unknown infection(s)

View previous topic View next topic Go down

unknown infection(s)

Post by DeeOhh666 on Fri 30 Jul 2010, 9:58 am

OTL logfile created on: 29/07/2010 23:09:10 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 521.00 Mb Available Physical Memory | 51.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 123.73 Gb Free Space | 53.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEOHH666
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/29 23:06:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.com
PRC - [2010/06/29 03:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/05/21 19:25:15 | 001,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/05/21 19:25:14 | 000,448,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


========== Modules (SafeList) ==========

MOD - [2010/07/29 23:06:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.com
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/07/11 15:06:58 | 000,042,672 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\system32\wbsys.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/29 23:10:46 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/22 01:58:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/27 18:25:01 | 000,603,904 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/02/27 18:24:59 | 000,360,192 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/01/27 19:26:42 | 000,398,336 | ---- | M] (Ares Development Group) [Disabled | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2008/12/11 14:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva344.sys -- (XDva344)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\jbridgep.sys -- (jbridgep)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/09 02:14:18 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/07 02:40:22 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/30 15:35:07 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006/10/12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/21 06:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/03/02 17:37:50 | 000,125,184 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2004/03/02 17:37:48 | 000,005,504 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2003/09/05 08:47:22 | 000,514,859 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca536av.sys -- (Ca536av)
DRV - [2003/05/14 12:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera)
DRV - [2001/08/17 14:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.0.3
FF - prefs.js..extensions.enabledItems: {7ef7f4d6-947d-11dc-8314-0800200c9a66}:3.0.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.6.20090630


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/16 12:04:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 22:22:40 | 000,000,000 | ---D | M]

[2008/09/06 21:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/08 01:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions
[2010/06/25 00:51:52 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/06/25 00:51:47 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/25 00:51:43 | 000,000,000 | ---D | M] (docked JS-Console) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{1a75d1b8-7502-11db-9695-00e08161165f}
[2010/06/25 00:51:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/18 22:34:27 | 000,000,000 | ---D | M] (Collactive Web Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{2aa17f4f-3c91-4329-b669-ec76dd902591}
[2009/12/31 03:03:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/25 00:52:00 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/04/29 08:34:18 | 000,000,000 | ---D | M] (Messenger Plus Live UK Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{77f40091-495b-4c46-9068-2b24c4133157}
[2008/09/06 21:31:23 | 000,000,000 | ---D | M] (Abstract Zune) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2010/06/25 00:51:46 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2008/10/18 20:42:29 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
[2009/02/18 12:05:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/04/18 10:29:43 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{d07a4843-111f-4699-8551-8ce2afa075cd}
[2010/06/25 01:28:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/25 00:51:45 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/02/18 12:05:06 | 000,000,000 | ---D | M] (QuickJava) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
[2009/07/22 20:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}
[2009/04/18 10:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\ctrl-tab@design-noir.de
[2009/08/04 00:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\firebug@software.joehewitt.com
[2010/06/25 00:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\firefox-extension@shareaholic.com
[2009/07/22 20:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\nasanightlaunch@example.com
[2009/01/18 22:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\undoclosedtabsbutton@supernova00.biz
[2010/06/25 00:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\firefox-extension@shareaholic.com\chrome
[2010/06/25 00:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\extensions\firefox-extension@shareaholic.com\defaults
[2009/01/18 22:43:29 | 000,008,579 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\searchplugins\oneriot-search.xml
[2010/07/29 22:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/25 16:45:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/29 22:02:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/29 22:02:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/17 01:48:49 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live UK Toolbar) - {77F40091-495B-4C46-9068-2B24C4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogonStudio] C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe File not found
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\stuff\Custom Desktop 1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\stuff\Custom Desktop 1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/17 17:32:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14B31C58-E25D-DBFE-A825-F9133AC53B6D} - IE7 Uninstall Stub
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4CE1E42B-D94F-98A6-C788-7D5F611CADF7} - Adobe Shockwave Director 10.2
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
Drivers32: VIDC.SP58 - SP5X_32.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/29 23:04:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/29 23:00:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/07/29 22:43:53 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/07/29 22:43:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/29 22:41:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/29 22:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\javara
[2010/07/29 22:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/29 22:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/29 22:02:28 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/29 22:02:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/29 22:02:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/29 22:02:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/29 22:02:28 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/29 20:43:27 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/16 12:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\PartyGaming
[2010/07/15 13:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SecondLife
[2010/07/15 13:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\SecondLifeViewer2
[2010/07/15 13:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2010/07/15 12:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\Outspark
[2010/07/15 11:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
[2010/07/15 11:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/07/15 11:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/07/08 00:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\wsInspector
[2010/07/08 00:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\wsInspector
[2010/07/08 00:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows
[2010/07/07 15:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/28 02:39:19 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\md5.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/29 23:08:15 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/29 23:04:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-362288127-1801674531-1003UA.job
[2010/07/29 23:01:00 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2010/07/29 23:00:45 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/29 22:52:37 | 000,436,008 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/29 22:52:37 | 000,068,330 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/29 22:52:36 | 000,514,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/29 22:48:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/29 22:48:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/29 22:46:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/29 22:45:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/29 22:22:40 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/29 22:02:03 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/29 22:02:03 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/29 22:02:03 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/29 22:02:02 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/29 22:02:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/29 20:43:29 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/29 11:24:31 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/18 08:04:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-362288127-1801674531-1003Core.job
[2010/07/17 22:41:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/16 12:04:27 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
[2010/07/16 12:04:26 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PartyPoker.lnk
[2010/07/15 13:17:01 | 901,039,426 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FlyffV15.exe.downloading
[2010/07/15 13:15:12 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Second Life Viewer 2.lnk
[2010/07/15 12:25:14 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fiesta.lnk
[2010/07/15 12:22:41 | 1251,383,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fiesta-10.0.0301.exe
[2010/07/14 02:41:54 | 001,582,172 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/08 01:37:49 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/07/08 00:46:48 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Startup Inspector for Windows.lnk
[2010/07/07 15:11:59 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/29 23:00:45 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/29 22:22:40 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/16 12:04:27 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
[2010/07/16 12:04:26 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PartyPoker.lnk
[2010/07/15 13:15:12 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Second Life Viewer 2.lnk
[2010/07/15 13:13:01 | 901,039,426 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FlyffV15.exe.downloading
[2010/07/15 12:43:29 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/07/15 12:25:14 | 000,001,571 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fiesta.lnk
[2010/07/15 11:20:38 | 1251,383,008 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fiesta-10.0.0301.exe
[2010/07/08 00:46:48 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Startup Inspector for Windows.lnk
[2010/07/07 15:11:59 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/06/20 10:17:36 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/01/02 19:13:27 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/05/28 17:43:41 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/05/27 21:50:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/02/07 02:40:21 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/30 16:05:15 | 000,000,304 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/27 20:59:08 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/01/27 20:59:08 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/10/18 00:25:11 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Quickchess.ini
[2008/07/23 17:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 17:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 17:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 17:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/18 18:09:13 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
[2008/05/20 13:45:35 | 000,640,362 | -HS- | C] () -- C:\WINDOWS\System32\SsCdgMoq.ini2
[2008/05/19 19:28:32 | 001,489,608 | -HS- | C] () -- C:\WINDOWS\System32\sgaubmbi.ini
[2008/05/19 19:21:40 | 000,640,362 | -HS- | C] () -- C:\WINDOWS\System32\SsCdgMoq.ini
[2008/05/18 17:20:30 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/01/10 10:55:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/06 02:13:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/12/05 23:43:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007/12/05 23:38:57 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007/10/30 19:15:42 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsa9F0.dll.ren
[2007/10/26 16:23:01 | 000,000,021 | ---- | C] () -- C:\WINDOWS\COMPASS.INI
[2007/09/24 02:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/09/23 16:13:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/18 12:10:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/05/09 21:09:56 | 000,012,423 | ---- | C] () -- C:\WINDOWS\smartex.ini
[2005/01/25 16:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/02/07 02:40:22 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2007/09/17 18:18:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/09/17 18:18:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/09/17 18:18:42 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/17 01:48:22 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/17 01:48:29 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/17 01:48:49 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/17 01:48:55 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/03 23:46:56 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2005/01/04 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2004/08/17 01:49:15 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/17 01:49:15 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/17 01:49:15 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/17 01:49:15 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/17 01:49:15 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 23:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 23:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 23:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 23:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 23:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 14:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 02:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2008/04/14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2007/09/17 17:32:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/23 11:42:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/09/17 17:32:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/28 21:52:14 | 000,006,988 | ---- | M] () -- C:\Detections.txt
[2007/09/17 17:32:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/29 22:06:54 | 000,000,000 | ---- | M] () -- C:\JavaRa.log
[2007/09/17 17:32:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/18 14:51:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/02/29 16:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
[2010/07/29 22:47:57 | 2097,152,000 | -HS- | M] () -- C:\pagefile.sys
[2010/06/24 22:59:19 | 000,000,000 | ---- | M] () -- C:\taskList.txt
[2010/04/29 08:34:45 | 000,001,157 | ---- | M] () -- C:\updatedatfix.log
[2009/01/27 21:59:12 | 000,000,024 | ---- | M] () -- C:\url_history.xml
[2008/12/10 23:31:30 | 000,000,003 | ---- | M] () -- C:\WLCount.Txt
[2008/12/10 23:05:04 | 739,280,799 | ---- | M] (IGG Inc. ) -- C:\wl_setup_3.0.1.exe

< %PROGRAMFILES%\*. >
[2010/06/29 22:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems
[2008/03/14 12:16:07 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2010/07/29 22:21:12 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/03/22 02:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2007/09/18 12:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2010/05/20 19:45:10 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2007/09/18 09:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/01/27 01:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/01/12 05:08:58 | 000,000,000 | ---D | M] -- C:\Program Files\Ares
[2008/05/02 21:20:29 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2010/04/29 08:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/10/11 11:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\Build A Lot
[2008/10/09 19:50:57 | 000,000,000 | ---D | M] -- C:\Program Files\Build In Time
[2007/10/10 00:23:25 | 000,000,000 | ---D | M] -- C:\Program Files\Build-a-lot
[2008/05/02 21:34:27 | 000,000,000 | ---D | M] -- C:\Program Files\Build-a-lot 2 - Town of the Year
[2007/10/10 13:56:48 | 000,000,000 | ---D | M] -- C:\Program Files\Buildalot
[2010/03/15 23:58:39 | 000,000,000 | ---D | M] -- C:\Program Files\CachePack5
[2010/06/20 11:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\Cheat Engine
[2010/07/29 22:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/09/17 17:29:00 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/04/29 08:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2007/09/18 12:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/02/07 03:43:01 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/02/05 13:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2008/09/06 19:22:48 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/03/22 17:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\Driver Whiz
[2007/11/30 18:19:48 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2010/01/29 01:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2009/03/24 21:34:12 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2009/03/06 11:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Error Repair Professional
[2010/05/19 08:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\FeedDemon
[2007/11/08 07:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\FreeMind
[2010/03/16 00:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\Game Cam v1.4
[2010/05/19 08:54:23 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/01/21 01:41:35 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/02/09 23:47:22 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/03/18 00:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\ImTOO
[2010/07/15 12:25:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/09/18 09:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/07/29 22:47:56 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/04/29 09:07:04 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/04/29 09:08:47 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/02/23 00:15:34 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/12/20 12:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/01/30 15:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Lionhead Studios Ltd
[2008/07/18 18:09:18 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/25 21:34:28 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2010/02/23 11:20:34 | 000,000,000 | ---D | M] -- C:\Program Files\MD85034
[2009/02/05 13:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Megaware
[2008/10/18 15:03:09 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/06/17 22:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2010/07/16 12:03:24 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger_Plus_Live_UK
[2009/12/31 02:53:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/09/18 12:09:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/09/17 17:32:15 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/02/22 21:17:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2010/02/22 21:14:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2010/03/25 21:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/22 23:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/07/29 20:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/09/18 12:09:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/01/12 06:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\Moffsoft FreeCalc
[2010/02/23 00:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Monopoly 3
[2010/07/29 22:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/16 12:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/10/15 20:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/02/22 23:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2007/09/17 17:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/09/17 17:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/01/22 04:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/10/17 11:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/10/18 14:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/08/06 13:04:56 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/01/16 01:56:18 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/07/15 12:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\Outspark
[2010/07/15 11:19:00 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/07/16 13:12:56 | 000,000,000 | ---D | M] -- C:\Program Files\PartyGaming
[2010/03/22 17:37:15 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2010/04/29 09:00:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/11/17 16:39:26 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/10/15 20:20:37 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/07/29 21:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\RelevantKnowledge
[2008/09/04 09:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\Road to Riches
[2007/12/09 17:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\Rockstar Games
[2010/04/29 08:44:12 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/07/15 13:15:12 | 000,000,000 | ---D | M] -- C:\Program Files\SecondLifeViewer2
[2007/12/05 23:48:51 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock
[2010/07/08 00:49:00 | 000,000,000 | ---D | M] -- C:\Program Files\Startup Inspector for Windows
[2007/11/30 23:18:39 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/01/28 02:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\SystemGuards.com
[2010/07/07 15:11:59 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/03/17 00:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Trojan Remover
[2009/02/27 18:31:36 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2009
[2009/01/27 20:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2010/01/02 22:43:13 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2007/09/18 09:09:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/11/25 22:55:53 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2008/05/11 16:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\Westward II - Heroes of the Frontier
[2007/12/05 23:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\WinCustomize
[2007/09/22 12:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/12/31 02:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/12/01 22:09:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2008/02/25 19:31:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/12/31 02:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/12/01 22:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2007/09/25 07:51:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/10/18 14:54:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/08/06 13:04:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/09/17 17:30:41 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/10/09 13:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/11/26 23:12:30 | 000,000,000 | ---D | M] -- C:\Program Files\Wise Disk Cleaner
[2008/11/26 23:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\Wise Registry Cleaner 3
[2007/09/17 17:32:15 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2007/09/17 18:20:04 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/18 14:45:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/18 14:45:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/18 14:45:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/18 14:45:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/10/18 14:45:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/10/18 14:45:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/10/18 14:45:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/10/18 14:45:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-29 21:46:13

========== Alternate Data Streams ==========

@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E84CA8F2
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3B7A337
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:953FDC1A
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

DeeOhh666

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-07-30
Operating System : Windows XP home edition version 2002 service pack 3

View user profile

Back to top Go down

Re: unknown infection(s)

Post by DeeOhh666 on Fri 30 Jul 2010, 9:58 am

OTL Extras logfile created on: 29/07/2010 23:09:10 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 521.00 Mb Available Physical Memory | 51.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 123.73 Gb Free Space | 53.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEOHH666
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"58858:TCP" = 58858:TCP:*:Enabled:Pando Media Booster
"58858:UDP" = 58858:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6500:UDP" = 6500:UDP:*:Enabled:GameSpy
"6667:TCP" = 6667:TCP:*:Enabled:GameSpy
"27900:UDP" = 27900:UDP:*:Enabled:GameSpy
"27901:UDP" = 27901:UDP:*:Enabled:GameSpy
"28910:TCP" = 28910:TCP:*:Enabled:GameSpy
"29900:TCP" = 29900:TCP:*:Enabled:GameSpy
"29901:TCP" = 29901:TCP:*:Enabled:GameSpy
"29910:UDP" = 29910:UDP:*:Enabled:GameSpy
"29920:TCP" = 29920:TCP:*:Enabled:GameSpy
"6112:UDP" = 6112:UDP:*:Enabled:Dark Crusade
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"3870:TCP" = 3870:TCP:*:Enabled:Ventrillo
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"58858:TCP" = 58858:TCP:*:Enabled:Pando Media Booster
"58858:UDP" = 58858:UDP:*:Enabled:Pando Media Booster
"1034:TCP" = 1034:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- File not found
"C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\MW4Mercs.exe" = C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\MW4Mercs.exe:*:Enabled:MechWarrior IV -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe" = C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh -- File not found
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- File not found
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE" = C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\SecondLifeViewer2\SLVoice.exe" = C:\Program Files\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice -- (Vivox Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2274624C-5B38-41AD-AD27-CEC0924EB628}" = Adobe Setup
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBA1239D-189F-4855-88B6-4DBE606D30A5}" = Fiesta
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"{FFD44E90-AEA4-4D25-AF53-5CE2723E88DA}" = MarketingReg
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Adobe_cbb2ea61da9c780bd7e47a5230a9ed7" = Adobe Stock Photos CS3
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Akamai" = Akamai NetSession Interface
"Ares" = Ares 2.1.3
"avast5" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BFG-Build In Time" = Build In Time
"BFG-Build-a-lot" = Build-a-lot (remove only)
"BFG-Build-a-lot 2 - Town of the Year" = Build-a-lot 2: Town of the Year
"BFGC" = Big Fish Games Client
"BFG-Road to Riches" = Road to Riches
"BFG-Westward II - Heroes of the Frontier" = Westward II: Heroes of the Frontier
"Build A Lot1.0" = Build A Lot
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVD Shrink_is1" = DVD Shrink 3.2
"FeedDemon_is1" = FeedDemon
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free YouTube Download_is1" = Free YouTube Download 2.3
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_UK Toolbar" = Messenger_Plus_Live_UK Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PartyPoker" = PartyPoker
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SimCity 3000 Unlimited" = SimCity 3000 Unlimited
"System Tweaker_is1" = Uniblue System Tweaker
"SystemGuards_is1" = SystemGuards 1.2.0.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WinCustomize Browser" = WinCustomize Browser
"WindowBlinds" = WindowBlinds
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 3.74
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.73
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 14/01/2008 11:40:32 | Computer Name = BENROOM | Source = avast! | ID = 33554522
Description =

Error - 14/01/2008 11:40:32 | Computer Name = BENROOM | Source = avast! | ID = 33554522
Description =

Error - 14/01/2008 11:40:32 | Computer Name = BENROOM | Source = avast! | ID = 33554522
Description =

Error - 14/01/2008 11:40:32 | Computer Name = BENROOM | Source = avast! | ID = 33554522
Description =

Error - 14/01/2008 11:40:32 | Computer Name = BENROOM | Source = avast! | ID = 33554522
Description =

Error - 14/01/2008 11:40:32 | Computer Name = BENROOM | Source = avast! | ID = 33554522
Description =

Error - 14/01/2008 11:40:32 | Computer Name = BENROOM | Source = avast! | ID = 33554522
Description =

Error - 14/01/2008 11:40:32 | Computer Name = BENROOM | Source = avast! | ID = 33554522
Description =

Error - 14/01/2008 11:40:32 | Computer Name = BENROOM | Source = avast! | ID = 33554522
Description =

Error - 14/01/2008 11:40:32 | Computer Name = BENROOM | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 03/03/2010 08:40:06 | Computer Name = DEEOHH666 | Source = Google Update | ID = 20
Description =

Error - 15/03/2010 16:44:13 | Computer Name = DEEOHH666 | Source = Application Hang | ID = 1002
Description = Hanging application Bridge.exe, version 1.0.4.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/03/2010 17:05:42 | Computer Name = DEEOHH666 | Source = Application Hang | ID = 1002
Description = Hanging application ImageReady.exe, version 9.0.0.196, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/03/2010 19:21:45 | Computer Name = DEEOHH666 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/03/2010 10:26:49 | Computer Name = DEEOHH666 | Source = Google Update | ID = 20
Description =

Error - 21/03/2010 19:00:07 | Computer Name = DEEOHH666 | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 9.0.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 25/03/2010 07:30:18 | Computer Name = DEEOHH666 | Source = Google Update | ID = 20
Description =

Error - 25/03/2010 17:05:04 | Computer Name = DEEOHH666 | Source = Application Hang | ID = 1002
Description = Hanging application SC3U.ICD, version 2.0.949.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29/03/2010 10:28:31 | Computer Name = DEEOHH666 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.0.2.25, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 21/04/2010 19:24:49 | Computer Name = DEEOHH666 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 29/07/2010 17:15:02 | Computer Name = DEEOHH666 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 29/07/2010 17:15:02 | Computer Name = DEEOHH666 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 29/07/2010 17:15:02 | Computer Name = DEEOHH666 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 29/07/2010 17:15:02 | Computer Name = DEEOHH666 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 29/07/2010 17:15:03 | Computer Name = DEEOHH666 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 29/07/2010 17:15:03 | Computer Name = DEEOHH666 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 29/07/2010 17:15:03 | Computer Name = DEEOHH666 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 29/07/2010 17:15:03 | Computer Name = DEEOHH666 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 29/07/2010 17:15:03 | Computer Name = DEEOHH666 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 29/07/2010 17:48:48 | Computer Name = DEEOHH666 | Source = Service Control Manager | ID = 7000
Description = The DSC 4400 Video Digital Camera service failed to start due to the
following error: %%1058


< End of report >

DeeOhh666

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-07-30
Operating System : Windows XP home edition version 2002 service pack 3

View user profile

Back to top Go down

Re: unknown infection(s)

Post by DeeOhh666 on Fri 30 Jul 2010, 10:08 am

I am unsure of what the problem is with my system and I know that it is requested in the "read this before posting" thread to remove p2p software but the p2p programs "uTorrent" and "ares" aren't used by myself for downloading from unknown sources I use them to transfer files between myself and friends but as I am not the sole user of this computer I cannot vouch for others actions and if these programs do turn out to be the source of the problem then I will remove them and buy software that is capable of blocking the sites where they can be downloaded from again.

DeeOhh666

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-07-30
Operating System : Windows XP home edition version 2002 service pack 3

View user profile

Back to top Go down

Re: unknown infection(s)

Post by Belahzur on Fri 30 Jul 2010, 11:21 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: unknown infection(s)

Post by DeeOhh666 on Fri 30 Jul 2010, 12:40 pm

Followed what you said to the letter and this is the log file for it:




ComboFix 10-07-29.01 - Owner 30/07/2010 2:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.605 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\DCPC9.8
c:\data\Key2.exe
c:\program files\Error Repair Professional
c:\program files\RelevantKnowledge
c:\windows\dat.txt
c:\windows\search_res.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\mcrh.tmp
c:\windows\system32\sgaubmbi.ini
c:\windows\system32\SsCdgMoq.ini
c:\windows\system32\SsCdgMoq.ini2

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-29 22:00 . 2010-07-29 22:00 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-29 22:00 . 2010-07-29 22:00 -------- dcsh--w- c:\documents and settings\Owner\IETldCache
2010-07-29 21:43 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-29 21:43 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-29 21:43 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-29 21:43 . 2010-07-29 21:44 -------- dc----w- c:\windows\ie8updates
2010-07-29 21:43 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-29 21:41 . 2010-07-29 21:43 -------- dc-h--w- c:\windows\ie8
2010-07-29 21:02 . 2010-07-29 21:02 -------- dc----w- c:\program files\Common Files\Java
2010-07-29 21:02 . 2010-07-29 21:02 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-07-29 19:43 . 2010-06-28 20:57 38848 -c--a-w- c:\windows\avastSS.scr
2010-07-16 11:03 . 2010-07-16 12:12 -------- dc----w- c:\program files\PartyGaming
2010-07-15 12:15 . 2010-07-15 12:48 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\SecondLife
2010-07-15 12:13 . 2010-07-15 12:15 -------- dc----w- c:\program files\SecondLifeViewer2
2010-07-15 12:05 . 2010-07-15 12:05 -------- dc----w- c:\program files\Common Files\DirectX
2010-07-15 11:43 . 2010-01-13 16:48 118176 -c--a-w- c:\windows\patchw.dll
2010-07-15 11:25 . 2010-07-15 11:25 -------- dc----w- c:\program files\Outspark
2010-07-15 10:20 . 2010-07-15 12:48 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\PMB Files
2010-07-15 10:19 . 2010-07-15 12:12 -------- dc----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-15 10:19 . 2010-07-15 10:19 -------- dc----w- c:\program files\Pando Networks
2010-07-07 23:54 . 2010-07-08 00:38 -------- dc----w- c:\documents and settings\Owner\Application Data\wsInspector
2010-07-07 23:46 . 2010-07-07 23:49 -------- dc----w- c:\program files\Startup Inspector for Windows
2010-07-07 14:11 . 2010-07-07 14:11 -------- dc----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 01:25 . 2010-03-21 23:30 -------- dc----w- c:\program files\Common Files\Akamai
2010-07-29 21:22 . 2007-09-22 13:13 -------- dc----w- c:\program files\Common Files\Adobe
2010-07-29 19:37 . 2010-05-05 16:00 -------- dc----w- c:\program files\Microsoft Silverlight
2010-07-16 11:03 . 2010-04-29 07:34 -------- dc----w- c:\program files\Messenger_Plus_Live_UK
2010-07-15 12:15 . 2007-09-22 22:31 -------- dc----w- c:\documents and settings\Owner\Application Data\SecondLife
2010-07-15 11:25 . 2007-09-18 08:24 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-06-29 21:33 . 2010-06-29 21:33 -------- dc----w- c:\documents and settings\Owner\Application Data\ACD Systems
2010-06-29 21:31 . 2010-06-29 21:30 -------- dc----w- c:\program files\Common Files\ACD Systems
2010-06-29 21:31 . 2010-06-29 21:31 -------- dc----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-06-29 21:30 . 2010-06-29 21:30 -------- dc----w- c:\program files\ACD Systems
2010-06-28 20:57 . 2007-09-22 23:04 165032 -c--a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2007-09-22 23:04 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-06 05:38 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2007-09-22 23:04 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2007-09-22 23:04 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2007-09-22 23:04 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-04-06 05:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2007-09-22 23:04 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-20 10:16 . 2010-06-20 09:17 -------- dc----w- c:\program files\Cheat Engine
2010-06-17 21:28 . 2007-12-24 20:37 -------- dc----w- c:\program files\Messenger Plus! Live
2010-05-06 10:41 . 2004-08-04 00:56 916480 -c--a-w- c:\windows\system32\wininet.dll
2008-05-02 20:20 . 2008-05-02 20:20 0 -c--a-w- c:\program files\temp01
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-07-16 2734688]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77f40091-495b-4c46-9068-2b24c4133157}]
2010-07-16 11:03 2734688 -c--a-w- c:\program files\Messenger_Plus_Live_UK\tbMes1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-07-16 2734688]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{77F40091-495B-4C46-9068-2B24C4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-07-16 2734688]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 1916928]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-16 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-02 11:47 120056 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6500:UDP"= 6500:UDP:GameSpy
"6667:TCP"= 6667:TCP:GameSpy
"27900:UDP"= 27900:UDP:GameSpy
"27901:UDP"= 27901:UDP:GameSpy
"28910:TCP"= 28910:TCP:GameSpy
"29900:TCP"= 29900:TCP:GameSpy
"29901:TCP"= 29901:TCP:GameSpy
"29910:UDP"= 29910:UDP:GameSpy
"29920:TCP"= 29920:TCP:GameSpy
"6112:UDP"= 6112:UDP:Dark Crusade
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3870:TCP"= 3870:TCP:Ventrillo
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"58858:TCP"= 58858:TCP:Pando Media Booster
"58858:UDP"= 58858:UDP:Pando Media Booster
"1156:TCP"= 1156:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/04/2008 06:38 165456]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 01:56 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/04/2008 06:38 17744]
S2 Ca536av;DSC 4400 Video Digital Camera;c:\windows\system32\drivers\Ca536av.sys [30/11/2007 03:13 514859]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/01/2010 01:29 135664]
S3 jbridgep;jbridgep;\??\c:\docume~1\Owner\LOCALS~1\Temp\jbridgep.sys --> c:\docume~1\Owner\LOCALS~1\Temp\jbridgep.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/02/2009 02:40 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:30]

2010-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2010-03-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 00:28]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 00:28]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-362288127-1801674531-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-16 18:06]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-362288127-1801674531-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-16 18:06]

2010-02-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]

2010-02-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-05-21 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
HKCU-Run-igndlm.exe - c:\program files\Download Manager\DLM.exe
HKCU-Run-CurseClient - c:\program files\Curse\CurseClient.exe
HKCU-Run-AdobeBridge - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-30 02:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-362288127-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,df,4d,a3,e9,d6,6b,0e,38,3a,f3,27,d9,1b,99,49,de,e1,c5,26,b3,2a,36,
9a,79,d3,8e,e1,ed,ca,f5,71,13,06,ec,cd,ce,92,6f,c1,60,73,1c,78,19,85,5c,1b,\
"??"=hex:2e,df,ef,89,ce,76,03,fc,a5,9e,c8,39,8a,61,6d,c4

[HKEY_USERS\S-1-5-21-1078081533-362288127-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:2f,db,13,2e,f9,1d,52,57,6d,20,44,c3,1d,e2,aa,c4,50,71,03,0a,df,
16,db,8b,6d,0f,0e,83,b1,64,bd,ba,fd,41,1a,04,95,7a,82,01,49,7b,da,ac,11,1d,\
"rkeysecu"=hex:30,f4,80,06,e1,36,f7,22,47,18,5c,1c,25,5d,2d,04
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2010-07-30 02:33:15
ComboFix-quarantined-files.txt 2010-07-30 01:33

Pre-Run: 133,196,787,712 bytes free
Post-Run: 134,327,627,776 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D41B3AB1A09846640FAC5A73D732AE05

DeeOhh666

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-07-30
Operating System : Windows XP home edition version 2002 service pack 3

View user profile

Back to top Go down

Re: unknown infection(s)

Post by Belahzur on Sat 31 Jul 2010, 8:23 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Driver::
    jbridgep
    XDva344

    DDS::
    uStart Page = about:blank

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: unknown infection(s)

Post by DeeOhh666 on Sat 31 Jul 2010, 11:14 am

as before followed instructions exactly this is the resulting log



ComboFix 10-07-30.01 - Owner 31/07/2010 0:24.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.597 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JBRIDGEP
-------\Legacy_XDVA344
-------\Service_jbridgep
-------\Service_XDva344


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-29 22:00 . 2010-07-29 22:00 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-29 22:00 . 2010-07-29 22:00 -------- dcsh--w- c:\documents and settings\Owner\IETldCache
2010-07-29 21:43 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-29 21:43 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-29 21:43 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-29 21:43 . 2010-07-29 21:44 -------- dc----w- c:\windows\ie8updates
2010-07-29 21:43 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-29 21:41 . 2010-07-29 21:43 -------- dc-h--w- c:\windows\ie8
2010-07-29 21:02 . 2010-07-29 21:02 -------- dc----w- c:\program files\Common Files\Java
2010-07-29 21:02 . 2010-07-29 21:02 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-07-29 19:43 . 2010-06-28 20:57 38848 -c--a-w- c:\windows\avastSS.scr
2010-07-16 11:03 . 2010-07-16 12:12 -------- dc----w- c:\program files\PartyGaming
2010-07-15 12:15 . 2010-07-15 12:48 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\SecondLife
2010-07-15 12:13 . 2010-07-15 12:15 -------- dc----w- c:\program files\SecondLifeViewer2
2010-07-15 12:05 . 2010-07-15 12:05 -------- dc----w- c:\program files\Common Files\DirectX
2010-07-15 11:43 . 2010-01-13 16:48 118176 -c--a-w- c:\windows\patchw.dll
2010-07-15 11:25 . 2010-07-15 11:25 -------- dc----w- c:\program files\Outspark
2010-07-15 10:20 . 2010-07-15 12:48 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\PMB Files
2010-07-15 10:19 . 2010-07-15 12:12 -------- dc----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-15 10:19 . 2010-07-15 10:19 -------- dc----w- c:\program files\Pando Networks
2010-07-07 23:54 . 2010-07-08 00:38 -------- dc----w- c:\documents and settings\Owner\Application Data\wsInspector
2010-07-07 23:46 . 2010-07-07 23:49 -------- dc----w- c:\program files\Startup Inspector for Windows
2010-07-07 14:11 . 2010-07-07 14:11 -------- dc----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 23:50 . 2010-03-21 23:30 -------- dc----w- c:\program files\Common Files\Akamai
2010-07-29 21:22 . 2007-09-22 13:13 -------- dc----w- c:\program files\Common Files\Adobe
2010-07-29 19:37 . 2010-05-05 16:00 -------- dc----w- c:\program files\Microsoft Silverlight
2010-07-16 11:03 . 2010-04-29 07:34 -------- dc----w- c:\program files\Messenger_Plus_Live_UK
2010-07-15 12:15 . 2007-09-22 22:31 -------- dc----w- c:\documents and settings\Owner\Application Data\SecondLife
2010-07-15 11:25 . 2007-09-18 08:24 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-06-29 21:33 . 2010-06-29 21:33 -------- dc----w- c:\documents and settings\Owner\Application Data\ACD Systems
2010-06-29 21:31 . 2010-06-29 21:30 -------- dc----w- c:\program files\Common Files\ACD Systems
2010-06-29 21:31 . 2010-06-29 21:31 -------- dc----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-06-29 21:30 . 2010-06-29 21:30 -------- dc----w- c:\program files\ACD Systems
2010-06-28 20:57 . 2007-09-22 23:04 165032 -c--a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2007-09-22 23:04 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-06 05:38 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2007-09-22 23:04 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2007-09-22 23:04 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2007-09-22 23:04 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-04-06 05:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2007-09-22 23:04 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-20 10:16 . 2010-06-20 09:17 -------- dc----w- c:\program files\Cheat Engine
2010-06-17 21:28 . 2007-12-24 20:37 -------- dc----w- c:\program files\Messenger Plus! Live
2010-05-06 10:41 . 2004-08-04 00:56 916480 -c--a-w- c:\windows\system32\wininet.dll
2008-05-02 20:20 . 2008-05-02 20:20 0 -c--a-w- c:\program files\temp01
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-07-16 2734688]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77f40091-495b-4c46-9068-2b24c4133157}]
2010-07-16 11:03 2734688 -c--a-w- c:\program files\Messenger_Plus_Live_UK\tbMes1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-07-16 2734688]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{77F40091-495B-4C46-9068-2B24C4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-07-16 2734688]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 1916928]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-16 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-02 11:47 120056 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6500:UDP"= 6500:UDP:GameSpy
"6667:TCP"= 6667:TCP:GameSpy
"27900:UDP"= 27900:UDP:GameSpy
"27901:UDP"= 27901:UDP:GameSpy
"28910:TCP"= 28910:TCP:GameSpy
"29900:TCP"= 29900:TCP:GameSpy
"29901:TCP"= 29901:TCP:GameSpy
"29910:UDP"= 29910:UDP:GameSpy
"29920:TCP"= 29920:TCP:GameSpy
"6112:UDP"= 6112:UDP:Dark Crusade
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3870:TCP"= 3870:TCP:Ventrillo
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"58858:TCP"= 58858:TCP:Pando Media Booster
"58858:UDP"= 58858:UDP:Pando Media Booster
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/04/2008 06:38 165456]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 01:56 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/04/2008 06:38 17744]
S2 Ca536av;DSC 4400 Video Digital Camera;c:\windows\system32\drivers\Ca536av.sys [30/11/2007 03:13 514859]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/01/2010 01:29 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/02/2009 02:40 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:30]

2010-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2010-03-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 00:28]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 00:28]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-362288127-1801674531-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-16 18:06]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-362288127-1801674531-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-16 18:06]

2010-02-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]

2010-02-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-05-21 18:25]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4gaolymu.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-31 00:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-362288127-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,df,4d,a3,e9,d6,6b,0e,38,3a,f3,27,d9,1b,99,49,de,e1,c5,26,b3,2a,36,
9a,79,d3,8e,e1,ed,ca,f5,71,13,06,ec,cd,ce,92,6f,c1,60,73,1c,78,19,85,5c,1b,\
"??"=hex:2e,df,ef,89,ce,76,03,fc,a5,9e,c8,39,8a,61,6d,c4

[HKEY_USERS\S-1-5-21-1078081533-362288127-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:2f,db,13,2e,f9,1d,52,57,6d,20,44,c3,1d,e2,aa,c4,50,71,03,0a,df,
16,db,8b,6d,0f,0e,83,b1,64,bd,ba,fd,41,1a,04,95,7a,82,01,49,7b,da,ac,11,1d,\
"rkeysecu"=hex:30,f4,80,06,e1,36,f7,22,47,18,5c,1c,25,5d,2d,04
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(2608)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-31 01:07:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-31 00:07
ComboFix2.txt 2010-07-30 01:33

Pre-Run: 134,229,639,168 bytes free
Post-Run: 134,137,823,232 bytes free

- - End Of File - - BCE737676E93BB71422B031B16C4C845

DeeOhh666

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-07-30
Operating System : Windows XP home edition version 2002 service pack 3

View user profile

Back to top Go down

Re: unknown infection(s)

Post by Belahzur on Sun 01 Aug 2010, 10:12 am

Hello.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    Ares 2.1.3
    Messenger_Plus_Live_UK Toolbar

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: unknown infection(s)

Post by DeeOhh666 on Tue 03 Aug 2010, 9:12 pm

I've done that it didn't save a log anywhere that I can find even in the file path you've put in the last post all there was was the activex file and the uninstaller

DeeOhh666

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-07-30
Operating System : Windows XP home edition version 2002 service pack 3

View user profile

Back to top Go down

Re: unknown infection(s)

Post by Belahzur on Wed 04 Aug 2010, 11:10 am

Hello.
Did ESET remove anything when it was running?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: unknown infection(s)

Post by Sponsored content Today at 4:38 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum