Residual Malware Problem

View previous topic View next topic Go down

Residual Malware Problem

Post by Andriko on 4th July 2010, 12:07 am

Hi, I was infected with Malware Doctor the other day, and have followed the instructions on this site to run Malwarebyte, but I think I am still having problems.
The most noticable is that occasional I am redirected to the wrong website (displaying an advert), or even a new window will open (I am running firefox). Also, spybot search and destroy keeps finind some files and trojans which keep reappearing, the most noticable a change to the registry file which prevents system restore. I have scanned with AVG which picked up and dumped a few things, and I was getting resident shield messgaes warning about an svchost (I think) file, but these have now stopped.

OTL log:

OTL logfile created on: 04/07/2010 00:28:22 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Games
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 26.61 Gb Free Space | 18.73% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 3.53 Gb Free Space | 50.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDRIKO
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/04 00:10:30 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Games\OTL.exe
PRC - [2010/06/02 22:24:12 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 22:24:02 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 22:24:01 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 22:23:02 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 22:23:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/17 18:37:58 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 18:37:49 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/06/10 22:25:46 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/15 14:19:44 | 001,564,672 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
PRC - [2005/01/28 15:35:58 | 000,434,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2004/12/10 13:45:26 | 000,049,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2004/10/25 23:17:56 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/04 00:10:30 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Games\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/01/28 15:34:04 | 000,057,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2005/01/28 15:31:34 | 000,045,056 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\gamehook.dll
MOD - [2003/03/19 05:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/02/21 11:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/17 18:37:58 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 18:37:49 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2008/08/07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/05/31 15:36:49 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 22:24:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 22:24:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 18:37:48 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/15 08:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/09/15 08:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/09/15 08:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/15 08:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/02/01 16:17:12 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2008/02/01 16:17:06 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2007/12/18 13:41:10 | 000,273,280 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2005/07/04 08:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 21:16:26 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/08 06:44:36 | 001,235,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 19:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/09 22:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 19:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 05:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..network.proxy.autoconfig_url: "http://www.ntu.edu.sg/proxy.pac"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/03 14:37:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/10 22:26:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/22 23:54:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.12\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2010/04/01 20:20:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.12\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2010/07/04 00:08:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 22:52:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/04 00:09:13 | 000,000,000 | ---D | M]

[2009/03/23 21:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2009/03/23 21:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/07/04 00:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rho4tp3p.default\extensions
[2010/07/04 00:01:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rho4tp3p.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/10/15 15:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rho4tp3p.default\extensions\bkmrksync@nokia.com
[2010/04/11 18:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rho4tp3p.default\extensions\firefox@tvunetworks.com
[2010/03/20 17:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rho4tp3p.default\extensions\SkipScreen@SkipScreen
[2010/07/04 00:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 02:35:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/03/13 19:50:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 19:50:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 19:50:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/13 19:50:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/01 00:40:09 | 000,411,462 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14219 more lines...
O2 - BHO: (no name) - {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] Files\Monopoly\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/09 21:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{03d803de-82a4-11dd-9aba-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{03d803de-82a4-11dd-9aba-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/09/15 06:24:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "NtLmSsp"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "gusvc"
MsConfig - Services: "gupdate1c98fb7cb96dcfe"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe - (Sony Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Antimalware Doctor.lnk - C:\DOCUME~1\COMPAQ~1\APPLIC~1\FA0E2D~1\070700~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE - File not found
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: hpsysdrv - hkey= - key= - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: LSBWatcher - hkey= - key= - c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: mcexecwin - hkey= - key= - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\m4zaya.DLL File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Wfaregohe - hkey= - key= - C:\WINDOWS\tsvesem.DLL File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS [You must be registered and logged in to see this link.]
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (27601280910229504)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/04 00:08:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/04 00:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/07/04 00:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/04 00:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/04 00:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/01 02:37:23 | 000,000,000 | ---D | C] -- C:\JavaRa
[2010/07/01 02:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/01 02:35:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/01 02:35:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/01 02:35:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/01 02:35:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/01 02:29:38 | 000,922,400 | ---- | C] (Sun Microsystems, Inc.) -- C:\jre-6u20-windows-i586-iftw-rv.exe
[2010/07/01 01:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/07/01 01:34:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/01 01:34:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/01 01:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/01 01:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/01 01:32:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/07/01 00:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/01 00:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/30 00:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\cukepckky
[2010/06/14 19:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Sports Interactive
[2010/06/14 19:26:44 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010/06/14 19:26:44 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010/06/14 19:26:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010/06/14 19:26:43 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010/06/14 19:26:43 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010/06/14 19:26:43 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010/06/14 19:26:42 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/06/14 19:26:42 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/06/14 19:26:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010/06/14 19:26:41 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/06/14 19:26:40 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010/06/14 19:26:40 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010/06/14 19:26:40 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010/06/14 19:26:39 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010/06/11 21:51:51 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/08 00:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/06 00:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Traffic Simulator Configuration Tool
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/04 00:34:17 | 061,627,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/04 00:29:27 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\NTUSER.DAT
[2010/07/04 00:09:13 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/04 00:07:45 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/07/04 00:00:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/03 23:22:15 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 23:21:58 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Wartuzpl.job
[2010/07/03 23:20:39 | 000,001,217 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2010/07/03 23:20:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/03 23:20:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/03 23:20:25 | 1541,984,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/03 23:18:28 | 000,000,215 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/07/03 22:53:34 | 000,000,625 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/03 22:53:34 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/03 22:53:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/03 22:39:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/07/03 22:32:19 | 000,062,464 | RHS- | M] () -- C:\WINDOWS\System32\esentprf4.dll
[2010/07/03 00:10:16 | 003,199,886 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2010/07/02 02:34:45 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 01:59:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/01 02:37:13 | 000,071,798 | ---- | M] () -- C:\JavaRa.zip
[2010/07/01 02:29:37 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\jre-6u20-windows-i586-iftw-rv.exe
[2010/07/01 01:34:22 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/01 01:33:49 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/07/01 00:40:09 | 000,411,462 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/30 23:42:33 | 000,002,126 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/30 20:29:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/27 00:03:46 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/06/26 00:56:32 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI
[2010/06/25 23:18:35 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/23 01:04:49 | 000,503,420 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 01:04:49 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 01:04:49 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/14 19:24:50 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2010.lnk
[2010/06/13 14:06:45 | 000,220,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 22:25:00 | 000,050,196 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/08 01:07:09 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DivX Movies.lnk
[2010/06/08 01:06:18 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/08 01:05:16 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/04 00:09:13 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/04 00:07:45 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/07/03 23:20:25 | 1541,984,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/03 22:32:19 | 000,062,464 | RHS- | C] () -- C:\WINDOWS\System32\esentprf4.dll
[2010/07/03 22:32:19 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\Wartuzpl.job
[2010/07/01 02:37:14 | 000,071,798 | ---- | C] () -- C:\JavaRa.zip
[2010/07/01 01:34:22 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/30 23:42:33 | 000,002,126 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/14 19:24:50 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2010.lnk
[2010/06/08 01:06:18 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/08 01:05:16 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/02/22 18:29:13 | 000,013,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\string.ini
[2009/11/03 01:39:34 | 000,000,179 | ---- | C] () -- C:\WINDOWS\GPM2MICP.INI
[2009/08/23 02:18:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/08/18 23:51:57 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/18 23:51:55 | 002,102,272 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/08/18 23:51:54 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/18 23:51:54 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/18 23:51:53 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/18 23:51:53 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/02 20:41:38 | 000,001,217 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2009/02/17 02:57:40 | 000,000,094 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2008/12/01 00:14:07 | 000,000,144 | ---- | C] () -- C:\WINDOWS\PG3prefs.ini
[2007/06/06 17:18:11 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/05/31 15:36:49 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2006/04/03 17:53:33 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/02/11 19:12:37 | 000,001,360 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/18 22:17:55 | 000,000,328 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/12/30 15:37:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/03 19:34:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/03 19:12:42 | 000,015,783 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/09/03 19:12:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/09/03 19:05:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/03 19:05:27 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/03 19:05:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/03 19:05:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/03 19:05:27 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/03 19:05:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/03 19:03:29 | 000,000,215 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/03 18:45:20 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/03 18:41:39 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/09/03 18:41:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/09/03 18:41:17 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/07 21:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/09 23:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/06/25 03:10:06 | 000,000,573 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/07/03 22:32:19 | 000,062,464 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\esentprf4.dll
[2008/04/14 01:11:54 | 000,251,904 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/07/03 23:21:58 | 000,000,306 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\Wartuzpl.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/11/09 21:10:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/11/09 21:10:20 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/11/09 21:10:20 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2005/09/03 19:12:42 | 000,015,783 | ---- | M] () -- C:\WINDOWS\system32\CHODDI.SYS
[2004/08/04 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2010/07/03 23:20:39 | 000,001,217 | -HS- | M] () -- C:\WINDOWS\system32\mmf.sys
[2004/08/04 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 06:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2005/06/08 05:52:22 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2008/04/14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll



Andriko
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-07-01
OS OS : Windows XP
Points Points : 23666
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Andriko on 4th July 2010, 12:13 am

I seem to be having a problem posting the rest of the file. I keep getting a 'problem loading page screen' whenever I paste the rest of the log. May I upload the .txt files instead?

EDIT: Woudl this problem be related to some of the other Browser issues I am having at the moment? For example, the windows update page you guys link to in the 'read this' thread won't connect, not will it connect to the 'Hijackthis' untility download link. I have 'no proxy' option set for Firefox, as suggested somewhere else on this site.


Thanks for the help

Andriko
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-07-01
OS OS : Windows XP
Points Points : 23666
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Andriko on 4th July 2010, 2:28 pm

Ok, trying on a different computer:

< %systemroot%\system32\drivers\*.ini >
[2007/08/07 11:38:12 | 000,013,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\string.ini

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2005/09/03 19:18:03 | 000,000,104 | ---- | M] () -- C:\.lnk
[2006/09/26 18:22:40 | 014,833,664 | ---- | M] () -- C:\458.exe
[2009/10/13 23:04:21 | 000,088,030 | ---- | M] () -- C:\album-The-Mothers-of-Invention-Were-Only-in-It-for-the-Money.jpg
[2006/08/27 18:19:37 | 000,866,432 | ---- | M] () -- C:\AmericanGirls2004.mp3
[2007/03/23 15:48:03 | 000,129,536 | ---- | M] () -- C:\ANDREASDimitriCV.doc
[2009/01/15 01:08:53 | 000,031,134 | ---- | M] () -- C:\astrobot.cgi.htm
[2004/11/09 21:20:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/09/14 22:38:03 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/03 22:53:34 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/09 02:47:35 | 000,039,952 | ---- | M] () -- C:\casanova-2-sized.jpg
[2004/08/04 13:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2006/05/17 22:48:43 | 000,034,304 | ---- | M] () -- C:\confidential.doc
[2004/11/09 21:20:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/04/01 03:10:56 | 000,028,030 | ---- | M] () -- C:\contacts.csv
[2009/04/01 03:14:31 | 000,006,980 | ---- | M] () -- C:\contacts2.txt
[2007/08/14 13:02:56 | 000,035,147 | ---- | M] () -- C:\COPYING.txt
[2009/05/19 22:40:25 | 000,067,072 | ---- | M] () -- C:\covering letter.doc
[2009/09/26 20:08:36 | 000,025,600 | ---- | M] () -- C:\CV.doc
[2006/05/25 20:35:37 | 000,020,480 | ---- | M] () -- C:\DimitriAndreasBiography.doc
[2009/07/23 02:01:24 | 000,000,120 | ---- | M] () -- C:\drmHeader.bin
[2006/06/22 19:19:07 | 000,152,464 | ---- | M] () -- C:\DSC04550.JPG
[2009/03/26 19:44:07 | 000,652,187 | ---- | M] () -- C:\DWMS v.6 Final March09.celtx
[2008/09/26 22:49:17 | 000,483,296 | ---- | M] () -- C:\ggsetup.exe
[2010/07/03 23:20:25 | 1541,984,256 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/27 20:28:33 | 069,490,999 | ---- | M] () -- C:\HM3_Install.exe
[2006/02/08 16:54:11 | 006,594,596 | ---- | M] () -- C:\HushmailForOutlook-2.2.0.148-setup.exe
[2008/10/02 08:50:24 | 000,071,652 | ---- | M] () -- C:\Image002.jpg
[2006/09/05 21:41:02 | 000,035,095 | ---- | M] () -- C:\IMG006.JPG
[2009/04/14 16:03:27 | 000,398,776 | ---- | M] () -- C:\IMG_0014.jpg
[2009/04/14 16:03:33 | 000,255,888 | ---- | M] () -- C:\IMG_0015.jpg
[2009/04/24 19:12:26 | 000,512,240 | ---- | M] () -- C:\IMG_0019.jpg
[2006/04/03 17:53:34 | 000,001,120 | ---- | M] () -- C:\INSTALL.LOG
[2004/11/09 21:20:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/25 19:52:15 | 000,001,547 | ---- | M] () -- C:\iPhoneLinks.config
[2009/05/25 19:52:14 | 000,008,343 | ---- | M] () -- C:\iPhoneList.config
[2007/09/19 00:16:06 | 000,249,856 | ---- | M] (Computer Aces) -- C:\iPhoneList.exe
[2009/02/10 16:46:14 | 000,140,800 | ---- | M] () -- C:\I_Wanna_Be_Adored_Trailer_-_with_numbers.doc
[2010/07/01 02:38:19 | 000,011,249 | ---- | M] () -- C:\JavaRa.log
[2010/07/01 02:37:13 | 000,071,798 | ---- | M] () -- C:\JavaRa.zip
[2010/07/01 02:29:37 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\jre-6u20-windows-i586-iftw-rv.exe
[2006/06/22 19:19:07 | 000,136,305 | ---- | M] () -- C:\Lex.jpg
[2006/06/22 19:19:07 | 000,031,172 | ---- | M] () -- C:\Lexi0.JPG
[2006/04/30 14:49:27 | 000,002,785 | ---- | M] () -- C:\LGSInst.Log
[2007/09/19 00:16:05 | 000,032,768 | ---- | M] () -- C:\Manzana.dll
[2010/07/01 01:33:49 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2004/11/09 21:20:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/05/19 20:34:35 | 000,036,136 | ---- | M] () -- C:\my_cv.rtf
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/07 21:55:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/03 23:20:24 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/04/01 03:05:08 | 018,592,493 | R--- | M] () -- C:\Phone List.nbu
[2006/02/23 01:33:31 | 000,184,320 | ---- | M] () -- C:\PlayerHost.dll
[2010/02/19 17:15:47 | 000,051,852 | ---- | M] () -- C:\Poetry.zip
[2007/08/22 02:47:17 | 000,000,550 | ---- | M] () -- C:\README.txt
[2006/04/04 17:07:18 | 000,003,738 | ---- | M] () -- C:\roster.txt
[2006/09/12 00:22:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2006/09/12 00:29:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2006/09/15 02:37:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2006/09/28 01:49:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2006/11/12 01:35:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2006/09/12 00:22:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2006/09/12 00:29:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2006/09/15 02:37:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2006/09/28 01:49:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2006/11/12 01:35:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/13 02:08:07 | 000,000,000 | ---- | M] () -- C:\testwma.raw
[2005/12/31 21:15:23 | 000,000,165 | ---- | M] () -- C:\threatalerts.txt
[2006/11/28 21:59:14 | 000,274,634 | ---- | M] () -- C:\Toccata-and-Fugue-Dm.pdf
[2009/01/11 22:59:30 | 000,079,843 | ---- | M] () -- C:\trailordocx.docx
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2006/09/21 16:34:42 | 000,149,472 | ---- | M] () -- C:\xpquick.zip
[2008/10/17 04:43:03 | 000,173,208 | ---- | M] () -- C:\yuliapaphos.JPG

< %PROGRAMFILES%\*. >
[2010/07/04 00:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/09/12 01:57:06 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/02/13 02:35:16 | 000,000,000 | ---D | M] -- C:\Program Files\Ares
[2005/09/03 18:55:22 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/11/20 22:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/22 18:29:07 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2010/04/12 18:39:39 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2008/09/16 23:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\Black Isle
[2007/01/30 19:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\BlackIsle
[2010/04/01 20:16:33 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2006/11/14 17:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\BT Broadband 2091
[2009/11/26 20:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\Celtx
[2010/07/04 00:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/11/23 23:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/10/15 15:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/06/08 01:07:14 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/11/09 02:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.65
[2009/12/23 18:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.72
[2009/09/17 01:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\EA SPORTS
[2008/10/15 00:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2006/01/04 16:27:56 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/05/09 23:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/07/15 00:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
[2010/06/30 23:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/03/02 21:42:47 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2005/09/03 19:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2005/09/03 19:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2010/06/10 22:46:12 | 000,000,000 | ---D | M] -- C:\Program Files\ICQ7.1
[2010/05/13 02:03:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/30 23:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/09/03 19:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/01/30 22:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/09/10 20:13:10 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2010/04/01 20:23:56 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/04/01 20:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/07/01 02:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/08/06 22:18:19 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/08/18 23:51:54 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2006/03/02 21:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2006/08/29 19:29:38 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2006/08/29 19:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\LGGSM
[2009/02/13 03:00:01 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWireTurbo
[2006/04/06 16:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/06/01 22:39:10 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2010/06/01 22:35:32 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2010/07/01 01:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/15 22:09:49 | 000,000,000 | ---D | M] -- C:\Program Files\MapCreator 2
[2006/05/01 21:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2009/03/07 22:04:47 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/02/03 18:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/02/08 18:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/02/05 22:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/11/24 00:04:32 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2005/09/03 19:07:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/02/08 18:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2005/09/03 19:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/05/09 23:32:41 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/03/11 03:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/29 22:50:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2005/12/31 19:39:03 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla.org
[2008/09/26 23:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/11/24 00:04:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/11/24 00:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/02/16 18:26:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2006/11/18 01:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/09/26 22:57:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/03/07 21:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/02/27 13:53:02 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2010/07/04 00:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/01/25 20:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/02 20:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\ootp10setup
[2009/08/06 22:17:14 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.4
[2009/08/06 22:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2009/08/02 20:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Out of the Park Developments
[2010/05/12 02:06:59 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/09/07 21:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Paradox Entertainment
[2010/05/31 21:32:35 | 000,000,000 | ---D | M] -- C:\Program Files\Paradox Interactive
[2008/10/15 15:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2005/09/03 19:20:56 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2005/09/03 19:15:57 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2006/09/22 19:07:41 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2010/04/01 20:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/09/03 19:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/09/26 23:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/04/01 20:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/05/09 23:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2006/01/26 20:02:22 | 000,000,000 | ---D | M] -- C:\Program Files\Serif
[2009/02/13 01:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Shareaza Applications
[2006/01/18 22:18:04 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra On-Line
[2006/11/14 17:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sky Broadband
[2005/09/03 19:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2006/09/22 19:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2008/11/06 04:28:18 | 000,000,000 | ---D | M] -- C:\Program Files\Sports Interactive
[2010/07/01 00:33:40 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/03/09 20:23:34 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock
[2010/04/11 18:57:14 | 000,000,000 | ---D | M] -- C:\Program Files\StreamTorrent 1.0
[2008/09/20 16:18:48 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/10/04 18:29:13 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009/05/09 23:32:43 | 000,000,000 | ---D | M] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2006/02/15 20:11:31 | 000,000,000 | ---D | M] -- C:\Program Files\Teknia
[2010/06/06 00:10:28 | 000,000,000 | ---D | M] -- C:\Program Files\Traffic Simulator Configuration Tool
[2010/04/11 18:22:21 | 000,000,000 | ---D | M] -- C:\Program Files\TVAnts
[2010/04/12 17:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2004/11/23 23:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2009/06/10 22:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/05/28 01:19:04 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualFem
[2006/01/07 17:56:34 | 000,000,000 | ---D | M] -- C:\Program Files\WinAce
[2010/05/05 19:30:33 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/05/05 19:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2010/02/03 18:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/02/03 18:35:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/08/18 23:46:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/08/18 23:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/07 21:58:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/11/23 23:07:32 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2004/11/24 00:05:14 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2005/12/31 19:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/03/08 20:52:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2004/11/09 14:11:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\desktop.ini
[2009/02/27 03:19:41 | 001,889,898 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\NMM-MetaData.db
[2008/09/01 18:57:59 | 000,003,596 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\ViewerApp.dat
[2006/03/22 12:07:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2004/08/04 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/07 21:52:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/03/07 21:52:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/07 21:52:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/03/07 21:52:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/03/07 21:52:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2009/03/07 21:52:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/03/07 21:52:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2009/03/07 21:52:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 13:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-01 01:41:37

========== Files - Unicode (All) ==========
[2006/07/07 18:07:08 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?????? ???? ? ?? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\Выхожу один я на дорогу.doc
[2006/07/07 18:07:08 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\?????? ???? ? ?? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\Выхожу один я на дорогу.doc
[2006/02/06 15:19:52 | 000,020,992 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\Белая Берёза.doc
[2006/02/06 13:59:02 | 000,020,992 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\My Documents\????? ??????.doc) -- C:\Documents and Settings\Compaq_Owner\My Documents\Белая Берёза.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DEscriptOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DEscriptOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
< End of report >

Andriko
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-07-01
OS OS : Windows XP
Points Points : 23666
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Andriko on 4th July 2010, 2:37 pm

And the extra's file:

OTL Extras logfile created on: 04/07/2010 00:28:22 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Games
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 26.61 Gb Free Space | 18.73% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 3.53 Gb Free Space | 50.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDRIKO
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Discordia, LTD)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Games\Football Manager 2009\fm.exe" = C:\Games\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009 -- File not found
"C:\HM3\hm3.exe" = C:\HM3\hm3.exe:*:Enabled:Hollywood Mogul 3 -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate -- File not found
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- File not found
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Games\Football Manager 2010\fm.exe" = C:\Games\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{203F2870-8644-4972-9E14-9E191A6C09C0}" = Solium Infernum
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59367F7E-D7C1-4629-8AEC-71AA24A68F31}" = Nokia Software Updater
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7FD14A8A-FBCC-4442-ACAC-A0E9EC223AED}" = Europa Universalis - Rome
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9618C519-EEBD-4D37-93A3-46D6F160E068}_is1" = Tropico Reloaded
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35EBDE9-DBBA-4A85-A8D8-A6DB1B76DD68}" = Guild 2 Venice Patch 3.5
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE7CB755-7C0B-4D11-8E5D-D6B6C1090A7B}" = Victoria
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Software
"{D99C322D-C21B-40C7-AE71-EE51AA096B6E}" = Nokia Flashing Cable Driver
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AGEod's American Civil War_is1" = AACW patch 1.15
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Ares" = Ares 2.1.1
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Baldur's Gate" = Baldur's Gate
"BitTorrent" = BitTorrent
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"Celtx (2.0)" = Celtx (2.0)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Fallout 2 Unofficial Patch_is1" = Fallout 2 Unofficial Patch 1.02.25
"Fallout_is1" = Fallout
"Football Manager 2009" = Football Manager 2009
"Football Manager 2010" = Football Manager 2010
"Galactic Civilizations II" = Galactic Civilizations II
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"In Nomine_is1" = In Nomine 3.2
"InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"LimeWireTurbo" = LimeWireTurbo
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapCreator 2" = MapCreator 2
"Merchant Prince II" = Merchant Prince II
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla (1.7.12)" = Mozilla (1.7.12)
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Napoleon's Ambition_is1" = Napoleon's Ambition
"Napoleon's Campaigns_is1" = NCP patch 1.05a
"Nokia PC Suite" = Nokia PC Suite
"Out of the Park 10" = Out of the Park 10
"Panzer General I_is1" = Panzer General I ver. 1.2
"Pinup Strip Poker" = Pinup Strip Poker
"Planescape - Torment" = Planescape - Torment
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Shareaza" = Shareaza
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"SimCity2000CDv1" = SimCity 2000 Special Edition
"StreamTorrent 1.0" = StreamTorrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"The Operational Art of War III3.2.29.27" = The Operational Art of War III
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.2.2
"Vae Victis_is1" = Vae Victis 2.2
"VLC media player" = VLC media player 0.9.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World War One_is1" = World War One v1.0.6h
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"10d2f181c2b3d79a" = GamersGate Downloader - 1
"Network Addon Mod" = Network Addon Mod Version May 2010 Version
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/07/2010 17:41:06 | Computer Name = ANDRIKO | Source = Google Update | ID = 20
Description =

Error - 02/07/2010 17:43:52 | Computer Name = ANDRIKO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 02/07/2010 17:43:52 | Computer Name = ANDRIKO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 02/07/2010 19:06:58 | Computer Name = ANDRIKO | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 03/07/2010 17:29:17 | Computer Name = ANDRIKO | Source = Google Update | ID = 20
Description =

Error - 03/07/2010 17:32:08 | Computer Name = ANDRIKO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 03/07/2010 17:32:08 | Computer Name = ANDRIKO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 03/07/2010 17:38:17 | Computer Name = ANDRIKO | Source = Google Update | ID = 20
Description =

Error - 03/07/2010 17:38:44 | Computer Name = ANDRIKO | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3828, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 03/07/2010 18:20:58 | Computer Name = ANDRIKO | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 03/07/2010 17:45:03 | Computer Name = ANDRIKO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 03/07/2010 17:45:17 | Computer Name = ANDRIKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 03/07/2010 17:45:38 | Computer Name = ANDRIKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 03/07/2010 17:46:54 | Computer Name = ANDRIKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 03/07/2010 18:18:44 | Computer Name = ANDRIKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 03/07/2010 18:20:54 | Computer Name = ANDRIKO | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 03/07/2010 18:20:54 | Computer Name = ANDRIKO | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 03/07/2010 18:21:00 | Computer Name = ANDRIKO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde ViaIde

Error - 03/07/2010 18:22:12 | Computer Name = ANDRIKO | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 03/07/2010 18:22:19 | Computer Name = ANDRIKO | Source = Service Control Manager | ID = 7034
Description = The LicCtrl Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

Andriko
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-07-01
OS OS : Windows XP
Points Points : 23666
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Andriko on 4th July 2010, 2:38 pm

Ok, it seemed to work on a different PC, so I finally got it all up. Another thing I have noticed is some run32.dll file which seems to have somethign to do with it.


Thanks again,

Andriko
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-07-01
OS OS : Windows XP
Points Points : 23666
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Belahzur on 4th July 2010, 11:56 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Andriko on 5th July 2010, 5:25 pm

ComboFix 10-07-04.04 - Compaq_Owner 05/07/2010 17:25:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1470.1010 [GMT 1:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\458.exe
c:\documents and settings\Compaq_Owner\Application Data\Inete
c:\documents and settings\Compaq_Owner\Application Data\Inete\qios.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\esentprf4.dll
c:\windows\xpsp1hfm.log
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-03 23:07 . 2010-07-03 23:06 53632 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-07-03 23:07 . 2010-07-03 23:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-03 23:05 . 2010-07-03 23:05 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-03 23:01 . 2010-07-04 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-03 21:58 . 2010-07-03 21:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-07-03 21:52 . 2010-07-03 21:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-03 21:46 . 2010-07-03 21:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-03 21:43 . 2005-09-03 18:09 -------- d-----w- c:\documents and settings\Administrator\WINDOWS
2010-07-03 21:43 . 2010-07-03 21:44 -------- d-----w- c:\documents and settings\Administrator
2010-07-02 22:14 . 2010-07-02 22:14 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-07-01 01:37 . 2010-07-01 01:37 -------- d-----w- C:\JavaRa
2010-07-01 01:37 . 2010-07-01 01:37 71798 ----a-w- C:\JavaRa.zip
2010-07-01 01:35 . 2010-07-01 01:35 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-150fc4b9-n\msvcp71.dll
2010-07-01 01:35 . 2010-07-01 01:35 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-150fc4b9-n\jmc.dll
2010-07-01 01:35 . 2010-07-01 01:35 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-150fc4b9-n\msvcr71.dll
2010-07-01 01:35 . 2010-07-01 01:35 61440 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e63790e-n\decora-sse.dll
2010-07-01 01:35 . 2010-07-01 01:35 12800 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e63790e-n\decora-d3d.dll
2010-07-01 01:35 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 01:29 . 2010-07-01 01:29 922400 ----a-w- C:\jre-6u20-windows-i586-iftw-rv.exe
2010-07-01 00:34 . 2010-07-01 00:34 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-07-01 00:34 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-01 00:34 . 2010-07-01 00:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 00:34 . 2010-07-01 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-01 00:34 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-01 00:32 . 2010-07-01 00:33 6153352 ----a-w- C:\mbam-setup.exe
2010-06-29 23:17 . 2010-07-02 22:11 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\cukepckky
2010-06-11 20:51 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 00:07 . 2010-06-08 00:07 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-08 00:07 . 2010-06-08 00:01 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-08 00:07 . 2010-06-07 23:59 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-08 00:07 . 2009-05-19 19:04 521838 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-06-08 00:07 . 2009-05-19 19:04 521838 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-06-08 00:07 . 2010-06-08 00:07 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-08 00:07 . 2010-06-08 00:07 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-08 00:07 . 2010-06-08 00:07 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-08 00:06 . 2010-06-08 00:06 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-08 00:05 . 2010-06-08 00:05 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-08 00:04 . 2010-06-08 00:04 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-08 00:04 . 2010-06-08 00:04 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-07 23:59 . 2010-06-08 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-05 23:10 . 2010-06-05 23:10 -------- d-----w- c:\program files\Traffic Simulator Configuration Tool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 16:24 . 2009-08-02 19:41 1217 --sha-w- c:\windows\system32\mmf.sys
2010-07-03 23:09 . 2005-09-03 18:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-03 21:31 . 2009-02-24 06:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Enbeup
2010-07-02 01:59 . 2009-08-06 21:21 1 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-01 01:38 . 2005-09-03 17:48 -------- d-----w- c:\program files\Java
2010-07-01 01:35 . 2005-09-03 17:48 -------- d-----w- c:\program files\Common Files\Java
2010-06-30 23:33 . 2006-03-02 21:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-30 22:42 . 2005-09-03 18:18 -------- d-----w- c:\program files\Google
2010-06-29 23:56 . 2009-12-26 21:44 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SpinTop
2010-06-29 23:50 . 2009-11-20 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-29 23:41 . 2010-04-12 17:40 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\BitTorrent
2010-06-14 18:40 . 2009-03-08 20:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sports Interactive
2010-06-13 20:16 . 2010-04-09 21:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\ICQ
2010-06-11 21:25 . 2008-10-10 18:03 50196 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-10 21:46 . 2010-04-09 20:59 -------- d-----w- c:\program files\ICQ7.1
2010-06-08 00:07 . 2008-11-03 01:30 -------- d-----w- c:\program files\DivX
2010-06-08 00:07 . 2009-05-19 19:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-02 21:24 . 2008-09-16 23:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 21:24 . 2008-09-16 23:10 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 21:40 . 2010-06-01 21:40 529 ----a-w- c:\windows\eReg.dat
2010-06-01 21:39 . 2010-06-01 21:38 -------- d-----w- c:\program files\MagicDisc
2010-06-01 21:35 . 2010-06-01 21:35 -------- d-----w- c:\program files\MagicISO
2010-05-31 20:32 . 2006-01-03 16:35 -------- d-----w- c:\program files\Paradox Interactive
2010-05-30 19:03 . 2010-05-30 19:03 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3357913f-n\msvcp71.dll
2010-05-30 19:03 . 2010-05-30 19:03 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3357913f-n\jmc.dll
2010-05-30 19:03 . 2010-05-30 19:03 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3357913f-n\msvcr71.dll
2010-05-13 01:03 . 2005-09-03 17:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40 . 2008-11-03 01:30 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2008-11-03 01:30 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2008-11-03 01:30 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2005-04-25 08:03 45648 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-10 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2010-2-22 1564672]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-2-8 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 17:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-08 03:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 05:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 16:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 00:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 23:44 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2005-05-11 00:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-08-11 07:31 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-06-10 21:25 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NtLmSsp"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"mnmsrvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c98fb7cb96dcfe"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"{94FA02C1-50D7-9556-D2EA-3C7B4BEBDED0}"="c:\documents and settings\Compaq_Owner\Application Data\Inete\qios.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PCDrProfiler"=
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Games\\Football Manager 2010\\fm.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/09/2008 00:10 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/09/2008 00:10 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17/03/2010 18:37 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 18:37 308064]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [22/02/2010 18:29 38144]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [22/02/2010 18:29 273280]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [31/05/2006 15:36 2560]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27/02/2009 13:52 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27/02/2009 13:52 8320]
S4 gupdate1c98fb7cb96dcfe;Google Update Service (gupdate1c98fb7cb96dcfe);c:\program files\Google\Update\GoogleUpdate.exe [15/02/2009 22:52 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 21:52]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 21:52]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rho4tp3p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\rho4tp3p.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{C3BA40A2-75F1-52BD-F413-04B15A2C8953} - (no file)
MSConfigStartUp-mcexecwin - c:\docume~1\COMPAQ~1\LOCALS~1\Temp\m4zaya.dll
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Wfaregohe - c:\windows\tsvesem.dll
AddRemove-Football Manager 2009 - c:\games\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe
AddRemove-In Nomine_is1 - c:\eu3\unins001.exe
AddRemove-Napoleon's Ambition_is1 - c:\eu3\unins000.exe
AddRemove-Panzer General I_is1 - c:\games\Panzer General I\unins000.exe
AddRemove-Pinup Strip Poker - c:\games\PinupPoker\Uninstal.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{9618C519-EEBD-4D37-93A3-46D6F160E068}_is1 - c:\games\Tropico Reloaded\unins000.exe
AddRemove-Network Addon Mod - c:\documents and settings\Compaq_Owner\My Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-05 17:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1139474554-1590177113-630390212-1008\Software\SecuROM\License information*]
"datasecu"=hex:07,5e,2e,62,29,21,b6,47,ec,88,1b,cf,4e,f8,1b,2e,0f,22,e7,1a,b1,
e5,26,75,10,34,68,cf,4a,fa,6b,01,ca,4b,1b,d5,91,8c,c1,f1,d9,13,23,1b,3a,11,\
"rkeysecu"=hex:17,db,f9,12,5f,dc,aa,24,f5,ef,2c,a9,87,20,30,1e

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,44,f7,88,8f,b5,4c,1b,f9,3e,da,c2,d2,eb,69,77,32,91,02,8c,84,09,5e,d2,d3
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\58BBB2CAA762B86BF8228F8849EB5144]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,53,74,ea,24,5b,d9,02,83
"2"=hex:84,00,a2,e9,a5,84,bc,35
"3"=hex:5b,c9,47,c6,90,ea,28,99,d1,93,dd,af,dd,67,36,ba,ba,3f,d1,0d,7b,f4,ad,
dc,35,c8,d1,4c,50,01,c6,aa,6f,98,78,68,d5,3d,48,42,59,85,b7,4b,a6,96,4a,88,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,0b,6a,8c,ca,2a,b0,fe,b3,4b,64,48,ea,1f,44,5e,dc,e9,a1,c1,1e,2b,ba,8b,4e,\
"7"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,53,74,ea,24,5b,d9,02,83
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,89,77,0c,65,96,1c,ff,8e,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:f2,b2,25,ad,97,16,33,ac,99,32,09,55,1e,8e,d2,d2,5d,ec,a0,07,bb,34,81,
45,28,a3,51,07,4c,71,af,66,02,96,f3,63,96,d8,e2,90,94,84,2f,31,c9,1c,a4,55,\
"13"=hex:d8,0b,6e,14,1d,ef,12,03,8e,d8,ef,60,c0,71,0e,41,8b,c8,71,49,bc,ff,24,
4d
"14"=hex:84,23,eb,9e,98,3e,c4,f1
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:86,1e,40,0a,8a,be,c8,0e,b7,3b,58,6e,b3,dd,25,fc
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:a5,42,43,81,5b,2f,3c,1a,50,ff,25,dd,6c,1e,a9,b7,94,2d,3e,24,70,53,d5,
98,e2,65,1e,86,f1,03,b5,d0,1c,8b,c2,c6,af,df,a6,65,f5,d8,44,6a,93,6b,35,6d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-05 17:41:51
ComboFix-quarantined-files.txt 2010-07-05 16:41

Pre-Run: 28,412,981,248 bytes free
Post-Run: 29,005,885,440 bytes free

- - End Of File - - 48F8DD6E39FA9A2688518113EB5E568E

Andriko
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-07-01
OS OS : Windows XP
Points Points : 23666
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Andriko on 5th July 2010, 5:26 pm

Ok, thats the combo fix log.

Thanks

Andriko
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-07-01
OS OS : Windows XP
Points Points : 23666
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Belahzur on 5th July 2010, 9:10 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Andriko on 6th July 2010, 10:08 pm

Ok, here is the ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f149896b7339bf4d98bde31dcd4d1e84
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-06 12:07:25
# local_time=2010-07-06 01:07:25 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 19622302 19622302 0 0
# compatibility_mode=8192 67108863 100 0 294 294 0 0
# scanned=150930
# found=8
# cleaned=8
# scan_time=4301
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadersit.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\LimeWareMusic\chrysalis 320k bitrate quality.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\LimeWareMusic\chrysalis.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\LimeWareMusic\the negro problem.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\LimeWareMusic\the queensbury rules (best quality).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\LimeWareMusic\tsaligopoulou [160k quality].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\LimeWareMusic\tsaligopoulou(Club RMX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f149896b7339bf4d98bde31dcd4d1e84
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-06 10:00:31
# local_time=2010-07-06 11:00:31 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 19695579 19695579 0 0
# compatibility_mode=8192 67108863 100 0 73571 73571 0 0
# scanned=384292
# found=0
# cleaned=0
# scan_time=9808

Andriko
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-07-01
OS OS : Windows XP
Points Points : 23666
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Belahzur on 7th July 2010, 12:35 am

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitTorrent
    LimeWireTurbo
    Shareaza

Download and install [You must be registered and logged in to see this link.]
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Andriko on 7th July 2010, 4:25 pm

The computer seems to be fine, might even be a little quicker then before infact! I think the combo-fix and ESET did quite alot of good things.

Should everything be more or less ok now? And also, will running Spybot S&D, AVG Free and Malwarebye's Anti-Malware keep me more or less secure for now?


Thanks for the help, it is very much appreciated.

Andriko
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-07-01
OS OS : Windows XP
Points Points : 23666
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Residual Malware Problem

Post by Belahzur on 7th July 2010, 11:15 pm

Yep, that should be good. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum