Win32.Packed GB :(

View previous topic View next topic Go down

Win32.Packed GB :(

Post by spicegirl Mel on Thu 27 Jan 2011, 4:02 am

AVG sheild keeps popping up every 2 seconds and I can't get to any websites as they keep hijacking me ..
OTL Log from last night _ I am on a diff computer now as mine is useless !
Thanks for your time ! ( I think I have to do a couple posts as it said it is too big .. )
Mel

OTL logfile created on: 1/25/2011 10:27:34 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = I:\Documents and Settings\Melanie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

639.00 Mb Total Physical Memory | 253.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): I:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 152.66 Gb Total Space | 16.59 Gb Free Space | 10.87% Space Free | Partition Type: NTFS

Computer Name: MELSSURFER | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/25 22:16:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Melanie\Desktop\OTL.com
PRC - [2010/10/30 15:41:24 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/10/30 15:41:23 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/10/30 15:41:23 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/10/30 15:41:19 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/10/30 15:41:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/10/30 15:41:17 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/10/30 15:41:17 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/03 17:47:18 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- I:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/13 13:34:40 | 000,664,904 | ---- | M] (LeapFrog Enterprises, Inc.) -- I:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2002/08/18 23:30:10 | 000,229,376 | ---- | M] (NuCam Corp.) -- I:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe


========== Modules (SafeList) ==========

MOD - [2011/01/25 22:16:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Melanie\Desktop\OTL.com
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/30 15:41:19 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- I:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/10/30 15:41:17 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- I:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- I:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/10/30 15:41:24 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- I:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/10/30 15:41:23 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- I:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/10/30 15:41:17 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- I:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/03 17:47:18 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/27 15:42:59 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/27 15:42:59 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- I:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/13 13:15:20 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/04/20 10:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 10:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 10:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 14:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/29 08:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/04/30 08:07:16 | 000,320,160 | ---- | M] (D-Link) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2002/11/29 03:38:16 | 000,016,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/11/28 06:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/11/28 02:43:49 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2002/07/26 10:06:52 | 000,368,868 | ---- | M] (Endpoints, Incorporated) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\se402vc.sys -- (SCDELUXEV) SiPix StyleCam Deluxe (video)
DRV - [2002/07/18 22:19:44 | 000,079,484 | ---- | M] (Endpoints, Incorporated) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\se402sc.sys -- (SCDELUXES) SiPix StyleCam Deluxe (still)
DRV - [2002/07/17 00:05:10 | 000,016,512 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2001/12/17 17:42:30 | 000,018,690 | ---- | M] () [Kernel | Auto | Stopped] -- I:\WINDOWS\system32\drivers\usbhsb.sys -- (USBHSB)
DRV - [2001/05/14 07:13:34 | 000,017,020 | R--- | M] ( ) [Kernel | Auto | Stopped] -- I:\WINDOWS\system32\drivers\LXARScan.sys -- (LXARScan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C4 BF 21 02 56 82 48 48 8E 6B 63 BE A9 3E 64 03 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/12/26 21:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/12/26 21:14:49 | 000,000,000 | ---D | M]

[2009/10/04 16:47:40 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Melanie\Application Data\Mozilla\Extensions
[2009/10/04 16:47:40 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Melanie\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/25 22:04:21 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Melanie\Application Data\Mozilla\Firefox\Profiles\8dors51v.default\extensions
[2011/01/25 22:04:20 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- I:\Documents and Settings\Melanie\Application Data\Mozilla\Firefox\Profiles\8dors51v.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/01/25 22:04:21 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Melanie\Application Data\Mozilla\Firefox\Profiles\8dors51v.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/01/09 22:19:32 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2010/08/24 01:31:30 | 000,773,120 | ---- | M] (BitComet) -- I:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/01/01 13:32:57 | 000,001,538 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 13:32:57 | 000,000,947 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 13:32:57 | 000,000,759 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 13:32:57 | 000,000,831 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/01/31 13:59:51 | 000,000,027 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - I:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - I:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - I:\Program Files\WOT\WOT.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - I:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - I:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - I:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] I:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] I:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] I:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CloneCDElbyCDFL] I:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] I:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [DELUXECC] I:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe (NuCam Corp.)
O4 - HKLM..\Run: [FlyMonitor] I:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [jkss.exe] I:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe ((c) MICR0S0FT corporation)
O4 - HKLM..\Run: [LanguageShortcut] I:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Lexmark X73 Button Manager] File not found
O4 - HKLM..\Run: [Lexmark X73 Button Monitor] File not found
O4 - HKLM..\Run: [LGODDFU] I:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [PHIME2002A] I:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] I:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PrinTray] I:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [SiSPower] I:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [UCam_Menu] I:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] I:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [jkss.exe] I:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe ((c) MICR0S0FT corporation)
O4 - HKCU..\Run: [Search Protection] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WhenUSave] File not found
O4 - HKCU..\Run: [Yahoo! Pager] I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [YSearchProtection] I:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - I:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all with BitComet - I:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &Yahoo! Search - I:\Program Files\Yahoo!\Common [2010/04/17 22:43:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - I:\Program Files\Yahoo!\Common [2010/04/17 22:43:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - I:\Program Files\Yahoo!\Common [2010/04/17 22:43:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - I:\Program Files\Yahoo!\Common [2010/04/17 22:43:55 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - I:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - I:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} [You must be registered and logged in to see this link.] (VerifyGMN Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} I:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - I:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - I:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\d4a6afe8757: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: I:\Documents and Settings\Melanie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Melanie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9586939e-2be7-11df-bb09-0011d849d8e3}\Shell - "" = AutoRun
O33 - MountPoints2\{9586939e-2be7-11df-bb09-0011d849d8e3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9586939e-2be7-11df-bb09-0011d849d8e3}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {BAC01377-73DD-4796-854D-2A8997E3D68A} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - I:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - I:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - I:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - I:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.UV12 - I:\WINDOWS\System32\SCDeluxe.ax (NuCam Corp.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2100/02/08 15:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- I:\Program Files\ACMonitor_X73.exe
[2011/01/25 22:16:14 | 000,602,624 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Melanie\Desktop\OTL.com
[2011/01/24 19:40:45 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Melanie\Desktop\Speeds
[2011/01/24 19:19:35 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/01/24 19:19:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/01/23 13:44:31 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Melanie\My Documents\CyberLink
[2011/01/22 22:14:03 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Melanie\Start Menu\Programs\Virtual DJ
[2011/01/22 22:13:55 | 000,000,000 | ---D | C] -- I:\Program Files\VirtualDJ
[2011/01/22 22:13:55 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Melanie\My Documents\VirtualDJ
[2011/01/16 20:43:11 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Google
[2011/01/16 20:43:00 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/01/16 20:39:02 | 000,000,000 | ---D | C] -- I:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/01/14 18:28:25 | 000,000,000 | ---D | C] -- I:\New Folder
[2011/01/14 16:59:26 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Melanie\Desktop\Florence_And_The_Machine-Between_Two_Lungs-2CD-2010-CaHeSo
[2011/01/13 18:04:40 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Melanie\My Documents\Cage The Elephant-Cage The Elephant (2008) [Mp3][[You must be registered and logged in to see this link.]
[2011/01/08 18:16:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Melanie\Local Settings\Application Data\Easy CD-DA Extractor
[2011/01/08 18:16:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2011/01/08 18:15:54 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Easy CD-DA Extractor Free 2010
[2011/01/08 18:15:54 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor Free
[2011/01/08 18:15:51 | 000,000,000 | ---D | C] -- I:\Program Files\Easy CD-DA Extractor Free 2010
[2011/01/07 03:11:38 | 000,093,400 | ---- | C] ((c) MICR0S0FT corporation) -- I:\Program Files\cffmon.exe
[2010/12/27 17:12:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/03/22 12:43:52 | 073,332,008 | ---- | C] (Apple Inc.) -- I:\Program Files\iTunesSetup2.exe
[2008/12/05 22:25:54 | 007,332,072 | ---- | C] (Mozilla) -- I:\Program Files\Firefox Setup 3.0.4.exe
[2008/06/26 22:39:10 | 000,047,360 | ---- | C] (VSO Software) -- I:\Documents and Settings\Melanie\Application Data\pcouffin.sys
[2008/06/26 22:38:48 | 007,156,336 | ---- | C] (Fengtao Software Inc. ) -- I:\Program Files\DVDFab5030.exe
[2008/01/21 22:47:23 | 022,595,368 | ---- | C] (Skype Technologies S.A.) -- I:\Program Files\SkypeSetup.exe
[2007/03/11 22:19:33 | 014,993,976 | ---- | C] (Macrovision Corporation) -- I:\Program Files\GoogleEarthWin_EARY.exe
[2006/12/10 11:03:58 | 036,808,256 | ---- | C] (Apple Computer, Inc.) -- I:\Program Files\iTunesSetup.exe
[2006/05/21 12:09:06 | 004,856,576 | ---- | C] (Google) -- I:\Program Files\GoogleVideoPlayerSetup.exe
[2006/04/18 21:00:36 | 000,017,020 | R--- | C] ( ) -- I:\WINDOWS\System32\drivers\LXARScan.sys
[2006/04/07 15:23:03 | 021,254,280 | ---- | C] ( ) -- I:\Program Files\AdbeRdr707_en_US.exe
[2005/10/30 14:08:33 | 012,652,784 | ---- | C] (Microsoft Corporation) -- I:\Program Files\MP10Setup.exe
[2005/10/11 11:41:24 | 000,226,584 | ---- | C] (Sun Microsystems, Inc.) -- I:\Program Files\jre-1_5_0_04-windows-i586-p-iftw.exe
[2005/10/07 21:35:12 | 001,138,918 | ---- | C] (Excellent Technology Exchange ) -- I:\Program Files\artisanburner.exe

========== Files - Modified Within 30 Days ==========

[2011/01/25 22:16:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Melanie\Desktop\OTL.com
[2011/01/25 22:00:56 | 000,017,526 | ---- | M] () -- I:\Documents and Settings\Melanie\Desktop\download
[2011/01/25 21:45:12 | 000,000,337 | ---- | M] () -- I:\WINDOWS\lgfwup.ini
[2011/01/25 21:45:10 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011/01/25 21:44:43 | 000,062,976 | ---- | M] () -- I:\Documents and Settings\All Users\Documents\19792079
[2011/01/25 21:44:05 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011/01/25 15:46:12 | 000,178,176 | ---- | M] () -- I:\Documents and Settings\Melanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/25 15:29:55 | 070,480,540 | ---- | M] () -- I:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/01/23 14:47:02 | 000,000,714 | ---- | M] () -- I:\Documents and Settings\Melanie\Desktop\Virtual DJ Pro.lnk
[2011/01/23 13:26:04 | 000,353,768 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/17 17:12:03 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/16 20:38:11 | 000,000,682 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2011/01/08 18:15:55 | 000,001,737 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Easy CD-DA Extractor Free.lnk
[2011/01/08 18:12:25 | 000,000,962 | ---- | M] () -- I:\WINDOWS\cdplayer.ini
[2011/01/07 03:11:38 | 000,093,400 | ---- | M] ((c) MICR0S0FT corporation) -- I:\Program Files\cffmon.exe
[2010/12/27 15:10:58 | 000,077,532 | -H-- | M] () -- I:\WINDOWS\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2100/02/23 13:35:34 | 000,000,768 | ---- | C] () -- I:\Program Files\x73_lut.dat
[2100/02/08 14:53:34 | 000,001,437 | ---- | C] () -- I:\Program Files\gtx73.ini
[2011/01/25 22:00:55 | 000,017,526 | ---- | C] () -- I:\Documents and Settings\Melanie\Desktop\download
[2011/01/25 21:44:44 | 000,062,976 | ---- | C] () -- I:\Documents and Settings\All Users\Documents\19792079
[2011/01/22 22:14:03 | 000,000,714 | ---- | C] () -- I:\Documents and Settings\Melanie\Desktop\Virtual DJ Pro.lnk
[2011/01/08 18:15:55 | 000,001,737 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Easy CD-DA Extractor Free.lnk
[2010/12/27 15:10:58 | 000,077,532 | -H-- | C] () -- I:\WINDOWS\System32\mlfcache.dat
[2010/09/14 21:47:26 | 000,098,304 | ---- | C] () -- I:\WINDOWS\System32\a_jumtmp.dll
[2010/07/24 19:10:00 | 000,000,055 | ---- | C] () -- I:\WINDOWS\crywmvtompeg.ini
[2010/02/25 17:39:40 | 000,000,337 | ---- | C] () -- I:\WINDOWS\lgfwup.ini
[2010/02/12 17:42:54 | 000,087,608 | ---- | C] () -- I:\Documents and Settings\Melanie\Application Data\inst.exe
[2010/02/01 16:30:12 | 001,224,612 | ---- | C] () -- I:\Program Files\SetupAnyDVD5441.exe
[2009/03/29 12:25:37 | 000,000,962 | ---- | C] () -- I:\WINDOWS\cdplayer.ini
[2009/03/28 11:27:20 | 000,000,444 | ---- | C] () -- I:\WINDOWS\{5D946D0D-9437-4E15-AC1F-F9BCF0B32561}_WiseFW.ini
[2009/02/21 19:27:09 | 472,736,985 | ---- | C] () -- I:\Program Files\Elephants 6.zip
[2009/01/04 14:06:00 | 000,000,025 | ---- | C] () -- I:\WINDOWS\WebEasy6.INI
[2008/08/30 10:43:33 | 000,081,920 | ---- | C] () -- I:\WINDOWS\System32\mcldecrypt.dll
[2008/06/26 22:39:10 | 000,007,887 | ---- | C] () -- I:\Documents and Settings\Melanie\Application Data\pcouffin.cat
[2008/06/26 22:39:10 | 000,001,144 | ---- | C] () -- I:\Documents and Settings\Melanie\Application Data\pcouffin.inf
[2008/06/26 22:39:10 | 000,000,034 | ---- | C] () -- I:\Documents and Settings\Melanie\Application Data\pcouffin.log
[2008/03/23 18:10:24 | 000,000,065 | ---- | C] () -- I:\WINDOWS\WaterIllusion.ini
[2008/03/23 18:07:00 | 003,940,342 | ---- | C] () -- I:\Program Files\NIStudioSetup.exe
[2008/01/21 22:53:59 | 000,000,032 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/09/08 20:49:12 | 000,111,871 | ---- | C] () -- I:\Documents and Settings\Melanie\Application Data\mdb.bin
[2007/08/27 12:04:20 | 000,001,755 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/03 14:12:44 | 000,018,690 | ---- | C] () -- I:\WINDOWS\System32\drivers\usbhsb.sys
[2006/11/26 00:05:25 | 000,000,071 | ---- | C] () -- I:\WINDOWS\pex.INI
[2006/10/22 11:44:29 | 017,207,032 | ---- | C] () -- I:\Program Files\avg75free_428a818.exe
[2006/10/06 10:55:07 | 005,846,632 | ---- | C] () -- I:\Program Files\winzip100.exe
[2006/09/30 15:49:09 | 000,003,888 | ---- | C] () -- I:\WINDOWS\System32\MCIQTENU.DLL
[2006/09/30 15:49:08 | 002,109,504 | ---- | C] () -- I:\WINDOWS\System32\KPT20HUB.DLL
[2006/09/30 15:49:08 | 000,210,944 | ---- | C] () -- I:\WINDOWS\System32\MSVCRT10.DLL
[2006/09/30 15:49:08 | 000,078,944 | ---- | C] () -- I:\WINDOWS\System32\DC50IP.DLL
[2006/09/30 15:49:02 | 000,000,116 | ---- | C] () -- I:\WINDOWS\kpcms.ini
[2006/06/19 13:03:19 | 000,000,097 | ---- | C] () -- I:\WINDOWS\System32\PICSDK.ini
[2006/06/19 13:02:00 | 000,000,044 | ---- | C] () -- I:\WINDOWS\EPCX3800.ini
[2006/06/01 10:41:45 | 002,561,674 | ---- | C] () -- I:\Program Files\SetupCloneCD5291.exe
[2006/04/07 15:23:02 | 000,000,871 | ---- | C] () -- I:\Documents and Settings\Melanie\Application Data\AdobeDLM.log
[2006/04/07 15:23:02 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\Melanie\Application Data\dm.ini
[2006/01/22 19:20:41 | 000,000,040 | ---- | C] () -- I:\WINDOWS\nero.INI
[2005/12/30 02:02:05 | 000,178,176 | ---- | C] () -- I:\Documents and Settings\Melanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/28 22:00:04 | 002,469,843 | ---- | C] () -- I:\Program Files\isobuster_all_lang.zip
[2005/10/30 13:24:09 | 000,000,031 | ---- | C] () -- I:\WINDOWS\ByRmndr.INI
[2005/10/30 13:01:00 | 000,684,032 | ---- | C] () -- I:\WINDOWS\libeay32.dll
[2005/10/30 13:01:00 | 000,155,648 | ---- | C] () -- I:\WINDOWS\ssleay32.dll
[2005/10/17 21:14:31 | 001,094,021 | ---- | C] () -- I:\Program Files\dvdshrink32setup.zip
[2005/10/17 17:38:11 | 000,353,298 | ---- | C] () -- I:\Program Files\LimeWireWin.exe
[2005/10/17 00:06:28 | 000,000,116 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2005/10/16 15:11:12 | 034,235,626 | ---- | C] () -- I:\Program Files\Nero-6[1].6.0.16.exe
[2005/10/08 11:20:52 | 000,014,061 | ---- | C] () -- I:\WINDOWS\DELUXEDS.ini
[2005/10/08 11:20:00 | 000,001,178 | ---- | C] () -- I:\WINDOWS\videoimp.ini
[2005/10/08 11:19:56 | 000,010,240 | ---- | C] () -- I:\WINDOWS\System32\vidx16.dll
[2005/10/08 11:19:46 | 000,000,021 | ---- | C] () -- I:\WINDOWS\VI_setup.ini
[2005/10/08 11:18:52 | 000,000,021 | ---- | C] () -- I:\WINDOWS\PI_setup.ini
[2005/10/07 21:02:44 | 000,843,824 | ---- | C] () -- I:\Program Files\SetupDVDDecrypter_3[1].5.2.0.exe
[2005/10/07 20:05:40 | 000,000,376 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2005/10/07 19:53:58 | 000,000,151 | ---- | C] () -- I:\WINDOWS\Ulead32.ini
[2005/10/07 19:38:41 | 000,381,480 | ---- | C] () -- I:\Program Files\msgr7us.exe
[2005/10/06 08:34:32 | 000,651,264 | R--- | C] () -- I:\WINDOWS\System32\libeay32.dll
[2005/10/06 08:34:32 | 000,147,456 | R--- | C] () -- I:\WINDOWS\System32\ssleay32.dll
[2005/10/05 12:10:11 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2004/08/04 04:00:00 | 000,003,584 | ---- | C] () -- I:\WINDOWS\System32\zx.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- I:\WINDOWS\System32\OUTLPERF.INI
[2001/05/09 15:38:20 | 000,008,152 | ---- | C] () -- I:\Program Files\OsloD3066.usb
[2000/12/05 14:56:34 | 000,114,688 | ---- | C] () -- I:\Program Files\lxarscan.dll
[2000/10/24 08:08:36 | 000,118,784 | ---- | C] () -- I:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 08:08:33 | 000,338,944 | ---- | C] () -- I:\WINDOWS\System32\lffpx7.dll
[2000/01/11 11:50:48 | 000,000,046 | ---- | C] () -- I:\Program Files\ACMonitor_X73.ini
[1999/04/20 02:15:00 | 000,022,016 | ---- | C] () -- I:\WINDOWS\unvise32.dll


========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/10/05 19:27:43 | 000,000,067 | -HS- | M] () -- I:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/03/17 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9W.DLL
[2009/03/17 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9W.DLL
[2001/05/14 14:07:34 | 000,058,880 | ---- | M] (Lexmark International) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\LXARPP.DLL
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2001/05/11 10:39:16 | 000,053,248 | ---- | M] (Silitek Corp.) -- I:\Program Files\ACMonitor_X73.exe
[2001/05/10 15:30:14 | 000,000,046 | ---- | M] () -- I:\Program Files\ACMonitor_X73.ini
[2006/04/07 15:25:29 | 021,254,280 | ---- | M] ( ) -- I:\Program Files\AdbeRdr707_en_US.exe
[2005/10/07 21:35:20 | 001,138,918 | ---- | M] (Excellent Technology Exchange ) -- I:\Program Files\artisanburner.exe
[2006/10/22 11:45:06 | 017,207,032 | ---- | M] () -- I:\Program Files\avg75free_428a818.exe
[2011/01/07 03:11:38 | 000,093,400 | ---- | M] ((c) MICR0S0FT corporation) -- I:\Program Files\cffmon.exe
[2008/06/26 22:38:52 | 007,156,336 | ---- | M] (Fengtao Software Inc. ) -- I:\Program Files\DVDFab5030.exe
[2005/10/17 21:14:37 | 001,094,021 | ---- | M] () -- I:\Program Files\dvdshrink32setup.zip
[2009/02/21 19:28:29 | 472,736,985 | ---- | M] () -- I:\Program Files\Elephants 6.zip
[2008/12/05 22:26:03 | 007,332,072 | ---- | M] (Mozilla) -- I:\Program Files\Firefox Setup 3.0.4.exe
[2007/03/11 22:19:37 | 014,993,976 | ---- | M] (Macrovision Corporation) -- I:\Program Files\GoogleEarthWin_EARY.exe
[2006/05/21 12:11:09 | 004,856,576 | ---- | M] (Google) -- I:\Program Files\GoogleVideoPlayerSetup.exe
[2001/04/23 13:22:14 | 000,001,437 | ---- | M] () -- I:\Program Files\gtx73.ini
[2005/12/28 22:00:07 | 002,469,843 | ---- | M] () -- I:\Program Files\isobuster_all_lang.zip
[2006/12/10 11:06:09 | 036,808,256 | ---- | M] (Apple Computer, Inc.) -- I:\Program Files\iTunesSetup.exe
[2009/03/22 12:43:59 | 073,332,008 | ---- | M] (Apple Inc.) -- I:\Program Files\iTunesSetup2.exe
[2005/10/11 11:41:29 | 000,226,584 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\jre-1_5_0_04-windows-i586-p-iftw.exe
[2005/10/17 17:38:22 | 000,353,298 | ---- | M] () -- I:\Program Files\LimeWireWin.exe
[2001/05/08 15:36:42 | 000,114,688 | ---- | M] () -- I:\Program Files\lxarscan.dll
[2006/03/10 20:51:45 | 012,652,784 | ---- | M] (Microsoft Corporation) -- I:\Program Files\MP10Setup.exe
[2005/10/07 19:39:07 | 000,381,480 | ---- | M] () -- I:\Program Files\msgr7us.exe
[2005/10/16 15:11:25 | 034,235,626 | ---- | M] () -- I:\Program Files\Nero-6[1].6.0.16.exe
[2008/03/23 18:07:06 | 003,940,342 | ---- | M] () -- I:\Program Files\NIStudioSetup.exe
[2001/05/10 17:05:38 | 000,008,152 | ---- | M] () -- I:\Program Files\OsloD3066.usb
[2010/02/01 16:30:12 | 001,224,612 | ---- | M] () -- I:\Program Files\SetupAnyDVD5441.exe
[2006/06/01 10:41:50 | 002,561,674 | ---- | M] () -- I:\Program Files\SetupCloneCD5291.exe
[2005/10/17 21:18:10 | 000,843,824 | ---- | M] () -- I:\Program Files\SetupDVDDecrypter_3[1].5.2.0.exe
[2008/01/21 22:47:28 | 022,595,368 | ---- | M] (Skype Technologies S.A.) -- I:\Program Files\SkypeSetup.exe
[2006/10/06 10:55:14 | 005,846,632 | ---- | M] () -- I:\Program Files\winzip100.exe
[2001/02/22 08:54:36 | 000,000,768 | ---- | M] () -- I:\Program Files\x73_lut.dat

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/28 15:52:25 | 000,000,272 | -HS- | M] () -- I:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/08/29 11:13:00 | 000,000,119 | -HS- | M] () -- I:\Documents and Settings\Melanie\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/10/05 19:33:58 | 000,000,079 | ---- | M] () -- I:\Documents and Settings\Melanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/04/23 17:08:09 | 008,178,248 | ---- | M] (Mozilla) -- I:\Documents and Settings\Melanie\Desktop\Firefox Setup 3.6.3.exe
[2010/12/26 21:09:26 | 081,876,264 | ---- | M] (Apple Inc.) -- I:\Documents and Settings\Melanie\Desktop\iTunesSetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/11/20 23:10:43 | 000,007,439 | ---- | M] () -- I:\WINDOWS\DELUXEDS.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/04/23 17:02:25 | 000,185,816 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/04/23 17:02:25 | 000,307,672 | ---- | M] (Mozilla Corporation) -- I:\Program Files\Mozilla Firefox\firefox.exe
[2010/04/23 17:02:27 | 000,242,136 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/29 11:13:00 | 000,000,122 | -HS- | M] () -- I:\Documents and Settings\Melanie\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 16:12:08 | 000,003,584 | ---- | M] () Unable to obtain MD5 -- I:\WINDOWS\system32\zx.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/10/05 12:07:30 | 000,094,208 | ---- | M] () -- I:\WINDOWS\system32\config\default.sav
[2005/10/05 12:07:30 | 000,634,880 | ---- | M] () -- I:\WINDOWS\system32\config\software.sav
[2005/10/05 12:07:30 | 000,897,024 | ---- | M] () -- I:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 04:00:00 | 000,009,029 | ---- | M] () -- I:\WINDOWS\system32\ansi.sys
[2004/08/04 04:00:00 | 000,027,097 | ---- | M] () -- I:\WINDOWS\system32\country.sys
[2004/08/04 04:00:00 | 000,004,768 | ---- | M] () -- I:\WINDOWS\system32\himem.sys
[2004/08/04 04:00:00 | 000,042,809 | ---- | M] () -- I:\WINDOWS\system32\key01.sys
[2004/08/04 04:00:00 | 000,042,537 | ---- | M] () -- I:\WINDOWS\system32\keyboard.sys
[2004/08/04 04:00:00 | 000,027,866 | ---- | M] () -- I:\WINDOWS\system32\ntdos.sys
[2004/08/04 04:00:00 | 000,029,146 | ---- | M] () -- I:\WINDOWS\system32\ntdos404.sys
[2004/08/04 04:00:00 | 000,029,370 | ---- | M] () -- I:\WINDOWS\system32\ntdos411.sys
[2004/08/04 04:00:00 | 000,029,274 | ---- | M] () -- I:\WINDOWS\system32\ntdos412.sys
[2004/08/04 04:00:00 | 000,029,146 | ---- | M] () -- I:\WINDOWS\system32\ntdos804.sys
[2004/08/04 04:00:00 | 000,033,840 | ---- | M] () -- I:\WINDOWS\system32\ntio.sys
[2004/08/04 04:00:00 | 000,034,560 | ---- | M] () -- I:\WINDOWS\system32\ntio404.sys
[2004/08/04 04:00:00 | 000,035,648 | ---- | M] () -- I:\WINDOWS\system32\ntio411.sys
[2004/08/04 04:00:00 | 000,035,424 | ---- | M] () -- I:\WINDOWS\system32\ntio412.sys
[2004/08/04 04:00:00 | 000,034,560 | ---- | M] () -- I:\WINDOWS\system32\ntio804.sys
[2008/04/13 10:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\watchdog.sys
[2010/10/26 05:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 16:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 16:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 16:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 16:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 16:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 16:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 16:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 16:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 16:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 16:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 16:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 16:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 16:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 16:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 16:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- I:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/03/17 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9W.DLL
[2009/03/17 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9W.DLL
[2001/05/14 14:07:34 | 000,058,880 | ---- | M] (Lexmark International) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\LXARPP.DLL
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2010/01/30 20:52:46 | 000,000,281 | RHS- | M] () -- I:\boot.ini
[2010/08/16 13:37:31 | 000,105,265 | ---- | M] () -- I:\Bridget_Ross_Ad_1000_x_950_1000_x_950.jpg
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- I:\NTDETECT.COM
[2008/08/28 15:45:00 | 000,250,048 | RHS- | M] () -- I:\ntldr
[2011/01/25 21:44:02 | 603,979,776 | -HS- | M] () -- I:\pagefile.sys
[2006/10/06 10:57:13 | 000,048,929 | ---- | M] () -- I:\ShowLetter.htm
[2005/09/29 10:51:50 | 000,700,416 | ---- | M] (LimeWire) -- I:\StubInstaller.exe


*** to be continued

spicegirl Mel

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-26
Operating System : XP

View user profile

Back to top Go down

Win32.Packed GB :( Part 2 of LOG

Post by spicegirl Mel on Thu 27 Jan 2011, 4:04 am


< %PROGRAMFILES%\*. >
[2006/04/07 15:25:30 | 000,000,000 | ---D | M] -- I:\Program Files\Adobe
[2010/02/25 17:37:02 | 000,000,000 | ---D | M] -- I:\Program Files\Ahead
[2010/12/26 21:13:11 | 000,000,000 | ---D | M] -- I:\Program Files\Apple Software Update
[2006/06/19 13:03:41 | 000,000,000 | ---D | M] -- I:\Program Files\ArcSoft
[2010/01/31 22:34:38 | 000,000,000 | ---D | M] -- I:\Program Files\AVG
[2005/10/08 13:49:26 | 000,000,000 | ---D | M] -- I:\Program Files\binArtisanBurner
[2010/09/07 21:25:00 | 000,000,000 | ---D | M] -- I:\Program Files\BitComet
[2010/12/26 21:12:02 | 000,000,000 | ---D | M] -- I:\Program Files\Bonjour
[2009/09/26 11:49:31 | 000,000,000 | ---D | M] -- I:\Program Files\Canon
[2009/09/26 11:46:09 | 000,000,000 | -H-D | M] -- I:\Program Files\CanonBJ
[2007/05/24 16:46:31 | 000,000,000 | ---D | M] -- I:\Program Files\CDTrack Rescue
[2010/12/26 21:11:43 | 000,000,000 | ---D | M] -- I:\Program Files\Common Files
[2005/10/05 19:25:30 | 000,000,000 | ---D | M] -- I:\Program Files\ComPlus Applications
[2010/07/24 19:08:48 | 000,000,000 | ---D | M] -- I:\Program Files\Crystal Software
[2010/02/25 17:40:24 | 000,000,000 | ---D | M] -- I:\Program Files\CyberLink
[2009/03/28 11:28:14 | 000,000,000 | ---D | M] -- I:\Program Files\DIFX
[2005/10/17 21:18:24 | 000,000,000 | ---D | M] -- I:\Program Files\DVD Decrypter
[2005/10/16 15:16:12 | 000,000,000 | ---D | M] -- I:\Program Files\DVD Shrink
[2005/10/17 21:15:21 | 000,000,000 | ---D | M] -- I:\Program Files\DVD Shrinkmain
[2010/02/12 17:42:50 | 000,000,000 | ---D | M] -- I:\Program Files\DVDFab 5
[2011/01/08 18:15:56 | 000,000,000 | ---D | M] -- I:\Program Files\Easy CD-DA Extractor Free 2010
[2006/09/16 19:09:01 | 000,000,000 | ---D | M] -- I:\Program Files\Elaborate Bytes
[2009/02/22 15:05:04 | 000,000,000 | ---D | M] -- I:\Program Files\Elephants 6
[2010/01/31 11:09:16 | 000,000,000 | ---D | M] -- I:\Program Files\epson
[2010/02/01 18:25:50 | 000,000,000 | ---D | M] -- I:\Program Files\ESET
[2009/03/29 12:19:59 | 000,000,000 | ---D | M] -- I:\Program Files\FreeRIP3
[2007/03/03 14:15:31 | 000,000,000 | ---D | M] -- I:\Program Files\Genesys Logic
[2 12:03:39 | 000,000,000 | ---D | M] -- I:\Program Files\Google
[2006/11/04 13:34:33 | 000,000,000 | ---D | M] -- I:\Program Files\HP
[2011/01/16 20:42:19 | 000,000,000 | -H-D | M] -- I:\Program Files\InstallShield Installation Information
[2008/09/23 14:46:08 | 000,000,000 | ---D | M] -- I:\Program Files\Internet Explorer
[2010/12/26 21:16:03 | 000,000,000 | ---D | M] -- I:\Program Files\iPod
[2010/12/26 21:16:57 | 000,000,000 | ---D | M] -- I:\Program Files\iTunes
[2010/02/02 19:00:11 | 000,000,000 | ---D | M] -- I:\Program Files\Java
[2007/06/15 14:10:14 | 000,000,000 | ---D | M] -- I:\Program Files\Kodak
[2009/03/28 11:27:32 | 000,000,000 | ---D | M] -- I:\Program Files\LeapFrog
[2011/01/25 21:45:15 | 000,000,000 | ---D | M] -- I:\Program Files\lg_fwupdate
[2009/10/04 16:46:42 | 000,000,000 | ---D | M] -- I:\Program Files\LimeWire
[2005/10/07 20:23:38 | 000,000,000 | ---D | M] -- I:\Program Files\LivePix 2.0
[2005/10/07 19:34:01 | 000,000,000 | ---D | M] -- I:\Program Files\Logitech
[2010/01/30 17:54:59 | 000,000,000 | ---D | M] -- I:\Program Files\Malwarebytes' Anti-Malware
[2005/12/28 22:16:50 | 000,000,000 | ---D | M] -- I:\Program Files\McAfee AntiSpyware 1.00 Install
[2010/01/31 11:36:43 | 000,000,000 | ---D | M] -- I:\Program Files\Messenger
[2005/10/07 20:23:43 | 000,000,000 | ---D | M] -- I:\Program Files\MGI
[2005/10/07 20:04:46 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft ActiveSync
[2007/05/10 02:03:27 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/10/05 19:28:22 | 000,000,000 | ---D | M] -- I:\Program Files\microsoft frontpage
[2010/01/30 21:34:16 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft Office
[2007/10/28 15:07:58 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft Picture It! 9
[2007/03/19 19:59:10 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft Visual Studio
[2007/03/19 19:59:41 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft Works
[2005/10/07 20:04:50 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft.NET
[2010/08/14 01:56:18 | 000,000,000 | ---D | M] -- I:\Program Files\Movie Maker
[2011/01/25 22:04:21 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox
[2007/10/09 20:22:51 | 000,000,000 | ---D | M] -- I:\Program Files\MSECache
[2005/10/05 19:24:21 | 000,000,000 | ---D | M] -- I:\Program Files\MSN
[2005/10/05 19:24:51 | 000,000,000 | ---D | M] -- I:\Program Files\MSN Gaming Zone
[2006/11/19 00:02:37 | 000,000,000 | ---D | M] -- I:\Program Files\MSXML 4.0
[2005/10/07 19:32:28 | 000,000,000 | ---D | M] -- I:\Program Files\MUSICMATCH
[2008/08/28 15:47:52 | 000,000,000 | ---D | M] -- I:\Program Files\NetMeeting
[2005/10/07 20:24:17 | 000,000,000 | ---D | M] -- I:\Program Files\Norton Personal Firewall
[2005/10/05 19:26:56 | 000,000,000 | ---D | M] -- I:\Program Files\Online Services
[2010/12/26 00:38:41 | 000,000,000 | ---D | M] -- I:\Program Files\Outlook Express
[2009/01/04 13:57:52 | 000,000,000 | ---D | M] -- I:\Program Files\ProVenture
[2010/12/26 21:14:49 | 000,000,000 | ---D | M] -- I:\Program Files\QuickTime
[2008/01/21 22:47:48 | 000,000,000 | ---D | M] -- I:\Program Files\Skype
[2006/08/19 22:32:32 | 000,000,000 | ---D | M] -- I:\Program Files\SlySoft
[2005/12/28 22:01:30 | 000,000,000 | ---D | M] -- I:\Program Files\Smart Projects
[2005/10/07 20:24:32 | 000,000,000 | ---D | M] -- I:\Program Files\Sonic RecordNow!
[2008/11/14 19:37:28 | 000,000,000 | ---D | M] -- I:\Program Files\Spybot - Search & Destroy
[2010/07/03 17:47:18 | 000,000,000 | ---D | M] -- I:\Program Files\SUPERAntiSpyware
[2005/10/07 20:24:36 | 000,000,000 | ---D | M] -- I:\Program Files\Sygate
[2010/01/30 19:58:20 | 000,000,000 | ---D | M] -- I:\Program Files\Trend Micro
[2010/01/30 21:38:07 | 000,000,000 | ---D | M] -- I:\Program Files\Ulead Systems
[2005/10/05 19:33:50 | 000,000,000 | -H-D | M] -- I:\Program Files\Uninstall Information
[2009/09/12 12:19:39 | 000,000,000 | ---D | M] -- I:\Program Files\USB File Transfer 1.11A
[2010/08/17 21:02:12 | 000,000,000 | ---D | M] -- I:\Program Files\VideoLAN
[2010/08/24 19:22:04 | 000,000,000 | ---D | M] -- I:\Program Files\Videos To DVD
[2011/01/22 22:14:07 | 000,000,000 | ---D | M] -- I:\Program Files\VirtualDJ
[2007/01/27 16:07:05 | 000,000,000 | ---D | M] -- I:\Program Files\Windows Media Connect 2
[2010/02/04 19:35:02 | 000,000,000 | ---D | M] -- I:\Program Files\Windows Media Player
[2008/08/28 15:47:47 | 000,000,000 | ---D | M] -- I:\Program Files\Windows NT
[2005/10/05 19:27:00 | 000,000,000 | -H-D | M] -- I:\Program Files\WindowsUpdate
[2007/07/17 14:39:37 | 000,000,000 | ---D | M] -- I:\Program Files\WinRAR
[2006/10/06 10:55:35 | 000,000,000 | ---D | M] -- I:\Program Files\WinZip
[2010/02/28 13:13:24 | 000,000,000 | ---D | M] -- I:\Program Files\WOT
[2008/08/30 10:34:28 | 000,000,000 | ---D | M] -- I:\Program Files\X-OOM
[2005/10/05 19:28:22 | 000,000,000 | ---D | M] -- I:\Program Files\xerox
[2010/04/19 14:10:40 | 000,000,000 | ---D | M] -- I:\Program Files\Yahoo!
[2009/07/07 21:46:33 | 000,000,000 | ---D | M] -- I:\Program Files\Zoom Player

< %appdata%\*.* >
[2006/04/07 15:25:29 | 000,000,871 | ---- | M] () -- I:\Documents and Settings\Melanie\Application Data\AdobeDLM.log
[2005/10/05 12:08:46 | 000,000,062 | -HS- | M] () -- I:\Documents and Settings\Melanie\Application Data\desktop.ini
[2006/04/07 15:25:29 | 000,000,000 | ---- | M] () -- I:\Documents and Settings\Melanie\Application Data\dm.ini
[2010/02/12 17:42:54 | 000,087,608 | ---- | M] () -- I:\Documents and Settings\Melanie\Application Data\inst.exe
[2007/09/08 23:49:56 | 000,111,871 | ---- | M] () -- I:\Documents and Settings\Melanie\Application Data\mdb.bin
[2010/02/12 17:42:54 | 000,007,887 | ---- | M] () -- I:\Documents and Settings\Melanie\Application Data\pcouffin.cat
[2010/02/12 17:42:54 | 000,001,144 | ---- | M] () -- I:\Documents and Settings\Melanie\Application Data\pcouffin.inf
[2010/02/12 17:43:00 | 000,000,034 | ---- | M] () -- I:\Documents and Settings\Melanie\Application Data\pcouffin.log
[2010/02/12 17:42:54 | 000,047,360 | ---- | M] (VSO Software) -- I:\Documents and Settings\Melanie\Application Data\pcouffin.sys


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/28 15:40:48 | 023,852,652 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/28 15:40:48 | 023,852,652 | ---- | M] () .cab file -- I:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- I:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- I:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- I:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/28 15:40:48 | 023,852,652 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/28 15:40:48 | 023,852,652 | ---- | M] () .cab file -- I:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- I:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- I:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- I:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- I:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/28 15:40:48 | 023,852,652 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/28 15:40:48 | 023,852,652 | ---- | M] () .cab file -- I:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- I:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- I:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- I:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- I:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- I:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- I:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- I:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- I:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- I:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- I:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- I:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- I:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- I:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- I:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- I:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/08/28 15:40:48 | 023,852,652 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/08/28 15:40:48 | 023,852,652 | ---- | M] () .cab file -- I:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 04:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- I:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- I:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- I:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-14 11:06:33

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:BFE23423
@Alternate Data Stream - 126 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:98353363

< End of report >



*** Not sure if you want Extras log ..

OTL Extras logfile created on: 1/25/2011 10:27:34 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = I:\Documents and Settings\Melanie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

639.00 Mb Total Physical Memory | 253.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): I:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 152.66 Gb Total Space | 16.59 Gb Free Space | 10.87% Space Free | Partition Type: NTFS

Computer Name: MELSSURFER | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"11824:TCP" = 11824:TCP:*:Enabled:BitComet 11824 TCP
"11824:UDP" = 11824:UDP:*:Enabled:BitComet 11824 UDP
"22331:TCP" = 22331:TCP:*:Enabled:BitComet 22331 TCP
"22331:UDP" = 22331:UDP:*:Enabled:BitComet 22331 UDP
"20284:TCP" = 20284:TCP:*:Enabled:BitComet 20284 TCP
"20284:UDP" = 20284:UDP:*:Enabled:BitComet 20284 UDP
"10830:TCP" = 10830:TCP:*:Enabled:BitComet 10830 TCP
"10830:UDP" = 10830:UDP:*:Enabled:BitComet 10830 UDP
"9796:TCP" = 9796:TCP:*:Enabled:BitComet 9796 TCP
"9796:UDP" = 9796:UDP:*:Enabled:BitComet 9796 UDP
"20725:TCP" = 20725:TCP:*:Enabled:BitComet 20725 TCP
"20725:UDP" = 20725:UDP:*:Enabled:BitComet 20725 UDP
"13813:TCP" = 13813:TCP:*:Enabled:BitComet 13813 TCP
"13813:UDP" = 13813:UDP:*:Enabled:BitComet 13813 UDP
"10318:TCP" = 10318:TCP:*:Enabled:BitComet 10318 TCP
"10318:UDP" = 10318:UDP:*:Enabled:BitComet 10318 UDP
"16487:TCP" = 16487:TCP:*:Enabled:BitComet 16487 TCP
"16487:UDP" = 16487:UDP:*:Enabled:BitComet 16487 UDP
"21801:TCP" = 21801:TCP:*:Enabled:BitComet 21801 TCP
"21801:UDP" = 21801:UDP:*:Enabled:BitComet 21801 UDP
"7834:TCP" = 7834:TCP:*:Enabled:BitComet 7834 TCP
"7834:UDP" = 7834:UDP:*:Enabled:BitComet 7834 UDP
"17708:TCP" = 17708:TCP:*:Enabled:BitComet 17708 TCP
"17708:UDP" = 17708:UDP:*:Enabled:BitComet 17708 UDP
"21228:TCP" = 21228:TCP:*:Enabled:BitComet 21228 TCP
"21228:UDP" = 21228:UDP:*:Enabled:BitComet 21228 UDP
"12864:TCP" = 12864:TCP:*:Enabled:BitComet 12864 TCP
"12864:UDP" = 12864:UDP:*:Enabled:BitComet 12864 UDP
"7205:TCP" = 7205:TCP:*:Enabled:BitComet 7205 TCP
"7205:UDP" = 7205:UDP:*:Enabled:BitComet 7205 UDP
"18344:TCP" = 18344:TCP:*:Enabled:BitComet 18344 TCP
"18344:UDP" = 18344:UDP:*:Enabled:BitComet 18344 UDP
"23665:TCP" = 23665:TCP:*:Enabled:BitComet 23665 TCP
"23665:UDP" = 23665:UDP:*:Enabled:BitComet 23665 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\Yahoo!\Messenger\YServer.exe" = I:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"I:\Program Files\LimeWire\LimeWire.exe" = I:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"I:\Program Files\AVG\AVG8\avgemc.exe" = I:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"I:\Program Files\AVG\AVG8\avgupd.exe" = I:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"I:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe" = I:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe:*:Enabled:FLYMonitor.exe -- (LeapFrog Enterprises, Inc.)
"I:\Program Files\LeapFrog\FlyWorld\bin\FLYWorld.exe" = I:\Program Files\LeapFrog\FlyWorld\bin\FLYWorld.exe:*:Enabled:FLYWorld.exe -- ()
"I:\Program Files\AVG\AVG9\avgemc.exe" = I:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\AVG\AVG9\avgupd.exe" = I:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\AVG\AVG9\avgnsx.exe" = I:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\BitComet\BitComet.exe" = I:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- ([You must be registered and logged in to see this link.]
"I:\Program Files\iTunes\iTunes.exe" = I:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"I:\Program Files\VirtualDJ\virtualdj_pro.exe" = I:\Program Files\VirtualDJ\virtualdj_pro.exe:*:Disabled:Virtual DJ Pro -- (Atomix Productions)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java(TM) 6 Update 17
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{47ADD796-D608-4833-93E1-D2239B0030F6}" = SiPix StyleCam Deluxe
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586D9A3C-FF54-46BD-A4C6-5C70608AFD39}" = ArcSoft VideoImpression 1.6
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D946D0D-9437-4E15-AC1F-F9BCF0B32561}" = FLY World
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = LG CyberLink PowerDVD 7.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9
"{A3096853-5F1C-464A-B7AE-5FB5137EAEC5}" = ArcSoft PhotoImpression
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0905}" = Microsoft Digital Image Pro 9
"{DF5A8D64-0B50-46D7-B85D-E66CE690092C}" = WOT for Internet Explorer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AVG9Uninstall" = AVG Free 9.0
"BitComet" = BitComet 1.25
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneCD" = CloneCD
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0
"Easy CD-DA Extractor Free 2010" = Easy CD-DA Extractor Free 2010
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FLY World" = FLY World
"Free Videos To DVD_is1" = Free Videos To DVD V 3.2.0
"GearDrivers" = GearDrivers
"HijackThis" = HijackThis 2.0.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"IsoBuster_is1" = IsoBuster 1.9
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PictureIt_POD_v9" = Microsoft Digital Image Library 9
"PictureIt_v9" = Microsoft Digital Image Pro 9
"USB File Transfer 1.11A" = USB File Transfer 1.11A
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.1.2
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X-OOM Movie Clone 4" = X-OOM Movie Clone 4 uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2011 12:00:46 AM | Computer Name = MELSSURFER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2011 12:06:05 AM | Computer Name = MELSSURFER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2011 1:53:59 AM | Computer Name = MELSSURFER | Source = Application Error | ID = 1000
Description = Faulting application videosnapshot.exe, version 1.1.10.20, faulting
module l3codecx.ax, version 1.6.0.52, fault address 0x000017de.

Error - 1/14/2011 4:42:28 PM | Computer Name = MELSSURFER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 12:33:53 AM | Computer Name = MELSSURFER | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 6:34:33 PM | Computer Name = MELSSURFER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2011 2:06:31 AM | Computer Name = MELSSURFER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2011 2:06:56 AM | Computer Name = MELSSURFER | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 1/24/2011 12:18:56 AM | Computer Name = MELSSURFER | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2011 2:10:12 AM | Computer Name = MELSSURFER | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)

[ System Events ]
Error - 1/24/2011 11:15:17 PM | Computer Name = MELSSURFER | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%2

Error - 1/24/2011 11:15:17 PM | Computer Name = MELSSURFER | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service iPod Service with
arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 1/25/2011 7:24:50 PM | Computer Name = MELSSURFER | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%1058

Error - 1/25/2011 7:24:50 PM | Computer Name = MELSSURFER | Source = Service Control Manager | ID = 7000
Description = The GeneLink File Transfer Driver service failed to start due to the
following error: %%1058

Error - 1/25/2011 7:24:55 PM | Computer Name = MELSSURFER | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%2

Error - 1/25/2011 7:24:55 PM | Computer Name = MELSSURFER | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service iPod Service with
arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 1/26/2011 1:44:22 AM | Computer Name = MELSSURFER | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%1058

Error - 1/26/2011 1:44:22 AM | Computer Name = MELSSURFER | Source = Service Control Manager | ID = 7000
Description = The GeneLink File Transfer Driver service failed to start due to the
following error: %%1058

Error - 1/26/2011 1:44:40 AM | Computer Name = MELSSURFER | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service iPod Service with
arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 1/26/2011 1:44:40 AM | Computer Name = MELSSURFER | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%2


< End of report >

spicegirl Mel

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-26
Operating System : XP

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by Belahzur on Thu 27 Jan 2011, 11:55 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKLM..\Run: [jkss.exe] I:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe ((c) MICR0S0FT corporation)
    O4 - HKCU..\Run: [jkss.exe] I:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe ((c) MICR0S0FT corporation)
    O20 - Winlogon\Notify\d4a6afe8757: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by spicegirl Mel on Thu 27 Jan 2011, 6:06 pm

Thank you ..
Here is the log... Sheild is still sending the Virus message every 2 seconds.. and it is so annoying ..

all processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jkss.exe not found.
File I:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jkss.exe not found.
File I:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\d4a6afe8757\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Melanie
->Temp folder emptied: 371440 bytes
->Temporary Internet Files folder emptied: 54948 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: New Folder

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 01262011_225530

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Thanks again..

spicegirl Mel

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-26
Operating System : XP

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by Belahzur on Fri 28 Jan 2011, 9:55 am

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by spicegirl Mel on Fri 28 Jan 2011, 2:54 pm

When i turned the computer on I have NO SYSTEM .. just a screen shot ,no start bar ... - can use control alt del. - shows no SYSTEM 32 or WINDOWS
I have put the combo fix on a USB - which i tried to run , but can't as AVG is somewhere in the background - but i can't get to the control panel to uninstall it ..
Any ideas on how I can get AVG gone From Blank desktop
Thanks for your help.
Mel

spicegirl Mel

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-26
Operating System : XP

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by Belahzur on Sat 29 Jan 2011, 12:18 pm

Hello.

Open the Task Manager via ctrl/alt/del. Go to the "Applications" tab, and press "New Task..."

In the open field, type in explorer.exe and hit the OK button.

Does your Desktop load now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by spicegirl Mel on Sat 29 Jan 2011, 5:18 pm

I have no explorer.exe or system32.exe - No , I can't get a desktop that way - just said explorer.exe cannott be found.

UPDATE!!! I got AVG out and was able to run combo fix .... !!!! YAY !~!


Here is my CF log
ComboFix 11-01-28.02 - Melanie 01/28/2011 23:55:13.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.421 [GMT -8:00]
Running from: i:\documents and settings\Melanie\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
i:\documents and settings\Melanie\Application Data\inst.exe
i:\windows\system32\Temp
i:\windows\system32\Temp\sbp\_IsUser.dll
i:\windows\system32\Temp\sbp\_setup.dll
i:\windows\system32\Temp\sbp\data1.cab
i:\windows\system32\Temp\sbp\data1.hdr
i:\windows\system32\Temp\sbp\data2.cab
i:\windows\system32\Temp\sbp\engine32.cab
i:\windows\system32\Temp\sbp\iKernel.dll
i:\windows\system32\Temp\sbp\layout.bin
i:\windows\system32\Temp\sbp\License.txt
i:\windows\system32\Temp\sbp\setup.boot
i:\windows\system32\Temp\sbp\setup.exe
i:\windows\system32\Temp\sbp\setup.ini
i:\windows\system32\Temp\sbp\setup.inx

-- Previous Run --

Infected copy of i:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - i:\windows\ERDNT\cache\winlogon.exe

--------

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
.

2100-02-08 23:03 . 2001-05-11 18:39 53248 ----a-w- i:\program files\ACMonitor_X73.exe
2011-01-28 04:04 . 2011-01-29 06:44 -------- d-----w- i:\documents and settings\Administrator
2011-01-27 06:43 . 2011-01-27 06:43 -------- d-----w- I:\_OTL
2011-01-25 03:19 . 2011-01-25 03:19 -------- d-----w- i:\documents and settings\All Users\Application Data\SSScanAppDataDir
2011-01-25 03:19 . 2011-01-25 03:19 -------- d-----w- i:\documents and settings\All Users\Application Data\MSScanAppDataDir
2011-01-23 06:13 . 2011-01-23 06:14 -------- d-----w- i:\program files\VirtualDJ
2011-01-17 04:43 . 2011-01-17 04:43 -------- d-----w- i:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-01-17 04:39 . 2011-01-17 04:39 -------- d-----w- i:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-15 02:28 . 2011-01-25 04:23 -------- d-----w- I:\New Folder
2011-01-09 02:16 . 2011-01-09 02:16 -------- d-----w- i:\documents and settings\Melanie\Local Settings\Application Data\Easy CD-DA Extractor
2011-01-09 02:16 . 2011-01-09 02:16 -------- d-----w- i:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2011-01-09 02:15 . 2011-01-09 02:15 -------- d-----w- i:\documents and settings\All Users\Application Data\Easy CD-DA Extractor Free
2011-01-09 02:15 . 2011-01-09 02:15 -------- d-----w- i:\program files\Easy CD-DA Extractor Free 2010
2011-01-07 11:11 . 2011-01-07 11:11 93400 ----a-w- i:\program files\cffmon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- i:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- i:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-10-06 03:25 81920 ----a-w- i:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 12:00 249856 ----a-w- i:\windows\system32\odbc32.dll
2010-11-05 05:05 . 2004-08-04 12:00 667136 ----a-w- i:\windows\system32\wininet.dll
2010-11-05 05:05 . 2004-08-04 12:00 61952 ----a-w- i:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2004-08-04 12:00 81920 ----a-w- i:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2004-08-04 12:00 369664 ----a-w- i:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- i:\windows\system32\drivers\ndproxy.sys
2010-02-02 00:30 . 2010-02-02 00:30 1224612 ----a-w- i:\program files\SetupAnyDVD5441.exe
2009-03-22 20:43 . 2009-03-22 20:43 73332008 ----a-w- i:\program files\iTunesSetup2.exe
2008-12-06 06:26 . 2008-12-06 06:25 7332072 ----a-w- i:\program files\Firefox Setup 3.0.4.exe
2008-06-27 06:38 . 2008-06-27 06:38 7156336 ----a-w- i:\program files\DVDFab5030.exe
2008-03-24 02:07 . 2008-03-24 02:07 3940342 ----a-w- i:\program files\NIStudioSetup.exe
2008-01-22 06:47 . 2008-01-22 06:47 22595368 ----a-w- i:\program files\SkypeSetup.exe
2007-03-12 06:19 . 2007-03-12 06:19 14993976 ----a-w- i:\program files\GoogleEarthWin_EARY.exe
2006-12-10 19:06 . 2006-12-10 19:03 36808256 ----a-w- i:\program files\iTunesSetup.exe
2006-10-22 19:45 . 2006-10-22 19:44 17207032 ----a-w- i:\program files\avg75free_428a818.exe
2006-10-06 18:55 . 2006-10-06 18:55 5846632 ----a-w- i:\program files\winzip100.exe
2006-06-01 18:41 . 2006-06-01 18:41 2561674 ----a-w- i:\program files\SetupCloneCD5291.exe
2006-05-21 20:11 . 2006-05-21 20:09 4856576 ----a-w- i:\program files\GoogleVideoPlayerSetup.exe
2006-04-07 23:25 . 2006-04-07 23:23 21254280 ----a-w- i:\program files\AdbeRdr707_en_US.exe
2006-03-11 04:51 . 2005-10-30 22:08 12652784 ----a-w- i:\program files\MP10Setup.exe
2005-10-18 05:18 . 2005-10-08 05:02 843824 ----a-w- i:\program files\SetupDVDDecrypter_3[1].5.2.0.exe
2005-10-18 01:38 . 2005-10-18 01:38 353298 ----a-w- i:\program files\LimeWireWin.exe
2005-10-16 23:11 . 2005-10-16 23:11 34235626 ----a-w- i:\program files\Nero-6[1].6.0.16.exe
2005-10-11 19:41 . 2005-10-11 19:41 226584 ----a-w- i:\program files\jre-1_5_0_04-windows-i586-p-iftw.exe
2005-10-08 05:35 . 2005-10-08 05:35 1138918 ----a-w- i:\program files\artisanburner.exe
2005-10-08 03:39 . 2005-10-08 03:38 381480 ----a-w- i:\program files\msgr7us.exe
2001-05-08 23:36 . 2000-12-05 22:56 114688 ----a-w- i:\program files\lxarscan.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . i:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . i:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . i:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . i:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . i:\windows\$NtUninstallKB938828$\explorer.exe

i:\windows\explorer.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="i:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 4662776]
"SUPERAntiSpyware"="i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-04 2403568]
"YSearchProtection"="i:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01 243000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="i:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="i:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="i:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SiSPower"="SiSPower.dll" [2005-04-12 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"DELUXECC"="i:\windows\twain_32\SiPix\SCDeluxe\DELUXECC.exe" [2002-08-19 229376]
"PrinTray"="i:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-01-30 36352]
"CloneCDElbyCDFL"="i:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"CloneCDTray"="i:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"Microsoft Works Update Detection"="i:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"FlyMonitor"="i:\program files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [2008-05-13 664904]
"CanonMyPrinter"="i:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu"="i:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"RemoteControl"="i:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="i:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UCam_Menu"="i:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"LGODDFU"="i:\program files\lg_fwupdate\fwupdate.exe" [2010-02-26 557056]
"UpdatePSTShortCut"="i:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-08 210216]
"QuickTime Task"="i:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]

i:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - i:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "i:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- i:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"i:\\Program Files\\LimeWire\\LimeWire.exe"=
"i:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYMonitor.exe"=
"i:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYWorld.exe"=
"i:\\Program Files\\Skype\\Phone\\Skype.exe"=
"i:\\Program Files\\BitComet\\BitComet.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
"i:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11824:TCP"= 11824:TCP:BitComet 11824 TCP
"11824:UDP"= 11824:UDP:BitComet 11824 UDP
"22331:TCP"= 22331:TCP:BitComet 22331 TCP
"22331:UDP"= 22331:UDP:BitComet 22331 UDP
"20284:TCP"= 20284:TCP:BitComet 20284 TCP
"20284:UDP"= 20284:UDP:BitComet 20284 UDP
"10830:TCP"= 10830:TCP:BitComet 10830 TCP
"10830:UDP"= 10830:UDP:BitComet 10830 UDP
"9796:TCP"= 9796:TCP:BitComet 9796 TCP
"9796:UDP"= 9796:UDP:BitComet 9796 UDP
"20725:TCP"= 20725:TCP:BitComet 20725 TCP
"20725:UDP"= 20725:UDP:BitComet 20725 UDP
"13813:TCP"= 13813:TCP:BitComet 13813 TCP
"13813:UDP"= 13813:UDP:BitComet 13813 UDP
"10318:TCP"= 10318:TCP:BitComet 10318 TCP
"10318:UDP"= 10318:UDP:BitComet 10318 UDP
"16487:TCP"= 16487:TCP:BitComet 16487 TCP
"16487:UDP"= 16487:UDP:BitComet 16487 UDP
"21801:TCP"= 21801:TCP:BitComet 21801 TCP
"21801:UDP"= 21801:UDP:BitComet 21801 UDP
"7834:TCP"= 7834:TCP:BitComet 7834 TCP
"7834:UDP"= 7834:UDP:BitComet 7834 UDP
"17708:TCP"= 17708:TCP:BitComet 17708 TCP
"17708:UDP"= 17708:UDP:BitComet 17708 UDP
"21228:TCP"= 21228:TCP:BitComet 21228 TCP
"21228:UDP"= 21228:UDP:BitComet 21228 UDP
"12864:TCP"= 12864:TCP:BitComet 12864 TCP
"12864:UDP"= 12864:UDP:BitComet 12864 UDP
"7205:TCP"= 7205:TCP:BitComet 7205 TCP
"7205:UDP"= 7205:UDP:BitComet 7205 UDP
"18344:TCP"= 18344:TCP:BitComet 18344 TCP
"18344:UDP"= 18344:UDP:BitComet 18344 UDP
"23665:TCP"= 23665:TCP:BitComet 23665 TCP
"23665:UDP"= 23665:UDP:BitComet 23665 UDP

R0 ElbyVCD;ElbyVCD;i:\windows\system32\drivers\ElbyVCD.sys [11/28/2002 2:43 AM 22016]
R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 67656]
S2 USBHSB;GeneLink File Transfer Driver;i:\windows\system32\drivers\usbhsb.sys [3/3/2007 2:12 PM 18690]
S3 FlyUsb;FLY Fusion;i:\windows\system32\drivers\FlyUsb.sys [3/28/2009 11:28 AM 18560]
S3 SASENUM;SASENUM;i:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
S3 SCDELUXES;SiPix StyleCam Deluxe (still);i:\windows\system32\drivers\se402sc.sys [10/8/2005 11:20 AM 79484]
S3 SCDELUXEV;SiPix StyleCam Deluxe (video);i:\windows\system32\drivers\se402vc.sys [10/8/2005 11:20 AM 368868]
.
Contents of the 'Scheduled Tasks' folder

2011-01-18 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &D&ownload &with BitComet - i:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - i:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - i:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - i:\documents and settings\Melanie\Application Data\Mozilla\Firefox\Profiles\8dors51v.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - i:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WhenUSave - i:\program files\Save\Save.exe
HKCU-Run-Search Protection - i:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-SunJavaUpdateSched - i:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-Lexmark X73 Button Monitor - i:\progra~1\LEXMAR~1\ACMonitor_X73.exe
HKLM-Run-Lexmark X73 Button Manager - i:\progra~1\LEXMAR~1\AcBtnMgr_X73.exe
Notify-avgrsstarter - avgrsstx.dll
AddRemove-HijackThis - i:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-01-29 00:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
i:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2011-01-29 00:02:45
ComboFix-quarantined-files.txt 2011-01-29 08:02

Pre-Run: 23,523,770,368 bytes free
Post-Run: 23,491,411,968 bytes free

- - End Of File - - B8C2C006D98DBCDFCEF2167574C88130

At the end it said Can't find Windows/explorer.exe ....


Thank you for your time !!!

spicegirl Mel

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-26
Operating System : XP

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by Belahzur on Sun 30 Jan 2011, 10:36 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    FCopy::
    i:\windows\ERDNT\cache\explorer.exe | i:\windows\explorer.exe
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by spicegirl Mel on Sun 30 Jan 2011, 2:50 pm

YAY !!! It worked !!! I have Icons on my desktop!!!
You are my hero ...
Shall I re-install my avg? I will await your further instruction ..

YOU FRICKEN ROCK Belahzur !!!

CF Log -

ComboFix 11-01-28.03 - Melanie 01/29/2011 19:37:33.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.431 [GMT -8:00]
Running from: i:\documents and settings\Melanie\Desktop\Combo-Fix.exe
Command switches used :: i:\documents and settings\Melanie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

i:\windows\ERDNT\cache\explorer.exe --> i:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.

2100-02-08 23:03 . 2001-05-11 18:39 53248 ----a-w- i:\program files\ACMonitor_X73.exe
2011-01-30 03:37 . 2008-04-14 00:12 1033728 -c--a-w- i:\windows\system32\dllcache\explorer.exe
2011-01-28 04:04 . 2011-01-29 06:44 -------- d-----w- i:\documents and settings\Administrator
2011-01-27 06:43 . 2011-01-27 06:43 -------- d-----w- I:\_OTL
2011-01-25 03:19 . 2011-01-25 03:19 -------- d-----w- i:\documents and settings\All Users\Application Data\SSScanAppDataDir
2011-01-25 03:19 . 2011-01-25 03:19 -------- d-----w- i:\documents and settings\All Users\Application Data\MSScanAppDataDir
2011-01-23 06:13 . 2011-01-23 06:14 -------- d-----w- i:\program files\VirtualDJ
2011-01-17 04:43 . 2011-01-17 04:43 -------- d-----w- i:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-01-17 04:39 . 2011-01-17 04:39 -------- d-----w- i:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-15 02:28 . 2011-01-25 04:23 -------- d-----w- I:\New Folder
2011-01-09 02:16 . 2011-01-09 02:16 -------- d-----w- i:\documents and settings\Melanie\Local Settings\Application Data\Easy CD-DA Extractor
2011-01-09 02:16 . 2011-01-09 02:16 -------- d-----w- i:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2011-01-09 02:15 . 2011-01-09 02:15 -------- d-----w- i:\documents and settings\All Users\Application Data\Easy CD-DA Extractor Free
2011-01-09 02:15 . 2011-01-09 02:15 -------- d-----w- i:\program files\Easy CD-DA Extractor Free 2010
2011-01-07 11:11 . 2011-01-07 11:11 93400 ----a-w- i:\program files\cffmon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- i:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- i:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-10-06 03:25 81920 ----a-w- i:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 12:00 249856 ----a-w- i:\windows\system32\odbc32.dll
2010-11-05 05:05 . 2004-08-04 12:00 667136 ----a-w- i:\windows\system32\wininet.dll
2010-11-05 05:05 . 2004-08-04 12:00 61952 ----a-w- i:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2004-08-04 12:00 81920 ----a-w- i:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2004-08-04 12:00 369664 ----a-w- i:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- i:\windows\system32\drivers\ndproxy.sys
2010-02-02 00:30 . 2010-02-02 00:30 1224612 ----a-w- i:\program files\SetupAnyDVD5441.exe
2009-03-22 20:43 . 2009-03-22 20:43 73332008 ----a-w- i:\program files\iTunesSetup2.exe
2008-12-06 06:26 . 2008-12-06 06:25 7332072 ----a-w- i:\program files\Firefox Setup 3.0.4.exe
2008-06-27 06:38 . 2008-06-27 06:38 7156336 ----a-w- i:\program files\DVDFab5030.exe
2008-03-24 02:07 . 2008-03-24 02:07 3940342 ----a-w- i:\program files\NIStudioSetup.exe
2008-01-22 06:47 . 2008-01-22 06:47 22595368 ----a-w- i:\program files\SkypeSetup.exe
2007-03-12 06:19 . 2007-03-12 06:19 14993976 ----a-w- i:\program files\GoogleEarthWin_EARY.exe
2006-12-10 19:06 . 2006-12-10 19:03 36808256 ----a-w- i:\program files\iTunesSetup.exe
2006-10-22 19:45 . 2006-10-22 19:44 17207032 ----a-w- i:\program files\avg75free_428a818.exe
2006-10-06 18:55 . 2006-10-06 18:55 5846632 ----a-w- i:\program files\winzip100.exe
2006-06-01 18:41 . 2006-06-01 18:41 2561674 ----a-w- i:\program files\SetupCloneCD5291.exe
2006-05-21 20:11 . 2006-05-21 20:09 4856576 ----a-w- i:\program files\GoogleVideoPlayerSetup.exe
2006-04-07 23:25 . 2006-04-07 23:23 21254280 ----a-w- i:\program files\AdbeRdr707_en_US.exe
2006-03-11 04:51 . 2005-10-30 22:08 12652784 ----a-w- i:\program files\MP10Setup.exe
2005-10-18 05:18 . 2005-10-08 05:02 843824 ----a-w- i:\program files\SetupDVDDecrypter_3[1].5.2.0.exe
2005-10-18 01:38 . 2005-10-18 01:38 353298 ----a-w- i:\program files\LimeWireWin.exe
2005-10-16 23:11 . 2005-10-16 23:11 34235626 ----a-w- i:\program files\Nero-6[1].6.0.16.exe
2005-10-11 19:41 . 2005-10-11 19:41 226584 ----a-w- i:\program files\jre-1_5_0_04-windows-i586-p-iftw.exe
2005-10-08 05:35 . 2005-10-08 05:35 1138918 ----a-w- i:\program files\artisanburner.exe
2005-10-08 03:39 . 2005-10-08 03:38 381480 ----a-w- i:\program files\msgr7us.exe
2001-05-08 23:36 . 2000-12-05 22:56 114688 ----a-w- i:\program files\lxarscan.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-30 03:22 . 2011-01-30 03:22 16384 i:\windows\temp\Perflib_Perfdata_604.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="i:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 4662776]
"SUPERAntiSpyware"="i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-04 2403568]
"YSearchProtection"="i:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01 243000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="i:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="i:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="i:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SiSPower"="SiSPower.dll" [2005-04-12 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"DELUXECC"="i:\windows\twain_32\SiPix\SCDeluxe\DELUXECC.exe" [2002-08-19 229376]
"PrinTray"="i:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-01-30 36352]
"CloneCDElbyCDFL"="i:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"CloneCDTray"="i:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"Microsoft Works Update Detection"="i:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"FlyMonitor"="i:\program files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [2008-05-13 664904]
"CanonMyPrinter"="i:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu"="i:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"RemoteControl"="i:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="i:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UCam_Menu"="i:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"LGODDFU"="i:\program files\lg_fwupdate\fwupdate.exe" [2010-02-26 557056]
"UpdatePSTShortCut"="i:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-08 210216]
"QuickTime Task"="i:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]

i:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - i:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "i:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- i:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"i:\\Program Files\\LimeWire\\LimeWire.exe"=
"i:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYMonitor.exe"=
"i:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYWorld.exe"=
"i:\\Program Files\\Skype\\Phone\\Skype.exe"=
"i:\\Program Files\\BitComet\\BitComet.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
"i:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11824:TCP"= 11824:TCP:BitComet 11824 TCP
"11824:UDP"= 11824:UDP:BitComet 11824 UDP
"22331:TCP"= 22331:TCP:BitComet 22331 TCP
"22331:UDP"= 22331:UDP:BitComet 22331 UDP
"20284:TCP"= 20284:TCP:BitComet 20284 TCP
"20284:UDP"= 20284:UDP:BitComet 20284 UDP
"10830:TCP"= 10830:TCP:BitComet 10830 TCP
"10830:UDP"= 10830:UDP:BitComet 10830 UDP
"9796:TCP"= 9796:TCP:BitComet 9796 TCP
"9796:UDP"= 9796:UDP:BitComet 9796 UDP
"20725:TCP"= 20725:TCP:BitComet 20725 TCP
"20725:UDP"= 20725:UDP:BitComet 20725 UDP
"13813:TCP"= 13813:TCP:BitComet 13813 TCP
"13813:UDP"= 13813:UDP:BitComet 13813 UDP
"10318:TCP"= 10318:TCP:BitComet 10318 TCP
"10318:UDP"= 10318:UDP:BitComet 10318 UDP
"16487:TCP"= 16487:TCP:BitComet 16487 TCP
"16487:UDP"= 16487:UDP:BitComet 16487 UDP
"21801:TCP"= 21801:TCP:BitComet 21801 TCP
"21801:UDP"= 21801:UDP:BitComet 21801 UDP
"7834:TCP"= 7834:TCP:BitComet 7834 TCP
"7834:UDP"= 7834:UDP:BitComet 7834 UDP
"17708:TCP"= 17708:TCP:BitComet 17708 TCP
"17708:UDP"= 17708:UDP:BitComet 17708 UDP
"21228:TCP"= 21228:TCP:BitComet 21228 TCP
"21228:UDP"= 21228:UDP:BitComet 21228 UDP
"12864:TCP"= 12864:TCP:BitComet 12864 TCP
"12864:UDP"= 12864:UDP:BitComet 12864 UDP
"7205:TCP"= 7205:TCP:BitComet 7205 TCP
"7205:UDP"= 7205:UDP:BitComet 7205 UDP
"18344:TCP"= 18344:TCP:BitComet 18344 TCP
"18344:UDP"= 18344:UDP:BitComet 18344 UDP
"23665:TCP"= 23665:TCP:BitComet 23665 TCP
"23665:UDP"= 23665:UDP:BitComet 23665 UDP

R0 ElbyVCD;ElbyVCD;i:\windows\system32\drivers\ElbyVCD.sys [11/28/2002 2:43 AM 22016]
R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 67656]
S2 USBHSB;GeneLink File Transfer Driver;i:\windows\system32\drivers\usbhsb.sys [3/3/2007 2:12 PM 18690]
S3 FlyUsb;FLY Fusion;i:\windows\system32\drivers\FlyUsb.sys [3/28/2009 11:28 AM 18560]
S3 SASENUM;SASENUM;i:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
S3 SCDELUXES;SiPix StyleCam Deluxe (still);i:\windows\system32\drivers\se402sc.sys [10/8/2005 11:20 AM 79484]
S3 SCDELUXEV;SiPix StyleCam Deluxe (video);i:\windows\system32\drivers\se402vc.sys [10/8/2005 11:20 AM 368868]
.
Contents of the 'Scheduled Tasks' folder

2011-01-18 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &D&ownload &with BitComet - i:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - i:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - i:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - i:\documents and settings\Melanie\Application Data\Mozilla\Firefox\Profiles\8dors51v.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - i:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-01-29 19:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
i:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2011-01-29 19:43:45
ComboFix-quarantined-files.txt 2011-01-30 03:43
ComboFix2.txt 2011-01-29 08:02

Pre-Run: 23,476,244,480 bytes free
Post-Run: 23,459,090,432 bytes free

- - End Of File - - E9DCE6F46D68C7A98D91963443415E42

spicegirl Mel

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-26
Operating System : XP

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by Belahzur on Mon 31 Jan 2011, 11:44 am

Hello.
You can re-install AVG, but do this first.

I see that you are running Limewire and BitComet.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0.7
    BitComet 1.25
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) 6 Update 18
    Java(TM) 6 Update 17
    LimeWire 5.3.6

Re-install AVG, let me know once you have done, there is several updates to be done now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by spicegirl Mel on Mon 31 Jan 2011, 2:24 pm

Thank You ,
I have removed all programs listed and re-installed the AVG ..
Ready to do the updates ....



spicegirl Mel

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-26
Operating System : XP

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by Belahzur on Tue 01 Feb 2011, 12:32 pm

Hello.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 23.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe that you downloaded to install the newest version.

Please download Firefox 3.6.13 and install it. It will install over version 3.0 you currently have installed, so you won't lose any bookmarked websites.

Download and install VLC Player 1.1.6
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

Then download and install Adobe Reader X

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by spicegirl Mel on Tue 01 Feb 2011, 1:53 pm

Thanks you soooo much !!!!
My machine is doing much better now !!!
I reallllly Appreciate all your time and effort and knowledge !!!
Thank you again !!
Anything else i need to do ??

spicegirl Mel

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-26
Operating System : XP

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by Belahzur on Wed 02 Feb 2011, 12:27 pm

Hello.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

  • Firefox may be downloaded from here: [You must be registered and logged in to see this link.]
  • Opera is available here: [You must be registered and logged in to see this link.]
  • Google Chrome is available here: Google Chrome
  • SRWare Iron is available here: SRWare Iron

Thank you for choosing GeekPolice. [You must be registered and logged in to see this link.]


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by spicegirl Mel on Wed 02 Feb 2011, 1:48 pm

Thank you !
I downloaded Spyware Blaster... Thanks for the tips..
I do try to use Firefox most of the time too ..
Thanks for all your help Again !!!
I think I am back to normal !



spicegirl Mel

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-26
Operating System : XP

View user profile

Back to top Go down

Re: Win32.Packed GB :(

Post by Sponsored content Today at 6:08 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum