Antivirus Soft Infection cannot remove please help?

View previous topic View next topic Go down

Antivirus Soft Infection cannot remove please help?

Post by terms5 on Wed 07 Jul 2010, 2:38 pm

Help! I have gotten "AntiVirus Soft" on my computer and I can't get rid of it. I followed the update guide in your "read this first" post and then also your guide on how to use Malwarebytes to get rid of the Antivirus Soft malware. However, I am not able run microsoft updates anymore due to the infection.

I updated Malwarebytes and after running a full system scan it deletes all of the infections, but whenever I restart my system after a little time I start getting popups and it changes my proxy settings on IE again so I know it isn't gone even if Malwarebytes says it is. I also can no longer boot into safe mode, can it disable this as well? I am running Windows XP 32bit

Here is the OTL.txt log (The extras.txt is further down/next post)
OTL logfile created on: 7/6/2010 8:00:56 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Sarah\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 56.21 Gb Free Space | 12.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 684.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAHLOVESMICHI
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/06 19:59:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sarah\Desktop\OTL\OTL.exe
PRC - [2010/07/02 19:15:25 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2008/10/27 20:42:31 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/25 12:39:22 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/06/25 12:39:22 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/06/25 12:39:20 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/06/25 12:39:20 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/06/25 12:39:18 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/12 14:35:07 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/09/07 11:40:34 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 11:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005/10/28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/04/01 18:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


========== Modules (SafeList) ==========

MOD - [2010/07/06 19:59:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sarah\Desktop\OTL\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/05/11 06:03:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/05/11 06:03:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ssmicrco.scr -- (Windows Update)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/21 06:08:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/27 20:42:31 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/06/25 12:39:22 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/06/25 12:39:22 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/25 12:39:20 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/06/25 12:39:20 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/06/25 12:39:18 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/09/07 11:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2007/08/11 21:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 06:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2)
SRV - [2007/02/10 06:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/04/01 18:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ds1410d.sys -- (DS1410D)
DRV - [2010/06/24 18:08:58 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/06/23 04:47:55 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/17 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100706.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/17 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100706.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/11 16:53:16 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/05/11 16:53:16 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/11/20 22:37:08 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/08/25 23:46:04 | 000,023,480 | ---- | M] (Wippien Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wip0204.sys -- (wip0204)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/06/25 12:39:22 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/06/25 12:39:22 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/06/25 12:39:22 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/06/25 12:39:16 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/06/25 12:39:16 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/25 12:39:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/28 13:23:08 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/09/28 12:05:44 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/09/27 03:52:34 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/05/11 06:03:00 | 006,738,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/04/09 05:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 11:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 17:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2007/01/30 03:57:50 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 12:19:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/06 19:51:11 | 000,000,000 | ---D | M]

[2009/01/05 13:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Mozilla\Extensions
[2010/07/04 14:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Mozilla\Firefox\Profiles\tn119mgy.default\extensions
[2009/09/01 09:34:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sarah\Application Data\Mozilla\Firefox\Profiles\tn119mgy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/06 19:42:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/06 19:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/06 19:42:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/09/15 12:50:46 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2009/11/21 06:05:38 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sarah\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/27 03:25:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/09/25 08:18:30 | 000,000,041 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2008/03/06 12:53:49 | 000,574,588 | R--- | M] ()
O33 - MountPoints2\H\Shell\Auto\command - "" = boot.pif
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Sarah^Start Menu^Programs^Startup^hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe - (LogMeIn Inc.)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - IE7 Uninstall Stub
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/06 20:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Desktop\OTL
[2010/07/06 19:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Desktop\javara
[2010/07/06 19:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/06 19:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/06 19:42:44 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/06 19:42:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/06 19:42:44 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/06 19:42:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/06 19:42:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/06 19:40:01 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Sarah\Desktop\jre-6u20-windows-i586.exe
[2010/07/06 15:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Desktop\2010-07-06
[2010/07/04 15:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Local Settings\Application Data\qrmrjbjyf
[2010/07/02 15:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Desktop\moseguard
[2010/07/02 07:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/02 07:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/02 06:58:55 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sarah\Desktop\mbam-setup-1.46.exe
[2010/07/02 04:44:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/01 14:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/01 14:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/01 12:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/01 12:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/01 12:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Local Settings\Application Data\phhofrtaf
[2010/06/24 20:11:33 | 001,236,992 | ---- | C] (crea-doo) -- C:\Documents and Settings\Sarah\Desktop\aoe3loader.exe
[2010/06/24 18:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Desktop\backupWarchief
[2010/06/24 18:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Application Data\Hamachi
[2010/06/24 18:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hamachi
[2010/06/22 19:00:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sarah\Recent
[2010/06/22 18:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/22 18:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\Users
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\Trigger
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\Startup
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\Screenshots
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\Scenario
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\Savegame
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\RM
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\HomeCities
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\Data
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\campaign
[2010/06/20 09:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\My Documents\AI
[2010/06/20 00:35:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/06/20 00:34:48 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/06/20 00:34:48 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2010/06/20 00:34:48 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/06/20 00:34:48 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/06/20 00:34:48 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/06/20 00:34:48 | 000,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/06/20 00:34:47 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2010/06/20 00:34:47 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/06/20 00:34:47 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/06/20 00:34:47 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/06/20 00:34:47 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/06/20 00:34:47 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2010/06/20 00:34:47 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010/06/20 00:34:47 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/06/20 00:34:47 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/06/20 00:34:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/06/20 00:34:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2010/06/20 00:34:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/06/20 00:34:47 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2010/06/20 00:34:47 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/06/20 00:34:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/06/20 00:34:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/06/20 00:34:47 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2010/06/20 00:34:47 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/06/20 00:34:47 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/06/20 00:34:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2010/06/20 00:34:45 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2010/06/20 00:34:45 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2010/06/20 00:34:45 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2010/06/20 00:34:45 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2010/06/20 00:34:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2010/06/20 00:34:45 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2010/06/20 00:34:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2010/06/20 00:34:45 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2010/06/20 00:34:45 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2010/06/20 00:34:44 | 001,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2010/06/20 00:34:44 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2010/06/20 00:34:44 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2010/06/20 00:34:43 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2010/06/20 00:34:43 | 001,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2010/06/20 00:34:43 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2010/06/20 00:34:43 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2010/06/20 00:34:43 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2010/06/20 00:34:43 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2010/06/20 00:34:43 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2010/06/20 00:34:43 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2010/06/20 00:34:43 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2010/06/20 00:34:43 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2010/06/20 00:34:43 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2010/06/20 00:34:43 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2010/06/20 00:34:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2010/06/20 00:34:43 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2010/06/20 00:34:43 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2010/06/20 00:34:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2010/06/20 00:34:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll
[2010/06/20 00:34:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2010/06/20 00:34:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2010/06/20 00:34:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2010/06/20 00:34:43 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2010/06/20 00:34:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2010/06/20 00:34:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2010/06/20 00:34:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2010/06/20 00:34:42 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2010/06/20 00:34:42 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2010/06/20 00:34:42 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2010/06/20 00:34:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2010/06/19 23:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Desktop\AOEIIIbackup
[2010/06/19 21:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Local Settings\Application Data\LogMeIn Hamachi
[2010/06/19 21:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/06/19 21:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/06/19 16:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Application Data\HpUpdate
[2010/06/19 16:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/06/11 16:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/06/11 16:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Application Data\HP
[2010/06/11 16:08:19 | 000,452,408 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2010/06/11 16:08:19 | 000,126,976 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpfll70v.dll
[2010/06/11 16:08:12 | 000,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010/06/11 16:08:12 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010/06/11 16:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/06/11 16:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/06/11 16:02:51 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/06/11 16:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/06 19:59:07 | 000,591,504 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/06 19:59:07 | 000,490,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/06 19:59:07 | 000,089,932 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/06 19:56:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/06 19:53:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/06 19:53:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/06 19:53:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 19:52:21 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Sarah\NTUSER.DAT
[2010/07/06 19:51:12 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/06 19:45:01 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\JavaRa.zip
[2010/07/06 19:42:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/06 19:42:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/06 19:42:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/06 19:42:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/06 19:42:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/06 19:40:01 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Sarah\Desktop\jre-6u20-windows-i586.exe
[2010/07/06 19:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/06 19:08:36 | 003,233,092 | -H-- | M] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\IconCache.db
[2010/07/06 19:00:55 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\rwqwuxy.sys
[2010/07/06 18:40:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/04 15:37:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sarah\ntuser.ini
[2010/07/03 16:59:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/02 06:59:06 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sarah\Desktop\mbam-setup-1.46.exe
[2010/07/02 05:00:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/01 17:34:12 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\iexplore.exe
[2010/07/01 15:56:12 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Shortcut to iExplore.lnk
[2010/06/27 21:20:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/27 19:25:22 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 20:11:14 | 000,320,552 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\aoe3loader_1.6.3.zip
[2010/06/24 18:08:58 | 000,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2010/06/24 18:08:58 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\hamachi.lnk
[2010/06/22 18:52:19 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\CCleaner.lnk
[2010/06/20 00:35:51 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III.lnk
[2010/06/19 22:56:09 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2010/06/11 16:09:25 | 000,163,423 | ---- | M] () -- C:\WINDOWS\hphins33.dat
[2010/06/11 16:06:41 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/11 03:34:11 | 002,301,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/07 11:33:09 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\michijobsearch.doc
[2010/06/07 09:57:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Cover Letter.doc
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/06 19:51:11 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/06 19:45:04 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\JavaRa.zip
[2010/07/06 19:00:55 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rwqwuxy.sys
[2010/07/04 15:20:52 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\iexplore.exe
[2010/07/02 05:00:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/01 15:56:12 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\Shortcut to iExplore.lnk
[2010/06/24 20:09:50 | 000,320,552 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\aoe3loader_1.6.3.zip
[2010/06/24 18:08:58 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hamachi.lnk
[2010/06/22 18:52:19 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\CCleaner.lnk
[2010/06/20 00:35:51 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III.lnk
[2010/06/20 00:34:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/20 00:34:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/20 00:34:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/06/20 00:34:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/20 00:34:47 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/06/20 00:34:47 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/20 00:34:46 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010/06/20 00:34:46 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/06/20 00:34:46 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010/06/20 00:34:45 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010/06/20 00:34:45 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010/06/20 00:34:45 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010/06/20 00:34:45 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010/06/20 00:34:45 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010/06/20 00:34:45 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010/06/20 00:34:45 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/06/11 16:06:41 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/11 15:58:06 | 000,001,190 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/06/11 15:58:05 | 000,163,423 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2010/06/11 15:58:05 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2010/06/07 09:57:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Sarah\Desktop\Cover Letter.doc
[2010/02/28 16:50:02 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/02/17 00:21:55 | 000,000,472 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/29 08:59:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/22 15:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 15:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 15:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 15:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/12 22:04:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2007/10/16 19:25:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/11 00:23:43 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/11 00:23:43 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/11 00:23:43 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/11 00:23:43 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/11 00:22:38 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/08 16:08:23 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/10/02 20:05:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/10/02 20:05:40 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/10/02 20:01:55 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2007/09/28 13:23:08 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2007/09/28 12:05:44 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/01/10 09:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/25 12:39:26 | 000,048,000 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2008/06/25 12:39:26 | 000,107,904 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007/09/28 12:05:44 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2008/06/25 12:39:22 | 000,038,632 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WGX.SYS

< %systemroot%\System32\config\*.sav >
[2007/09/26 20:13:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/09/26 20:13:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/09/26 20:13:02 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/02/28 05:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/02/28 05:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2007/09/28 13:23:08 | 000,000,383 | ---- | M] () -- C:\WINDOWS\system32\haspdos.sys
[2006/02/28 05:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2006/02/28 05:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2006/02/28 05:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2006/02/28 05:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2006/02/28 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2006/02/28 05:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2006/02/28 05:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2006/02/28 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2006/02/28 05:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2006/02/28 05:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2006/02/28 05:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2006/02/28 05:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2006/02/28 05:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/01 22:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

Remainder of OTL.txt and Extras.txt

Post by terms5 on Wed 07 Jul 2010, 2:40 pm


< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2008/11/29 20:34:29 | 000,000,311 | ---- | M] () -- C:\AlphaDiscLog.txt
[2007/09/27 03:25:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/10 20:41:12 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2007/09/27 03:25:23 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/09/27 03:51:23 | 000,000,206 | ---- | M] () -- C:\csb.log
[2009/02/10 10:21:32 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2007/09/27 03:25:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/06 19:46:35 | 000,006,725 | ---- | M] () -- C:\JavaRa.log
[2007/09/27 03:25:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/30 19:36:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/06 19:53:18 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/09/27 03:51:23 | 000,000,348 | ---- | M] () -- C:\RHDSetup.log
[2010/07/06 19:57:19 | 000,000,511 | ---- | M] () -- C:\rkill.log

< %PROGRAMFILES%\*. >
[2009/11/21 07:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/21 06:21:26 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2008/09/08 17:41:28 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2007/09/28 12:07:14 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2007/10/01 21:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\Alias
[2010/04/17 09:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\American Conquest
[2009/04/09 18:24:37 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/04/09 08:05:15 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2007/10/08 14:58:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2007/11/05 08:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\BitLord
[2010/05/09 20:19:23 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/02/17 00:20:57 | 000,000,000 | ---D | M] -- C:\Program Files\Bullfrog
[2009/09/08 09:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\Burn To The Brim
[2007/10/02 20:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/06/22 18:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/07/06 19:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/09/27 03:22:23 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/09/04 16:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\CubedLabs YouTube Download Convert
[2007/09/27 03:49:58 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2008/06/07 12:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/08/29 23:29:42 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2008/08/23 22:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2009/06/06 18:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/02/12 23:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\Firefly Studios
[2010/02/01 17:11:57 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/06/24 18:09:22 | 000,000,000 | ---D | M] -- C:\Program Files\Hamachi
[2010/06/19 16:53:18 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/06/20 09:13:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/11 03:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/01 10:49:26 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/04/26 18:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/07/06 19:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/10/27 20:41:06 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/06/19 21:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn Hamachi
[2010/04/09 07:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/07/02 05:01:28 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/04 16:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\Media Converter SA Edition
[2009/08/30 19:49:01 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/10/16 19:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/09/27 03:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/08/03 20:35:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/01/07 14:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2007
[2007/11/28 21:47:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/02 17:04:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/12/19 20:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/06/06 18:48:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2007/12/19 20:13:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/12/14 16:11:13 | 000,000,000 | ---D | M] -- C:\Program Files\Midway Home Entertainment
[2008/05/31 13:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\Monitor Calibration Wizard
[2010/03/11 04:04:26 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/06 16:03:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/12/19 19:58:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/06/22 18:11:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2007/09/27 03:21:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/09/27 03:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/08/04 03:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/12/19 20:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/05/09 19:15:42 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/02/16 21:16:16 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2009/08/30 19:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/04 08:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2008/02/12 22:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2007/09/27 03:22:13 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/04/15 03:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.4
[2010/05/12 03:01:33 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/11/04 21:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\Pixologic
[2008/11/16 23:12:02 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2007/09/28 13:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\PowerISO
[2010/05/09 20:24:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/09/27 03:50:31 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2007/12/19 19:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/12/22 14:50:31 | 000,000,000 | ---D | M] -- C:\Program Files\Scanahand
[2007/12/19 20:09:25 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2007/12/19 20:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2008/11/03 17:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/02 19:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2008/11/20 22:37:09 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2007/10/08 23:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2008/02/22 15:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2007/09/27 03:29:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/09/08 17:42:44 | 000,000,000 | ---D | M] -- C:\Program Files\Unreal Tournament 3
[2008/11/23 23:30:29 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007/12/19 20:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\Vstplugins
[2008/11/20 00:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\Will
[2010/06/22 18:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2008/03/12 21:24:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/08/30 19:40:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/08/30 19:40:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/09/27 03:24:27 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/10/02 21:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/10/01 23:32:49 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2009/02/10 19:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\wordpress
[2007/09/27 03:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2007/09/26 20:17:03 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Sarah\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/08/30 19:31:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/08/30 19:31:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/08/30 19:31:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/08/30 19:31:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/08/30 19:31:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/08/30 19:31:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/10/18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/08/30 19:31:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/08/30 19:31:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 03:54:16

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

OTL Extras logfile created on: 7/6/2010 8:00:56 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Sarah\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 56.21 Gb Free Space | 12.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 684.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAHLOVESMICHI
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- ([You must be registered and logged in to see this link.]
"C:\Program Files\Autodesk\Maya8.5\bin\maya.exe" = C:\Program Files\Autodesk\Maya8.5\bin\maya.exe:*:Enabled:Maya -- (Autodesk)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe" = C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost -- File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Wippien\Wippien.exe" = C:\Program Files\Wippien\Wippien.exe:*:Enabled:Wippien -- File not found
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Documents and Settings\Sarah\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.] = C:\Documents and Settings\Sarah\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.] add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- File not found
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi -- (LogMeIn Inc.)
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C74612-2C48-4421-BF67-3949CD90748E}" = Autodesk DirectConnect 2.0
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{51FD8515-2F15-4E6D-A93C-BC6988AEC29A}" = Sony Media Manager 2.3
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min
"{5834E709-59A7-40CC-B3FF-9EF7E2E22D85}" = Big Buck Hunter
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81525B87-9344-4834-883C-C6A9D78EA1DF}" = Maya 8.5 Documentation (en_US)
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F28D8E9-9E73-49E5-88B2-988D807E7F2D}" = Manual CanoScan LiDE 80
"{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}" = Maya 8.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF507C99-7DE1-4fa8-8632-AB8A205F1258}" = The Sims™ 2 Store Edition
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe Extendscript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"BitLord" = BitLord 1.1
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EADM" = EA Download Manager
"Hamachi" = Hamachi 1.0.1.5
"Hospital" = Theme Hospital
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"Insaniquarium_Patch_Installer_1.2" = Insaniquarium Patch Installer 1.2
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2007b" = Microsoft Money 2007
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"Rainbow Sentinel Driver" = Sentinel System Driver
"Scanahand2_is1" = Scanahand 2.0
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 0.9.6
"Wacom Tablet Driver" = Wacom Tablet
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.0.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/6/2010 6:17:02 PM | Computer Name = SARAHLOVESMICHI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/6/2010 9:36:47 PM | Computer Name = SARAHLOVESMICHI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 7/6/2010 9:36:48 PM | Computer Name = SARAHLOVESMICHI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

Error - 7/6/2010 9:48:11 PM | Computer Name = SARAHLOVESMICHI | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan.FakeAV!gen27 in File: C:\WINDOWS\Temp\36a84b58.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 7/6/2010 9:48:14 PM | Computer Name = SARAHLOVESMICHI | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.FakeAV!gen27 in File: C:\WINDOWS\Temp\36a84b58.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 7/6/2010 10:01:00 PM | Computer Name = SARAHLOVESMICHI | Source = nview_info | ID = 11141121
Description =

Error - 7/6/2010 10:34:14 PM | Computer Name = SARAHLOVESMICHI | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.MalPE in File: C:\WINDOWS\Temp\22.tmp
by: Auto-Protect scan. Action: Clean succeeded. Action Description: The file
was repaired successfully.

Error - 7/6/2010 10:34:15 PM | Computer Name = SARAHLOVESMICHI | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Bloodhound.MalPE in File: c:\windows\temp\22.tmp by: Auto-Protect
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 7/6/2010 10:34:15 PM | Computer Name = SARAHLOVESMICHI | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.MalPE in File: C:\WINDOWS\Temp\22.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 7/6/2010 10:46:19 PM | Computer Name = SARAHLOVESMICHI | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 7/6/2010 10:05:47 PM | Computer Name = SARAHLOVESMICHI | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/6/2010 10:06:29 PM | Computer Name = SARAHLOVESMICHI | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 7/6/2010 10:10:02 PM | Computer Name = SARAHLOVESMICHI | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/6/2010 10:10:02 PM | Computer Name = SARAHLOVESMICHI | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/6/2010 10:11:41 PM | Computer Name = SARAHLOVESMICHI | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/6/2010 10:11:41 PM | Computer Name = SARAHLOVESMICHI | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/6/2010 10:14:32 PM | Computer Name = SARAHLOVESMICHI | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 7/6/2010 10:53:33 PM | Computer Name = SARAHLOVESMICHI | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/6/2010 10:53:33 PM | Computer Name = SARAHLOVESMICHI | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/6/2010 10:56:05 PM | Computer Name = SARAHLOVESMICHI | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2


< End of report >

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by Sneakyone on Wed 07 Jul 2010, 2:59 pm

Hi, Welcome to GeekPolice.net!

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    O4 - HKLM..\Run: [] File not found

    :Files
    C:\Documents and Settings\Sarah\Local Settings\Application Data\qrmrjbjyf
    C:\Documents and Settings\Sarah\Local Settings\Application Data\phhofrtaf
    C:\WINDOWS\System32\drivers\rwqwuxy.sys

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If this fix becomes unresponsive, please move on to ComboFix.

========

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


=======

Please download CKScanner by askey127 from here

Save it to your desktop.


  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Last edited by DragonMaster Jay on Wed 07 Jul 2010, 3:16 pm; edited 1 time in total (Reason for editing : Fixed CKScanner link)

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by terms5 on Thu 08 Jul 2010, 12:08 am

Thank you for your help! I am currently at work, but I will try this immediately when I get home this evening and post the generated .txt files.

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

Combofix.txt results (Will post CKScanner next reply)

Post by terms5 on Thu 08 Jul 2010, 2:54 pm

ComboFix 10-07-06.05 - Sarah 07/07/2010 20:17:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1567 [GMT -7:00]
Running from: c:\documents and settings\Sarah\desktop\commy.exe
Command switches used :: /stepdel
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Web\webdc
c:\windows\Web\webhp
c:\windows\Web\webpf
c:\windows\Web\webpt
c:\windows\Web\webxs
c:\documents and settings\All Users\documents\setup.exe

Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_UPDATE
-------\Service_Windows Update


((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-07 22:12 . 2010-07-07 22:12 -------- d-----w- C:\_OTL
2010-07-07 02:43 . 2010-07-07 02:43 -------- d-----w- c:\program files\Common Files\Java
2010-07-07 02:42 . 2010-07-07 02:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 02:00 . 2010-07-07 02:00 54016 ----a-w- c:\windows\system32\drivers\rwqwuxy.sys
2010-07-04 22:17 . 2010-07-04 22:37 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\qrmrjbjyf
2010-07-01 21:52 . 2010-07-07 01:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-01 19:01 . 2010-07-02 15:39 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\phhofrtaf
2010-06-25 01:14 . 2010-07-07 01:21 -------- d-----w- c:\documents and settings\Sarah\Application Data\Hamachi
2010-06-25 01:08 . 2010-06-25 01:09 -------- d-----w- c:\program files\Hamachi
2010-06-23 01:52 . 2010-06-23 01:52 -------- d-----w- c:\program files\CCleaner
2010-06-23 01:12 . 2010-06-23 01:12 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-06-20 04:16 . 2010-06-25 00:52 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\LogMeIn Hamachi
2010-06-20 04:16 . 2010-07-08 03:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-06-20 04:16 . 2010-06-20 04:16 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-19 23:52 . 2010-06-19 23:53 -------- d-----w- c:\documents and settings\Sarah\Application Data\HpUpdate
2010-06-19 23:52 . 2010-06-19 23:52 -------- d-----w- c:\windows\Hewlett-Packard
2010-06-11 23:22 . 2010-06-11 23:22 -------- d-----w- c:\documents and settings\Sarah\Application Data\HP
2010-06-11 23:22 . 2010-06-11 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-06-11 23:08 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-06-11 23:08 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-06-11 23:08 . 2009-04-16 21:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-06-11 23:08 . 2009-04-16 21:08 126976 ----a-w- c:\windows\system32\hpfll70v.dll
2010-06-11 23:08 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-06-11 23:08 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-06-11 23:08 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-06-11 23:08 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-06-11 23:05 . 2010-06-11 23:05 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-06-11 23:05 . 2010-06-11 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-06-11 23:02 . 2010-06-19 23:53 -------- d-----w- c:\program files\HP
2010-06-11 22:58 . 2010-06-11 23:09 163423 ----a-w- c:\windows\hphins33.dat
2010-06-11 22:58 . 2009-06-11 10:17 586 ------w- c:\windows\hphmdl33.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 03:35 . 2008-02-22 22:59 -------- d-----w- c:\documents and settings\Sarah\Application Data\WTablet
2010-07-07 02:46 . 2007-11-29 06:29 -------- d-----w- c:\program files\Java
2010-07-07 01:40 . 2007-10-11 06:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-07 01:27 . 2009-08-31 03:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-06 22:55 . 2007-10-30 00:49 -------- d-----w- c:\documents and settings\Sarah\Application Data\Canon
2010-07-05 18:12 . 2008-04-15 10:22 -------- d-----w- c:\documents and settings\Sarah\Application Data\OpenOffice.org2
2010-07-03 02:15 . 2008-11-30 02:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-02 12:01 . 2008-11-04 01:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 01:13 . 2008-10-19 05:17 -------- d-----w- c:\documents and settings\Sarah\Application Data\HamachiBackup
2010-06-25 01:08 . 2008-10-19 05:17 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-06-23 01:43 . 2007-09-27 11:21 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 01:11 . 2007-11-29 04:46 -------- d-----w- c:\program files\MSECache
2010-06-20 16:13 . 2007-09-27 10:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-06 05:14 . 2009-01-03 03:58 -------- d-----w- c:\documents and settings\Sarah\Application Data\dvdcss
2010-05-31 03:05 . 2007-09-27 10:58 8 ----a-w- c:\windows\system32\nvModes.dat
2010-05-13 19:27 . 2010-05-13 19:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-11 23:49 . 2009-03-04 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-10 17:23 . 2010-05-10 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-10 03:24 . 2010-05-10 03:24 -------- d-----w- c:\program files\QuickTime
2010-05-10 03:19 . 2007-09-28 19:21 -------- d-----w- c:\program files\Bonjour
2010-05-04 17:20 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2008-11-04 01:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2008-11-04 01:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-09 15:55 . 2007-09-27 10:42 58392 ----a-w- c:\documents and settings\Sarah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-07-03 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"nwiz"="nwiz.exe" [2007-05-11 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-25 115560]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-11 03:45 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Sarah^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Sarah\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 04:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-12 21:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Sarah\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 4:11 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 67656]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2/22/2008 3:58 PM 1373480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/10/2010 8:37 PM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 5:12 PM 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/3/2008 6:10 PM 38224]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 6:29 AM 29178224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 12872]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [12/13/2008 10:43 PM 23480]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/28/2007 12:05 PM 639224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:11]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:11]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Sarah\Application Data\Mozilla\Firefox\Profiles\tn119mgy.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Sarah\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-07 20:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-115176313-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:9e,dc,03,e0,48,dd,16,dc,2b,8c,c7,4a,a5,66,fe,63,db,f5,1d,2a,1b,
95,20,09,cf,c7,95,63,91,4a,39,d7,85,03,a4,4b,a7,ed,e6,fa,2f,e2,19,d5,c5,9c,\
"rkeysecu"=hex:e7,e2,1b,23,67,33,f2,7f,eb,1f,0a,e6,e6,da,14,57

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(5496)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2010-07-07 20:49:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-08 03:48

Pre-Run: 60,467,585,024 bytes free
Post-Run: 60,609,613,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 640728EE81D6A30A404ED70BCC3BF48B

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

CKScanner results

Post by terms5 on Thu 08 Jul 2010, 3:03 pm

Also, the commands for the OTL did not work, it just ran for like an hour and froze. It never got past the first process.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\documents\crack\photoshop.exe
c:\documents and settings\external drive\oldcompy\cdrivecrap\flexlm\awkeygen.exe
c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\desktop\mudbox\skymatter3d mudbox 1.0.1568\crack\install.txt
c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\desktop\old college classes\lightingandtexturing\renderman\pixar.renderman.for.maya6.5_7.0.v1.0.i686.retail.incl.patch.and.keymaker.read.nfo-zwt\pixarrenderman\program\keygen.exe
c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\favorites\-=i.c.e. fortress =- international cracking experts.url
c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\my documents\zbrush\zbrush 2.0\crack\pdxkg.exe
c:\documents and settings\sarah\desktop\michi's stuff\shockwave.com.pizza.frenzy.cracked-tsrh.zip
c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\a_scanahand_highlogic_setup_rc1_keygen.rar
c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\scanahandsetup rc1+keygen\keygen.exe
c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\scanahandsetup rc1+keygen\scanahandsetuprc1.exe
c:\downloads\crack\civ4beyondsword.exe
c:\flexlm\awkeygen.exe
c:\flexlm1\awkeygen.exe
c:\flexlm2\awkeygen.exe
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\autodesk\maya2009\brushes\fun\cracks.mel
c:\program files\autodesk\maya2009\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2009\docs\maya2009\en_us\files\uv_texture_mapping_creating_a_cracker_box_model.htm
c:\program files\autodesk\maya2009\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2009\scripts\others\crackshatter.res.mel
c:\program files\autodesk\maya8.5\brushes\fun\cracks.mel
c:\program files\autodesk\maya8.5\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya8.5\docs\maya8.5\en_us\learningresources\polygon_texturing_lesson_1_creating_a_cracker_box_model.html
c:\program files\autodesk\maya8.5\scripts\others\crackshatter.mel
c:\program files\bitlord\downloads\age of empires 3 full dvd +crack + serial.iso
c:\program files\bitlord\downloads\adobe cs4 master collection\crack\readme.txt
c:\program files\bitlord\downloads\adobe cs4 master collection\crack\adobe cs4 keygen & activation\amtlib.dll
c:\program files\bitlord\downloads\adobe cs4 master collection\crack\adobe cs4 keygen & activation\disable_activation.cmd
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe readme.txt
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\install readme.txt
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\tracked_by_h33t_com.txt
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd1.iso
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd2.iso
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd3.iso
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\crack + patch\age3.exe
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\crack + patch\aoe3112english.exe
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\aoe3_asiandynasties.iso
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\crack + patch\age3y.exe
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\crack + patch\aoe3y-101a-english.exe
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\warchiefs expansion image\empires.iso
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\warchiefs expansion image\crack + patch\aoe3x104english.exe
c:\program files\bitlord\downloads\autodesk.maya.unlimited.v2009-iso\maya2k9_crack.rar
c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\install.txt
c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.nodvd.crack-reloaded.ed2k.rar
c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.part01.daa
c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.part02.daa
c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\torrent_downloaded_from_demonoid_com.txt
scanner sequence 3.ZZ.11
----- EOF -----

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by Sneakyone on Fri 09 Jul 2010, 8:14 am

Hi,

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

============

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:


    KillAll::

    File::
    c:\documents and settings\all users\documents\crack\photoshop.exe
    c:\documents and settings\external drive\oldcompy\cdrivecrap\flexlm\awkeygen.exe
    c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\desktop\mudbox\skymatter3d mudbox 1.0.1568\crack\install.txt
    c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\desktop\old college classes\lightingandtexturing\renderman\pixar.renderman.for.maya6.5_7.0.v1.0.i686.retail.incl.patch.and.keymaker.read.nfo-zwt\pixarrenderman\program\keygen.exe
    c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\favorites\-=i.c.e. fortress =- international cracking experts.url
    c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\my documents\zbrush\zbrush 2.0\crack\pdxkg.exe
    c:\documents and settings\sarah\desktop\michi's stuff\shockwave.com.pizza.frenzy.cracked-tsrh.zip
    c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\a_scanahand_highlogic_setup_rc1_keygen.rar
    c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\scanahandsetup rc1+keygen\keygen.exe
    c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\scanahandsetup rc1+keygen\scanahandsetuprc1.exe
    c:\downloads\crack\civ4beyondsword.exe
    c:\flexlm\awkeygen.exe
    c:\flexlm1\awkeygen.exe
    c:\flexlm2\awkeygen.exe
    c:\program files\bitlord\downloads\age of empires 3 full dvd +crack + serial.iso
    c:\program files\bitlord\downloads\adobe cs4 master collection\crack\readme.txt
    c:\program files\bitlord\downloads\adobe cs4 master collection\crack\adobe cs4 keygen & activation\amtlib.dll
    c:\program files\bitlord\downloads\adobe cs4 master collection\crack\adobe cs4 keygen & activation\disable_activation.cmd
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe readme.txt
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\install readme.txt
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\tracked_by_h33t_com.txt
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd1.iso
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd2.iso
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd3.iso
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\crack + patch\age3.exe
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\crack + patch\aoe3112english.exe
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\aoe3_asiandynasties.iso
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\crack + patch\age3y.exe
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\crack + patch\aoe3y-101a-english.exe
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\warchiefs expansion image\empires.iso
    c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\warchiefs expansion image\crack + patch\aoe3x104english.exe
    c:\program files\bitlord\downloads\autodesk.maya.unlimited.v2009-iso\maya2k9_crack.rar
    c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\install.txt
    c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.nodvd.crack-reloaded.ed2k.rar
    c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.part01.daa
    c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.part02.daa
    c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\torrent_downloaded_from_demonoid_com.txt

    Folder::
    c:\documents and settings\Sarah\Local Settings\Application Data\qrmrjbjyf
    c:\documents and settings\Sarah\Local Settings\Application Data\phhofrtaf

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5577

    Rootkit::
    c:\windows\system32\drivers\rwqwuxy.sys

    Reboot::

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

2nd Combofix.txt

Post by terms5 on Fri 09 Jul 2010, 10:19 am

Once again, thanks for the sound advice and help. Here is the next combofix.txt:

ComboFix 10-07-06.05 - Sarah 07/08/2010 15:47:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1369 [GMT -7:00]
Running from: c:\documents and settings\Sarah\Desktop\commy.exe
Command switches used :: c:\documents and settings\Sarah\Desktop\CFscript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\documents and settings\all users\documents\crack\photoshop.exe"
"c:\documents and settings\external drive\oldcompy\cdrivecrap\flexlm\awkeygen.exe"
"c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\desktop\mudbox\skymatter3d mudbox 1.0.1568\crack\install.txt"
"c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\desktop\old college classes\lightingandtexturing\renderman\pixar.renderman.for.maya6.5_7.0.v1.0.i686.retail.incl.patch.and.keymaker.read.nfo-zwt\pixarrenderman\program\keygen.exe"
"c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\favorites\-=i.c.e. fortress =- international cracking experts.url"
"c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\my documents\zbrush\zbrush 2.0\crack\pdxkg.exe"
"c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\a_scanahand_highlogic_setup_rc1_keygen.rar"
"c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\scanahandsetup rc1+keygen\keygen.exe"
"c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\scanahandsetup rc1+keygen\scanahandsetuprc1.exe"
"c:\documents and settings\sarah\desktop\michi's stuff\shockwave.com.pizza.frenzy.cracked-tsrh.zip"
"c:\downloads\crack\civ4beyondsword.exe"
"c:\flexlm\awkeygen.exe"
"c:\flexlm1\awkeygen.exe"
"c:\flexlm2\awkeygen.exe"
"c:\program files\bitlord\downloads\adobe cs4 master collection\crack\adobe cs4 keygen & activation\amtlib.dll"
"c:\program files\bitlord\downloads\adobe cs4 master collection\crack\adobe cs4 keygen & activation\disable_activation.cmd"
"c:\program files\bitlord\downloads\adobe cs4 master collection\crack\readme.txt"
"c:\program files\bitlord\downloads\age of empires 3 full dvd +crack + serial.iso"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\crack + patch\age3.exe"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\crack + patch\aoe3112english.exe"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd1.iso"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd2.iso"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd3.iso"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe readme.txt"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\aoe3_asiandynasties.iso"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\crack + patch\age3y.exe"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\crack + patch\aoe3y-101a-english.exe"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\install readme.txt"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\tracked_by_h33t_com.txt"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\warchiefs expansion image\crack + patch\aoe3x104english.exe"
"c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\warchiefs expansion image\empires.iso"
"c:\program files\bitlord\downloads\autodesk.maya.unlimited.v2009-iso\maya2k9_crack.rar"
"c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\install.txt"
"c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.nodvd.crack-reloaded.ed2k.rar"
"c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.part01.daa"
"c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.part02.daa"
"c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\torrent_downloaded_from_demonoid_com.txt"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\all users\documents\crack\photoshop.exe
c:\documents and settings\external drive\oldcompy\cdrivecrap\flexlm\awkeygen.exe
c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\desktop\mudbox\skymatter3d mudbox 1.0.1568\crack\install.txt
c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\favorites\-=i.c.e. fortress =- international cracking experts.url
c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\my documents\zbrush\zbrush 2.0\crack\pdxkg.exe
c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\a_scanahand_highlogic_setup_rc1_keygen.rar
c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\scanahandsetup rc1+keygen\keygen.exe
c:\documents and settings\sarah\desktop\michi's stuff\comics\sexcomic\book project\handwriting font\scanahandsetup rc1+keygen\scanahandsetuprc1.exe
c:\documents and settings\sarah\desktop\michi's stuff\shockwave.com.pizza.frenzy.cracked-tsrh.zip
c:\documents and settings\Sarah\Local Settings\Application Data\phhofrtaf
c:\documents and settings\Sarah\Local Settings\Application Data\qrmrjbjyf
c:\downloads\crack\civ4beyondsword.exe
c:\flexlm\awkeygen.exe
c:\flexlm1\awkeygen.exe
c:\flexlm2\awkeygen.exe
c:\program files\bitlord\downloads\adobe cs4 master collection\crack\adobe cs4 keygen & activation\amtlib.dll
c:\program files\bitlord\downloads\adobe cs4 master collection\crack\adobe cs4 keygen & activation\disable_activation.cmd
c:\program files\bitlord\downloads\adobe cs4 master collection\crack\readme.txt
c:\program files\bitlord\downloads\age of empires 3 full dvd +crack + serial.iso
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\crack + patch\age3.exe
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\crack + patch\aoe3112english.exe
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd1.iso
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd2.iso
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe iii images\rld-aoe-cd3.iso
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\aoe readme.txt
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\aoe3_asiandynasties.iso
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\crack + patch\age3y.exe
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\asian dynasties expansion image\crack + patch\aoe3y-101a-english.exe
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\install readme.txt
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\tracked_by_h33t_com.txt
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\warchiefs expansion image\crack + patch\aoe3x104english.exe
c:\program files\bitlord\downloads\aoe iii inc warchiefs asian dynasties and cracks[h33t][mattlb0619]\warchiefs expansion image\empires.iso
c:\program files\bitlord\downloads\autodesk.maya.unlimited.v2009-iso\maya2k9_crack.rar
c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\install.txt
c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.nodvd.crack-reloaded.ed2k.rar
c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.part01.daa
c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\the.elder.scrolls.iv.oblivion.part02.daa
c:\program files\bitlord\downloads\the fab sixties vol 6\the.elder.scrolls.iv.oblivion + nodvd crack\torrent_downloaded_from_demonoid_com.txt
c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\desktop\old college classes\lightingandtexturing\renderman\pixar.renderman.for.maya6.5_7.0.v1.0.i686.retail.incl.patch.and.keymaker.read.nfo-zwt\pixarrenderman\program\keygen.exe . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-07 22:12 . 2010-07-07 22:12 -------- d-----w- C:\_OTL
2010-07-07 02:43 . 2010-07-07 02:43 -------- d-----w- c:\program files\Common Files\Java
2010-07-07 02:42 . 2010-07-07 02:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 21:52 . 2010-07-07 01:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-25 01:14 . 2010-07-07 01:21 -------- d-----w- c:\documents and settings\Sarah\Application Data\Hamachi
2010-06-25 01:08 . 2010-06-25 01:09 -------- d-----w- c:\program files\Hamachi
2010-06-23 01:52 . 2010-06-23 01:52 -------- d-----w- c:\program files\CCleaner
2010-06-23 01:12 . 2010-06-23 01:12 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-06-20 04:16 . 2010-06-25 00:52 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\LogMeIn Hamachi
2010-06-20 04:16 . 2010-07-08 23:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-06-20 04:16 . 2010-06-20 04:16 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-19 23:52 . 2010-06-19 23:53 -------- d-----w- c:\documents and settings\Sarah\Application Data\HpUpdate
2010-06-19 23:52 . 2010-06-19 23:52 -------- d-----w- c:\windows\Hewlett-Packard
2010-06-11 23:22 . 2010-06-11 23:22 -------- d-----w- c:\documents and settings\Sarah\Application Data\HP
2010-06-11 23:22 . 2010-06-11 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-06-11 23:08 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-06-11 23:08 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-06-11 23:08 . 2009-04-16 21:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-06-11 23:08 . 2009-04-16 21:08 126976 ----a-w- c:\windows\system32\hpfll70v.dll
2010-06-11 23:08 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-06-11 23:08 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-06-11 23:08 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-06-11 23:08 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-06-11 23:05 . 2010-06-11 23:05 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-06-11 23:05 . 2010-06-11 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-06-11 23:02 . 2010-06-19 23:53 -------- d-----w- c:\program files\HP
2010-06-11 22:58 . 2010-06-11 23:09 163423 ----a-w- c:\windows\hphins33.dat
2010-06-11 22:58 . 2009-06-11 10:17 586 ------w- c:\windows\hphmdl33.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 23:01 . 2008-02-22 22:59 -------- d-----w- c:\documents and settings\Sarah\Application Data\WTablet
2010-07-07 02:46 . 2007-11-29 06:29 -------- d-----w- c:\program files\Java
2010-07-07 01:40 . 2007-10-11 06:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-07 01:27 . 2009-08-31 03:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-06 22:55 . 2007-10-30 00:49 -------- d-----w- c:\documents and settings\Sarah\Application Data\Canon
2010-07-05 18:12 . 2008-04-15 10:22 -------- d-----w- c:\documents and settings\Sarah\Application Data\OpenOffice.org2
2010-07-03 02:15 . 2008-11-30 02:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-02 12:01 . 2008-11-04 01:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 01:13 . 2008-10-19 05:17 -------- d-----w- c:\documents and settings\Sarah\Application Data\HamachiBackup
2010-06-25 01:08 . 2008-10-19 05:17 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-06-23 01:43 . 2007-09-27 11:21 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 01:11 . 2007-11-29 04:46 -------- d-----w- c:\program files\MSECache
2010-06-20 16:13 . 2007-09-27 10:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-06 05:14 . 2009-01-03 03:58 -------- d-----w- c:\documents and settings\Sarah\Application Data\dvdcss
2010-05-31 03:05 . 2007-09-27 10:58 8 ----a-w- c:\windows\system32\nvModes.dat
2010-05-13 19:27 . 2010-05-13 19:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-11 23:49 . 2009-03-04 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-10 17:23 . 2010-05-10 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-10 03:24 . 2010-05-10 03:24 -------- d-----w- c:\program files\QuickTime
2010-05-10 03:19 . 2007-09-28 19:21 -------- d-----w- c:\program files\Bonjour
2010-05-04 17:20 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2008-11-04 01:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2008-11-04 01:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-07-03 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"nwiz"="nwiz.exe" [2007-05-11 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-25 115560]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-11 03:45 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Sarah^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Sarah\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 04:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-12 21:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Sarah\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/28/2007 12:05 PM 639224]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 4:11 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 67656]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2/22/2008 3:58 PM 1373480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/10/2010 8:37 PM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 5:12 PM 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/3/2008 6:10 PM 38224]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 6:29 AM 29178224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 12872]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [12/13/2008 10:43 PM 23480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:11]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:11]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Sarah\Application Data\Mozilla\Firefox\Profiles\tn119mgy.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Sarah\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-08 16:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8A7777AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e90cb8
\Driver\atapi -> atapi.sys @ 0xb9e25b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Wireless-G PCI Adapter -> SendCompleteHandler -> NDIS.sys @ 0xb9d14bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d21a21
SendHandler -> NDIS.sys @ 0xb9cff87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-115176313-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:9e,dc,03,e0,48,dd,16,dc,2b,8c,c7,4a,a5,66,fe,63,db,f5,1d,2a,1b,
95,20,09,cf,c7,95,63,91,4a,39,d7,85,03,a4,4b,a7,ed,e6,fa,2f,e2,19,d5,c5,9c,\
"rkeysecu"=hex:e7,e2,1b,23,67,33,f2,7f,eb,1f,0a,e6,e6,da,14,57

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-08 16:14:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-08 23:14
ComboFix2.txt 2010-07-08 03:49

Pre-Run: 64,704,000,000 bytes free
Post-Run: 64,499,744,768 bytes free

- - End Of File - - A78308D3F4BF83AE7085EAA7C402AE6B

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by Sneakyone on Fri 09 Jul 2010, 11:17 am

Hi,

1. Please download The Avenger by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:
Files to delete:
c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\desktop\old college classes\lightingandtexturing\renderman\pixar.renderman.for.maya6.5_7.0.v1.0.i686.retail.incl.patch.and.keymaker.read.nfo-zwt\pixarrenderman\program\keygen.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

=====

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Avenger and TDSSKiller files

Post by terms5 on Fri 09 Jul 2010, 10:54 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\documents and settings\external drive\oldcompy\docsandsettingsstuff\desktop\old college classes\lightingandtexturing\renderman\pixar.renderman.for.maya6.5_7.0.v1.0.i686.retail.incl.patch.and.keymaker.read.nfo-zwt\pixarrenderman\program\keygen.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

------------------------------------------------------------------------------------------------------------------------------------------

04:51:21:390 3452 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
04:51:21:390 3452 ================================================================================
04:51:21:390 3452 SystemInfo:

04:51:21:390 3452 OS Version: 5.1.2600 ServicePack: 3.0
04:51:21:390 3452 Product type: Workstation
04:51:21:390 3452 ComputerName: SARAHLOVESMICHI
04:51:21:390 3452 UserName: Sarah
04:51:21:390 3452 Windows directory: C:\WINDOWS
04:51:21:390 3452 System windows directory: C:\WINDOWS
04:51:21:390 3452 Processor architecture: Intel x86
04:51:21:390 3452 Number of processors: 2
04:51:21:390 3452 Page size: 0x1000
04:51:21:390 3452 Boot type: Normal boot
04:51:21:390 3452 ================================================================================
04:51:22:312 3452 Initialize success
04:51:22:312 3452
04:51:22:312 3452 Scanning Services ...
04:51:23:734 3452 Raw services enum returned 378 services
04:51:23:750 3452
04:51:23:750 3452 Scanning Drivers ...
04:51:25:031 3452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:51:25:062 3452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
04:51:25:125 3452 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
04:51:25:187 3452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:51:25:265 3452 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
04:51:25:343 3452 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
04:51:25:390 3452 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
04:51:25:468 3452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:51:25:515 3452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:51:25:546 3452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:51:25:593 3452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:51:25:703 3452 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
04:51:25:750 3452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:51:26:062 3452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:51:26:109 3452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:51:26:156 3452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:51:26:234 3452 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:51:26:328 3452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:51:26:437 3452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:51:26:531 3452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:51:26:562 3452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:51:26:609 3452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:51:26:656 3452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:51:26:812 3452 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
04:51:26:843 3452 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:51:26:890 3452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:51:26:921 3452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:51:26:953 3452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:51:26:984 3452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
04:51:27:046 3452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
04:51:27:109 3452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:51:27:171 3452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:51:27:218 3452 gdrv (ad6bd6bdc97bede8a5507ee01220c00f) C:\WINDOWS\gdrv.sys
04:51:29:218 3452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
04:51:29:265 3452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:51:29:312 3452 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys
04:51:29:359 3452 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
04:51:29:390 3452 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
04:51:29:421 3452 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
04:51:29:468 3452 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:51:29:515 3452 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
04:51:29:562 3452 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
04:51:29:593 3452 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
04:51:29:671 3452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:51:29:765 3452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:51:29:812 3452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:51:30:015 3452 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
04:51:30:218 3452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
04:51:30:250 3452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:51:30:312 3452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:51:30:359 3452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:51:30:421 3452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:51:30:484 3452 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
04:51:30:546 3452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:51:30:578 3452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:51:30:656 3452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:51:30:703 3452 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
04:51:30:750 3452 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
04:51:30:796 3452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:51:30:843 3452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:51:30:906 3452 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
04:51:31:015 3452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:51:31:062 3452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:51:31:093 3452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:51:31:156 3452 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:51:31:187 3452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:51:31:218 3452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:51:31:296 3452 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:51:31:359 3452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:51:31:406 3452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:51:31:437 3452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:51:31:453 3452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:51:31:500 3452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:51:31:515 3452 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
04:51:31:656 3452 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100708.033\NAVENG.SYS
04:51:31:718 3452 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100708.033\NAVEX15.SYS
04:51:31:859 3452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:51:31:937 3452 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:51:31:953 3452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:51:31:984 3452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:51:32:000 3452 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
04:51:32:062 3452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:51:32:140 3452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:51:32:171 3452 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
04:51:32:203 3452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:51:32:234 3452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:51:32:281 3452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:51:32:531 3452 nv (ceab17ba3e0f7de96a4649f896b35131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
04:51:32:906 3452 nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys
04:51:32:953 3452 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
04:51:32:984 3452 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
04:51:33:046 3452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:51:33:062 3452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:51:33:109 3452 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
04:51:33:156 3452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
04:51:33:187 3452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:51:33:218 3452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:51:33:265 3452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:51:33:328 3452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:51:33:375 3452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:51:33:484 3452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:51:33:515 3452 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
04:51:33:546 3452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:51:33:562 3452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:51:33:609 3452 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys
04:51:33:718 3452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:51:33:781 3452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:51:33:796 3452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:51:33:812 3452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:51:33:906 3452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:51:33:937 3452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:51:33:968 3452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:51:34:015 3452 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
04:51:34:078 3452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:51:34:125 3452 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:51:34:171 3452 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
04:51:34:203 3452 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
04:51:34:296 3452 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\WINDOWS\system32\drivers\SCDEmu.sys
04:51:34:359 3452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:51:34:406 3452 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
04:51:34:453 3452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:51:34:531 3452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
04:51:34:578 3452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:51:34:671 3452 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
04:51:34:781 3452 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
04:51:34:812 3452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:51:34:890 3452 sptd (73205bd9a388639c210636793fe3fd61) C:\WINDOWS\system32\Drivers\sptd.sys
04:51:34:890 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 73205bd9a388639c210636793fe3fd61
04:51:34:953 3452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:51:35:031 3452 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
04:51:35:078 3452 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
04:51:35:140 3452 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
04:51:35:203 3452 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
04:51:35:265 3452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:51:35:296 3452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:51:35:375 3452 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
04:51:35:437 3452 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
04:51:35:500 3452 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
04:51:35:593 3452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:51:35:687 3452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:51:35:734 3452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:51:35:781 3452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:51:35:828 3452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:51:35:890 3452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:51:35:953 3452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:51:36:015 3452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:51:36:046 3452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:51:36:078 3452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:51:36:093 3452 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
04:51:36:125 3452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:51:36:140 3452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:51:36:187 3452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:51:36:234 3452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:51:36:296 3452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:51:36:343 3452 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
04:51:36:421 3452 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
04:51:36:468 3452 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
04:51:36:515 3452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:51:36:546 3452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:51:36:593 3452 wip0204 (2944bed10ffd9369da9a988d8ac899e4) C:\WINDOWS\system32\DRIVERS\wip0204.sys
04:51:36:687 3452 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:51:36:703 3452 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:51:36:718 3452
04:51:36:718 3452 Completed
04:51:36:718 3452
04:51:36:718 3452 Results:
04:51:36:718 3452 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
04:51:36:718 3452 File objects infected / cured / cured on reboot: 0 / 0 / 0
04:51:36:718 3452
04:51:36:718 3452 KLMD(ARK) unloaded successfully

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by Sneakyone on Sat 10 Jul 2010, 3:27 am

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    sptd.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by terms5 on Sat 10 Jul 2010, 9:17 am

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:09 on 09/07/2010 by Sarah (Administrator - Elevation successful)

========== filefind ==========

Searching for "sptd.sys"
C:\WINDOWS\system32\drivers\sptd.sys --a--- 639224 bytes [19:05 28/09/2007] [19:05 28/09/2007] (Unable to calculate MD5)

-=End Of File=-

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by Sneakyone on Sat 10 Jul 2010, 12:21 pm

Hi,

Please download and run this here: [You must be registered and logged in to see this link.]

This will replace the infected Stpd.sys.

After you have downloaded and ran that, please provide a fresh ComboFix log.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by terms5 on Sat 10 Jul 2010, 1:07 pm

ComboFix 10-07-06.05 - Sarah 07/09/2010 18:50:03.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1563 [GMT -7:00]
Running from: c:\documents and settings\Sarah\Desktop\commy.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-07 22:12 . 2010-07-07 22:12 -------- d-----w- C:\_OTL
2010-07-07 02:43 . 2010-07-07 02:43 -------- d-----w- c:\program files\Common Files\Java
2010-07-07 02:42 . 2010-07-07 02:42 503808 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1d35d35d-n\msvcp71.dll
2010-07-07 02:42 . 2010-07-07 02:42 499712 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1d35d35d-n\jmc.dll
2010-07-07 02:42 . 2010-07-07 02:42 348160 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1d35d35d-n\msvcr71.dll
2010-07-07 02:42 . 2010-07-07 02:42 61440 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4d886681-n\decora-sse.dll
2010-07-07 02:42 . 2010-07-07 02:42 12800 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4d886681-n\decora-d3d.dll
2010-07-07 02:42 . 2010-07-07 02:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-04 22:18 . 2010-07-06 23:00 63488 ----a-w- c:\documents and settings\Sarah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-01 21:52 . 2010-07-07 01:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-25 01:14 . 2010-07-10 01:31 -------- d-----w- c:\documents and settings\Sarah\Application Data\Hamachi
2010-06-25 01:08 . 2010-06-25 01:09 -------- d-----w- c:\program files\Hamachi
2010-06-23 01:52 . 2010-06-23 01:52 -------- d-----w- c:\program files\CCleaner
2010-06-23 01:12 . 2010-06-23 01:12 3584 ----a-r- c:\documents and settings\Sarah\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-06-23 01:12 . 2010-06-23 01:12 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-06-22 23:40 . 2010-06-22 23:40 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb372.tmp.exe
2010-06-20 04:16 . 2010-06-25 00:52 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\LogMeIn Hamachi
2010-06-20 04:16 . 2010-07-10 02:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-06-20 04:16 . 2010-06-20 04:16 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-19 23:52 . 2010-06-19 23:53 -------- d-----w- c:\documents and settings\Sarah\Application Data\HpUpdate
2010-06-19 23:52 . 2010-06-19 23:52 -------- d-----w- c:\windows\Hewlett-Packard
2010-06-11 23:22 . 2010-06-11 23:22 -------- d-----w- c:\documents and settings\Sarah\Application Data\HP
2010-06-11 23:22 . 2010-06-11 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-06-11 23:08 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-06-11 23:08 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-06-11 23:08 . 2009-04-16 21:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-06-11 23:08 . 2009-04-16 21:08 126976 ----a-w- c:\windows\system32\hpfll70v.dll
2010-06-11 23:08 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-06-11 23:08 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-06-11 23:08 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-06-11 23:08 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-06-11 23:05 . 2010-06-11 23:05 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-06-11 23:05 . 2010-06-11 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-06-11 23:02 . 2010-06-19 23:53 -------- d-----w- c:\program files\HP
2010-06-11 22:58 . 2010-06-11 23:09 163423 ----a-w- c:\windows\hphins33.dat
2010-06-11 22:58 . 2009-06-11 10:17 586 ------w- c:\windows\hphmdl33.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 01:43 . 2008-02-22 22:59 -------- d-----w- c:\documents and settings\Sarah\Application Data\WTablet
2010-07-10 01:31 . 2007-09-28 19:05 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-09 11:44 . 2009-08-31 03:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-07 02:46 . 2007-11-29 06:29 -------- d-----w- c:\program files\Java
2010-07-07 01:40 . 2007-10-11 06:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-06 23:00 . 2009-04-15 16:10 117760 ----a-w- c:\documents and settings\Sarah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-06 22:55 . 2007-10-30 00:49 -------- d-----w- c:\documents and settings\Sarah\Application Data\Canon
2010-07-05 18:12 . 2008-04-15 10:22 -------- d-----w- c:\documents and settings\Sarah\Application Data\OpenOffice.org2
2010-07-05 18:09 . 2008-04-15 10:23 1 ----a-w- c:\documents and settings\Sarah\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-07-03 02:15 . 2008-11-30 02:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-02 12:01 . 2008-11-04 01:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 01:13 . 2008-10-19 05:17 -------- d-----w- c:\documents and settings\Sarah\Application Data\HamachiBackup
2010-06-25 01:08 . 2008-10-19 05:17 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-06-23 01:43 . 2007-09-27 11:21 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 01:11 . 2007-11-29 04:46 -------- d-----w- c:\program files\MSECache
2010-06-20 16:13 . 2007-09-27 10:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-06 05:14 . 2009-01-03 03:58 -------- d-----w- c:\documents and settings\Sarah\Application Data\dvdcss
2010-05-31 03:05 . 2007-09-27 10:58 8 ----a-w- c:\windows\system32\nvModes.dat
2010-05-13 19:27 . 2010-05-13 19:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-11 23:49 . 2009-03-04 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-10 17:23 . 2010-05-10 17:23 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-05-08 12:02 . 2010-05-08 12:02 52224 ----a-w- c:\documents and settings\Sarah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-04 17:20 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2008-11-04 01:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2008-11-04 01:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-07-03 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"nwiz"="nwiz.exe" [2007-05-11 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-25 115560]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-11 03:45 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Sarah^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Sarah\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 04:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-12 21:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Sarah\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 4:11 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 67656]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2/22/2008 3:58 PM 1373480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/10/2010 8:37 PM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 5:12 PM 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/3/2008 6:10 PM 38224]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 6:29 AM 29178224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 12872]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [12/13/2008 10:43 PM 23480]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/28/2007 12:05 PM 697328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:11]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:11]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Sarah\Application Data\Mozilla\Firefox\Profiles\tn119mgy.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Sarah\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-09 19:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-115176313-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:9e,dc,03,e0,48,dd,16,dc,2b,8c,c7,4a,a5,66,fe,63,db,f5,1d,2a,1b,
95,20,09,cf,c7,95,63,91,4a,39,d7,85,03,a4,4b,a7,ed,e6,fa,2f,e2,19,d5,c5,9c,\
"rkeysecu"=hex:e7,e2,1b,23,67,33,f2,7f,eb,1f,0a,e6,e6,da,14,57

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-07-09 19:06:02
ComboFix-quarantined-files.txt 2010-07-10 02:06
ComboFix2.txt 2010-07-08 23:14
ComboFix3.txt 2010-07-08 03:49

Pre-Run: 65,323,282,432 bytes free
Post-Run: 65,337,815,040 bytes free

- - End Of File - - 14A2082B2E8EC2518B22215343727BB3

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by Sneakyone on Sat 10 Jul 2010, 1:25 pm

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by terms5 on Sun 11 Jul 2010, 1:55 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7a3b76b4dc1cf84880ee979aea8438ea
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-10 07:33:50
# local_time=2010-07-10 12:33:50 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=418836
# found=2
# cleaned=2
# scan_time=9195
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3B6F6934-3B54-4A3E-A83B-6F235F74605E}\RP1024\A0111285.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by Sneakyone on Sun 11 Jul 2010, 3:00 am

Hi,

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


========

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==========

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit [You must be registered and logged in to see this link.]

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

ESET

Post by terms5 on Sun 11 Jul 2010, 5:58 am

Edit: Sorry a double post of the ESET.

Thank you so much for your help!!! I will definitely donate to your site because you saved me countless hours of troubleshooting and most likely a burdensome reformat. Have a great day and thanks again!!! <3 <3 <3


Last edited by terms5 on Sun 11 Jul 2010, 6:04 am; edited 1 time in total (Reason for editing : Double posted ESET results)

terms5

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-07-07
Operating System : Windows XP 32 bit

View user profile

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by Sneakyone on Sun 11 Jul 2010, 6:37 am

You're welcome, glad I could help.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Antivirus Soft Infection cannot remove please help?

Post by Sponsored content Today at 11:17 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum