
[2009/03/24 10:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2010/02/14 00:16:17 | 000,000,000 | ---D | M] -- C:\Program Files\IAHGames
[2007/11/24 20:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\Illustrate
[2010/01/17 16:45:32 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/01/16 12:49:06 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/04/05 23:46:44 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/01/16 12:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2010/02/14 10:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/04/05 11:58:03 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/03/10 21:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
[2009/03/26 15:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/17 08:35:25 | 000,000,000 | ---D | M] -- C:\Program Files\MaNGOS WOW Server
[2009/03/13 07:11:13 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2006/02/26 11:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\Media Player Classic
[2008/10/19 11:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/10/06 13:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/02/19 17:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 2006
[2009/04/22 07:49:03 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/11/13 16:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/02/02 20:49:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2006/01/18 18:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2006/01/16 12:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Location Finder
[2006/01/16 12:58:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2009/06/11 09:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/01/16 12:50:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2006/01/16 12:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/02/14 10:16:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/01/16 12:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets and Trips Essentials
[2009/10/14 21:06:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/01/16 12:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2006
[2006/01/16 12:49:00 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2006/01/16 12:49:12 | 000,000,000 | ---D | M] -- C:\Program Files\Modem On Hold
[2010/03/13 17:50:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/05/16 15:49:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/01/11 11:09:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/21 17:31:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2007/10/20 12:00:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/08/16 03:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/06/20 10:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/02/14 05:00:52 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2006/04/01 16:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\Musicnotes
[2009/10/12 18:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\NCSoft
[2009/03/22 10:33:11 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2008/10/19 10:53:40 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/16 07:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2007/10/20 12:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/09/03 16:19:08 | 000,000,000 | ---D | M] -- C:\Program Files\ooVoo
[2009/06/13 19:20:18 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2010/05/14 23:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/09/12 09:56:28 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/09/19 14:13:49 | 000,000,000 | ---D | M] -- C:\Program Files\PCFriendly
[2010/02/14 10:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/02/26 11:16:05 | 000,000,000 | ---D | M] -- C:\Program Files\Real Alternative
[2009/01/11 11:09:00 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/01/16 12:46:56 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2006/12/21 20:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/07/14 20:49:37 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2009/04/14 07:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/08 17:37:50 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/09/13 07:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Turbine
[2009/01/26 19:44:25 | 000,000,000 | ---D | M] -- C:\Program Files\tuxguitar-1.0-jet
[2009/04/08 17:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2007/02/28 14:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/11/25 11:30:29 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2006/01/16 12:54:42 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2006/11/30 15:12:02 | 000,000,000 | ---D | M] -- C:\Program Files\West Point Bridge Designer
[2009/03/21 17:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2009/10/06 13:55:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/04/17 15:56:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/12/14 17:50:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2009/03/27 08:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/03/27 08:06:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/10/19 10:53:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/08/16 03:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/08/16 03:40:46 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/05/15 12:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/04/16 09:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2005/08/16 03:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/02/26 11:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\XviD

< %appdata%\*.* >
[2005/08/16 03:33:26 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Leo\Application Data\desktop.ini
[2008/01/28 19:11:21 | 000,075,680 | ---- | M] () -- C:\Documents and Settings\Leo\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/15 23:29:37 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Leo\Application Data\PnkBstrK.sys
[2009/03/29 19:27:40 | 000,007,428 | ---- | M] () -- C:\Documents and Settings\Leo\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/19 10:46:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/19 10:46:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/19 10:46:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/19 10:46:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/10/19 10:46:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/10/19 10:46:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/10 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 11:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\drivers\storage\sata\onboard\iastor.sys
[2005/06/17 11:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\i386\iaStor.sys
[2005/06/17 11:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/10/19 10:46:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/10/19 10:46:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 21:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-15 06:36:57

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Ramrod1290
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-03-24
Gender Gender : Male
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Ramrod1290 on 16th May 2010, 11:07 pm

Extras

OTL Extras logfile created on: 5/16/2010 3:52:00 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 17.27 Gb Free Space | 24.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 116.41 Gb Free Space | 49.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FEDSBABY
Current User Name: Leo
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57902:TCP" = 57902:TCP:*:Enabled:Pando Media Booster
"57902:UDP" = 57902:UDP:*:Enabled:Pando Media Booster
"58962:TCP" = 58962:TCP:*:Enabled:Pando Media Booster
"58962:UDP" = 58962:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"57902:TCP" = 57902:TCP:*:Enabled:Pando Media Booster
"57902:UDP" = 57902:UDP:*:Enabled:Pando Media Booster
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"58962:TCP" = 58962:TCP:*:Enabled:Pando Media Booster
"58962:UDP" = 58962:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\svcho.exe" = C:\WINDOWS\svcho.exe:*:Disabled:enable -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Steam\steamapps\knightni94\day of defeat source\hl2.exe" = C:\Program Files\Steam\steamapps\knightni94\day of defeat source\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:left4dead -- File not found
"F:\Program Files\Ventrilo\Ventrilo.exe" = F:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"F:\Program Files\Steam\steamapps\princeten91\team fortress 2\hl2.exe" = F:\Program Files\Steam\steamapps\princeten91\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"F:\Program Files\Steam\steamapps\princeten91\day of defeat\hl.exe" = F:\Program Files\Steam\steamapps\princeten91\day of defeat\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"F:\Program Files\Steam\steamapps\knightni94\day of defeat source\hl2.exe" = F:\Program Files\Steam\steamapps\knightni94\day of defeat source\hl2.exe:*:Enabled:hl2 -- ()
"F:\Program Files\Steam\steamapps\princeten91\day of defeat source\hl2.exe" = F:\Program Files\Steam\steamapps\princeten91\day of defeat source\hl2.exe:*:Enabled:hl2 -- File not found
"F:\Program Files\NFS Undercover\nfs.exe" = F:\Program Files\NFS Undercover\nfs.exe:*:Enabled:Need for Speed Undercover -- (Electronic Arts)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"F:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe" = F:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe:*:Enabled:Street Fighter IV -- (CAPCOM U.S.A., INC.)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient -- File not found
"F:\Program Files\LimeWire\LimeWire.exe" = F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"F:\Program Files\Steam\steam.exe" = F:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"F:\Program Files\Steam\steamapps\common\street fighter iv\StreetFighterIV.exe" = F:\Program Files\Steam\steamapps\common\street fighter iv\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"F:\Program Files\World of Warcraft\Launcher.exe" = F:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"F:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = F:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = F:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = F:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = F:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files\AVG\avgupd.exe" = F:\Program Files\AVG\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\avgnsx.exe" = F:\Program Files\AVG\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = F:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"F:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10522-enUS-ptr-downloader.exe" = F:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10522-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe" = F:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files\World of Warcraft Public Test\Launcher.exe" = F:\Program Files\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"F:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe" = F:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe" = F:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files\World of Warcraft\BackgroundDownloader.exe" = F:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = F:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"F:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = F:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"F:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = F:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"F:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = F:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"F:\Program Files\Steam\steamapps\princeten91\source sdk base\hl2.exe" = F:\Program Files\Steam\steamapps\princeten91\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Documents and Settings\Leo\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\Leo\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)
"F:\Program Files\StarCraft II Beta\StarCraft II.exe" = F:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"F:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe" = F:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II -- (THQ Canada Inc.)
"F:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = F:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"F:\Program Files\StarCraft II Beta\Versions\Base15343\SC2.exe" = F:\Program Files\StarCraft II Beta\Versions\Base15343\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:\Documents and Settings\Leo\Local Settings\Apps\2.0\8LXECT13.5J2\0NZ4JW9K.920\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\Leo\Local Settings\Apps\2.0\8LXECT13.5J2\0NZ4JW9K.920\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 19
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2}" = Basic Webcam
"{385FFF30-5DB3-4C18-B1F9-D7793D1B9A0B}" = WNDA3100
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12A198C-E751-4729-839A-8FA07CF941C1}_is1" = Dragonica
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed Undercover
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online : Eberron Unlimited v01.11.00.812
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack" = Combined Community Codec Pack 2006-01-18 (Remove Only)
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Finale NotePad 2005a" = Finale NotePad 2005a
"GoldWave v5.20" = GoldWave v5.20
"Guild Wars" = Guild Wars
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2}" = Basic Webcam
"InstallShield_{385FFF30-5DB3-4C18-B1F9-D7793D1B9A0B}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"KSignAccessToolkit" = KSignAccessToolkit v1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Musicnotes Player_is1" = Musicnotes Player V1.22.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PCFriendly" = PCFriendly
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"PROSet" = Intel(R) PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.43
"Revo Uninstaller" = Revo Uninstaller 1.83
"SolidStateIONIE" = Solid State ION Internet Explorer Plugin
"SpeedFan" = SpeedFan (remove only)
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 1250" = Killing Floor
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 21660" = Street Fighter IV
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"The Core Media Player" = The Core Media Player 4.0
"TuxGuitar_0" = TuxGuitar 1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"West_Point_Bridge_Designer_4.0.8" = West Point Bridge Designer 4.1.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"World of Warcraft" = World of Warcraft
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"GameRanger" = GameRanger
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2010 3:46:54 AM | Computer Name = FEDSBABY | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module materialsystem.dll,
version 0.0.0.0, fault address 0x00050c63.

Error - 4/6/2010 10:58:19 PM | Computer Name = FEDSBABY | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module xfcodec.dll, version 1.0.0.29580, fault address 0x00005df2.

Error - 4/6/2010 10:58:24 PM | Computer Name = FEDSBABY | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 4/10/2010 4:09:23 PM | Computer Name = FEDSBABY | Source = Application Error | ID = 1000
Description = Faulting application starcraft.exe, version 1.16.1.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 4/10/2010 4:10:55 PM | Computer Name = FEDSBABY | Source = Application Error | ID = 1000
Description = Faulting application starcraft.exe, version 1.16.1.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 4/10/2010 9:04:30 PM | Computer Name = FEDSBABY | Source = Application Error | ID = 1000
Description = Faulting application starcraft.exe, version 1.16.1.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 5/15/2010 7:00:19 PM | Computer Name = FEDSBABY | Source = Application Error | ID = 1000
Description = Faulting application 7d68192b.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00160df8.

Error - 5/15/2010 7:06:18 PM | Computer Name = FEDSBABY | Source = Application Error | ID = 1000
Description = Faulting application veltedw.exe, version 54.13.0.88, faulting module
unknown, version 0.0.0.0, fault address 0x001534d8.

Error - 5/15/2010 8:10:24 PM | Computer Name = FEDSBABY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 5/15/2010 8:10:24 PM | Computer Name = FEDSBABY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 5/16/2010 2:01:06 PM | Computer Name = FEDSBABY | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 5/16/2010 2:01:06 PM | Computer Name = FEDSBABY | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 5/16/2010 2:01:06 PM | Computer Name = FEDSBABY | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/16/2010 2:01:06 PM | Computer Name = FEDSBABY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 5/16/2010 2:03:28 PM | Computer Name = FEDSBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/16/2010 2:03:35 PM | Computer Name = FEDSBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2010 6:02:08 PM | Computer Name = FEDSBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/16/2010 6:02:14 PM | Computer Name = FEDSBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2010 6:49:01 PM | Computer Name = FEDSBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2010 6:49:59 PM | Computer Name = FEDSBABY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm


< End of report >

Ramrod1290
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-03-24
Gender Gender : Male
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Belahzur on 17th May 2010, 9:43 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKCU..\Run: [dqeimjky] C:\Documents and Settings\Leo\Application Data\yskqw7mm.exe File not found



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Ramrod1290 on 19th May 2010, 10:23 pm

Hello sorry i have not replied but i wont be able to access my computer till this Saturday.

Ramrod1290
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-03-24
Gender Gender : Male
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Belahzur on 19th May 2010, 10:51 pm

Okay.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Ramrod1290 on 23rd May 2010, 2:14 am

Alright im back here is the notepad.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dqeimjky deleted successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05222010_191358

Ramrod1290
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-03-24
Gender Gender : Male
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Belahzur on 23rd May 2010, 1:56 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Ramrod1290 on 23rd May 2010, 4:05 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/23/2010 9:05:11 AM
mbam-log-2010-05-23 (09-05-11).txt

Scan type: Quick scan
Objects scanned: 131801
Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ramrod1290
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-03-24
Gender Gender : Male
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Belahzur on 23rd May 2010, 11:09 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Ramrod1290 on 29th May 2010, 5:17 am

ComboFix 10-05-28.02 - Leo 05/28/2010 22:00:55.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2764 [GMT -7:00]
Running from: c:\documents and settings\Leo\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Leo\Start Menu\Programs\RebirthRO Full Client
c:\windows\RebirthRO Full Client
c:\windows\system32\Corel Photo Album 6(2).scr

Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-16 22:43 . 2010-05-16 22:43 388096 ----a-r- c:\documents and settings\Leo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-16 18:03 . 2010-05-16 18:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-15 02:47 . 2010-05-15 02:47 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-05-15 02:46 . 2010-05-15 02:46 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-05-09 16:55 . 2010-05-09 17:53 -------- d-----w- C:\StarCraft II Beta enUS 13891 Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 15:45 . 2009-03-26 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 04:18 . 2006-03-04 16:28 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-15 03:43 . 2010-03-06 22:43 -------- d-----w- c:\documents and settings\Leo\Application Data\gtk-2.0
2010-05-15 03:02 . 2009-09-12 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-05-15 02:47 . 2009-04-01 01:56 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-09 18:04 . 2009-10-10 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-09 18:04 . 2009-04-16 16:43 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-29 22:39 . 2009-03-26 22:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-03-26 22:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 00:29 . 2010-04-10 00:29 -------- d-----w- c:\documents and settings\Leo\Application Data\GameRanger
2010-04-09 00:17 . 2010-04-09 00:17 1220272 ----a-w- c:\documents and settings\Leo\Application Data\GameRanger\GameRanger\GameRanger.exe
2010-04-07 02:58 . 2009-12-03 05:04 -------- d-----w- c:\documents and settings\Leo\Application Data\vlc
2010-04-05 18:58 . 2010-04-05 18:58 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 18:58 . 2010-04-05 18:58 61440 ----a-w- c:\documents and settings\Leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-484ba77e-n\decora-sse.dll
2010-04-05 18:58 . 2010-04-05 18:58 503808 ----a-w- c:\documents and settings\Leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-37fef06e-n\msvcp71.dll
2010-04-05 18:58 . 2010-04-05 18:58 499712 ----a-w- c:\documents and settings\Leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-37fef06e-n\jmc.dll
2010-04-05 18:58 . 2010-04-05 18:58 348160 ----a-w- c:\documents and settings\Leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-37fef06e-n\msvcr71.dll
2010-04-05 18:58 . 2010-04-05 18:58 12800 ----a-w- c:\documents and settings\Leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-484ba77e-n\decora-d3d.dll
2010-04-05 18:58 . 2006-01-16 19:43 -------- d-----w- c:\program files\Java
2010-04-05 18:52 . 2010-04-05 18:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-05 18:52 . 2009-04-01 01:55 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-05 18:51 . 2009-04-01 01:55 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2005-08-16 10:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:28 . 2008-12-09 01:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 21:50 . 2010-02-13 23:54 210968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-24 22:13 . 2009-03-24 22:13 0 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe.bak
2007-12-11 08:33 . 2007-12-11 08:33 8258600 ----a-w- c:\program files\Microsoft.mshtml.dll
2007-12-11 08:33 . 2007-12-11 08:33 3188264 ----a-w- c:\program files\winsat.exe
2007-12-11 08:33 . 2007-12-11 08:33 2167848 ----a-w- c:\program files\VistaUpgradeAdvisor.exe
2007-12-11 08:32 . 2007-12-11 08:32 101928 ----a-w- c:\program files\QueryAppBlock.exe
2007-12-11 08:32 . 2007-12-11 08:32 28712 ----a-w- c:\program files\Transporter.dll
2007-11-29 17:31 . 2007-11-29 17:31 357 ----a-w- c:\program files\VistaUpgradeAdvisor.exe.config
2007-07-09 23:08 . 2007-07-09 23:08 18574 ----a-w- c:\program files\privacy.rtf
2007-07-09 23:08 . 2007-07-09 23:08 3215724 ----a-w- c:\program files\sysmain.sdb
2007-07-09 23:08 . 2007-07-09 23:08 150692 ----a-w- c:\program files\EULA.RTF
2007-07-09 23:08 . 2007-07-09 23:08 81968 ----a-w- c:\program files\drvmain.sdb
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\program files\steam\steam.exe" [2010-05-09 1238352]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\documents and settings\Leo\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-13 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-05 18:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"f:\\Program Files\\Steam\\steamapps\\princeten91\\day of defeat\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\Steam\\steamapps\\knightni94\\day of defeat source\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\NFS Undercover\\nfs.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\street fighter iv\\SF4Launcher.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"f:\\Program Files\\Steam\\steam.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\street fighter iv\\StreetFighterIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\World of Warcraft\\Launcher.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\AVG\\avgupd.exe"=
"f:\\Program Files\\AVG\\avgnsx.exe"=
"f:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
"f:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"=
"f:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=
"f:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"=
"f:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"f:\\Program Files\\Steam\\steamapps\\princeten91\\source sdk base\\hl2.exe"=
"c:\\Documents and Settings\\Leo\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"f:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\Program Files\\StarCraft II Beta\\Versions\\Base15343\\SC2.exe"=
"c:\\Documents and Settings\\Leo\\Local Settings\\Apps\\2.0\\8LXECT13.5J2\\0NZ4JW9K.920\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"57902:TCP"= 57902:TCP:Pando Media Booster
"57902:UDP"= 57902:UDP:Pando Media Booster
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58962:TCP"= 58962:TCP:Pando Media Booster
"58962:UDP"= 58962:UDP:Pando Media Booster

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/31/2009 6:56 PM 242896]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [8/28/2007 9:46 PM 57344]
S0 luqic;luqic;c:\windows\system32\drivers\fowq.sys --> c:\windows\system32\drivers\fowq.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/31/2009 6:55 PM 216200]
S2 avg9wd;AVG Free WatchDog;f:\program files\AVG\avgwdsvc.exe [4/5/2010 11:52 AM 308064]
S2 WUSB54GSSVC;WUSB54GSSVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [1/18/2006 3:32 PM 41025]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S3 PAC207;Basic Webcam;c:\windows\system32\drivers\PFC027.SYS [2/13/2008 1:17 PM 618112]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [3/12/2008 3:38 AM 421376]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\o0blv0ci.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Leo\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: f:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: f:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: f:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlayNC Launcher - (no file)
SafeBoot-aawservice
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avg9wd]
"ImagePath"="\"f:\program files/avg\avgwdsvc.exe\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1920652245-1126393087-2562147551-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1920652245-1126393087-2562147551-1006\Software\SecuROM\License information*]
"datasecu"=hex:b4,07,cc,bd,1a,48,ee,ba,e5,bb,49,8a,75,c5,5f,21,e0,5d,58,b2,3e,
0f,56,d4,be,3a,6f,23,dc,f5,2e,d0,34,a9,34,a5,7a,fe,a5,a6,9f,30,6b,d1,60,f9,\
"rkeysecu"=hex:6a,db,59,dc,11,27,f6,c3,62,64,ec,18,fc,07,ee,92
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-28 22:15:04
ComboFix-quarantined-files.txt 2010-05-29 05:14

Pre-Run: 18,337,042,432 bytes free
Post-Run: 19,097,108,480 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3230E02066753114F89AE558EB0F7E3C

Ramrod1290
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-03-24
Gender Gender : Male
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Ramrod1290 on 29th May 2010, 5:17 am

Side note could not disable AVG cause i was in safe mode.

Ramrod1290
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-03-24
Gender Gender : Male
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Belahzur on 29th May 2010, 9:45 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Driver::
    luqic
    hitmanpro3
    XDva190
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Ramrod1290 on 30th May 2010, 2:06 am

Can't connect to the internet to post the log. Im in safe mode with networking and i know i have internet, but i cannot connect.

Ramrod1290
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-03-24
Gender Gender : Male
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.horse Generic 16

Post by Belahzur on 30th May 2010, 10:08 pm

Hmmm.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


Any internet connection now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum