Unknown malware, etc.

View previous topic View next topic Go down

Unknown malware, etc.

Post by Mike@MikePlayer.com on Fri 08 Jul 2011, 10:59 am

Hi, This system has had some malware removed, but issues remain, so I bring the issue to you. Thanks for your help and direction.

Mike Player, [You must be registered and logged in to see this link.]

I am having problems attaching the three files, the system says that is will not take it....???What should I do?

Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Pancake on Fri 08 Jul 2011, 4:08 pm

Try posting them in seperate parts rather than trying to attatch them.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Mike@MikePlayer.com on Sat 09 Jul 2011, 2:57 am

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-07 10:18:24
-----------------------------
10:18:24.078 OS Version: Windows 5.1.2600 Service Pack 3
10:18:24.078 Number of processors: 2 586 0x407
10:18:24.078 ComputerName: KITCHEN UserName: Owner
10:18:25.625 Initialize success
16:43:36.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
16:43:36.329 Disk 0 Vendor: WDC_WD2000BB-00RDA0 20.00K20 Size: 190782MB BusType: 3
16:43:38.360 Disk 0 MBR read successfully
16:43:38.360 Disk 0 MBR scan
16:43:38.360 Disk 0 unknown MBR code
16:43:40.376 Disk 0 scanning sectors +390700800
16:43:40.392 Disk 0 scanning C:\WINDOWS\system32\drivers
16:44:16.204 Service scanning
16:44:17.954 Disk 0 trace - called modules:
16:44:17.985 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:44:17.985 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8577fab8]
16:44:17.985 3 CLASSPNP.SYS[f76e2fd7] -> nt!IofCallDriver -> \Device\000000a7[0x8574c9e8]
16:44:17.985 5 ACPI.sys[f74d9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x85783d98]
16:44:18.001 Scan finished successfully
16:44:43.751 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat"
16:44:43.751 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt"


Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Mike@MikePlayer.com on Sat 09 Jul 2011, 2:58 am

OTL Extras logfile created on: 7/7/2011 9:46:18 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.57 Mb Total Physical Memory | 331.34 Mb Available Physical Memory | 37.08% Memory free
2.11 Gb Paging File | 1.18 Gb Available in Paging File | 55.98% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.01 Gb Total Space | 78.16 Gb Free Space | 43.18% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.40 Gb Free Space | 64.37% Space Free | Partition Type: FAT32

Computer Name: KITCHEN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"24829:TCP" = 24829:TCP:*:Enabled:BitComet 24829 TCP
"24829:UDP" = 24829:UDP:*:Enabled:BitComet 24829 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- ([You must be registered and logged in to see this link.]
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012E1293-EA51-4C22-9573-26E3A0F887C5}" = Channel Master
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{47A8ED18-BABE-42F7-A387-7F8D48F4EC03}" = Mastercam X
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-0001-0409-0000-0060B0CE6BBA}" = AutoCAD 2000i
"{5783F2D7-0301-0409-0002-0060B0CE6BBA}" = AutoCAD 2005 - English
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75FEB085-179F-4C85-B0E4-B517D2160750}" = eDrawings 2007
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{803259ED-7A67-4CB5-B6D7-281ED371091B}" = LogMeIn
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86AAC572-A9A6-427A-B25C-3FEB706F860C}" = Mastercam 8.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B123EBD8-89B7-4834-B06D-F758815E1033}" = Nero 7 Ultra Edition
"{BA180519-5857-4D89-9EAD-A2248B89AEF7}" = RangeBooster G WUA-2340
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5125699-C01A-4ED8-BD3A-265DF29859FE}" = DWGeditor
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ATI Display Driver" = ATI Display Driver
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"BitComet" = BitComet 1.14
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"CometBird (3.0.6)" = CometBird (3.0.6)
"FTDICOMM" = MiniCSU-3 USB Drivers
"Gateway Game Console" = Gateway Game Console
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist Corporate
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{47A8ED18-BABE-42F7-A387-7F8D48F4EC03}" = Mastercam X
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"InstallShield_{BA180519-5857-4D89-9EAD-A2248B89AEF7}" = RangeBooster G WUA-2340
"LimeWire" = LimeWire 4.16.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MpcStar" = MpcStar 5.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RealPlayer 12.0" = RealPlayer
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2011 1:02:03 PM | Computer Name = KITCHEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/29/2011 1:02:03 PM | Computer Name = KITCHEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/29/2011 1:03:42 PM | Computer Name = KITCHEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/29/2011 1:03:42 PM | Computer Name = KITCHEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/29/2011 1:32:31 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x41002054.

Error - 6/29/2011 1:33:36 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x41002054.

Error - 6/29/2011 1:36:18 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1001
Description = Fault bucket 507777643.

Error - 6/29/2011 1:36:18 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1001
Description = Fault bucket 507777643.

Error - 7/7/2011 12:02:21 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x41002054.

Error - 7/7/2011 12:02:41 PM | Computer Name = KITCHEN | Source = Application Error | ID = 1001
Description = Fault bucket 507777643.

[ System Events ]
Error - 6/29/2011 6:21:14 AM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Haspnt service failed to start due to the following error: %%1117

Error - 6/29/2011 12:23:40 PM | Computer Name = KITCHEN | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 6/29/2011 12:38:55 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Haspnt service failed to start due to the following error: %%1117

Error - 6/29/2011 1:02:17 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Haspnt service failed to start due to the following error: %%1117

Error - 6/29/2011 1:25:02 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Haspnt service failed to start due to the following error: %%1117

Error - 6/29/2011 11:58:15 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Haspnt service failed to start due to the following error: %%1117

Error - 6/30/2011 12:01:51 AM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 6/30/2011 12:01:51 AM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 6/30/2011 12:04:10 AM | Computer Name = KITCHEN | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 7/7/2011 12:15:20 PM | Computer Name = KITCHEN | Source = Service Control Manager | ID = 7000
Description = The Haspnt service failed to start due to the following error: %%1117


< End of report >

Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Mike@MikePlayer.com on Sat 09 Jul 2011, 3:03 am

OTL logfile created on: 7/7/2011 9:46:18 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.57 Mb Total Physical Memory | 331.34 Mb Available Physical Memory | 37.08% Memory free
2.11 Gb Paging File | 1.18 Gb Available in Paging File | 55.98% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.01 Gb Total Space | 78.16 Gb Free Space | 43.18% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.40 Gb Free Space | 64.37% Space Free | Partition Type: FAT32

Computer Name: KITCHEN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 09:43:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
PRC - [2011/06/08 13:05:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/06/08 13:04:54 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/24 05:30:12 | 001,115,536 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/10/29 15:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/10/08 11:21:30 | 000,750,920 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/04/02 15:58:02 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 12:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/08/30 16:05:16 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/08/30 16:03:06 | 000,880,640 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/08/19 00:48:24 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/03/26 23:44:06 | 000,159,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
PRC - [2005/12/09 18:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2004/12/08 17:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe


========== Modules (SafeList) ==========

MOD - [2011/07/07 09:43:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
MOD - [2011/06/02 19:36:26 | 000,123,392 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/04/02 16:01:34 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2001/07/02 20:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/08 13:05:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/06/08 13:04:54 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/28 22:29:52 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\607\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/19 20:31:31 | 000,072,704 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/06/02 20:24:34 | 000,074,360 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/08/19 00:48:24 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/11/30 11:35:38 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/08 13:05:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2008/09/05 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/06/26 23:04:14 | 000,071,488 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/02/06 17:51:33 | 000,110,592 | ---- | M] (Aladdin Knowledge Systems.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/04/17 01:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/18 03:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/14 23:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/11 12:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/07/25 23:32:14 | 000,348,352 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2005/03/16 17:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/16 17:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/16 17:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 17:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 17:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/11/05 12:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/08/10 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.00
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.19.3
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:1.5
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.06.1
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/02 16:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 08:24:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/06/24 08:24:39 | 000,000,000 | ---D | M]

[2009/02/27 23:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/04/19 00:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
[2009/04/19 00:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2009/04/19 00:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
[2009/04/19 00:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\BOOKMARKS@COMETMARKS.COM
[2009/04/19 00:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\CTRL-TAB@DESIGN-NOIR.DE

O1 HOSTS File: ([2004/08/10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKLM..\RunOnce: [SymLnch] C:\Documents and Settings\Owner\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} [You must be registered and logged in to see this link.] (CPlayFirstDinerDash2Control Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\DATAMNGR\DATAMNGR.DLL) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\607\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\607\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\ehshell.exe: Debugger - "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/06 18:24:25 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | ---- | M] () - D:\autorun.inf.vir -- [ FAT32 ]
O33 - MountPoints2\{dd6dd551-2f55-11db-b3c1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dd6dd551-2f55-11db-b3c1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dd6dd551-2f55-11db-b3c1-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\607\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2AB94E86-E2A0-7EED-A5FB-B0EE64EA56B1} - Security Update for Microsoft .NET Framework 2.0 (KB922770)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {82A3E2E3-B85E-2661-1274-26AE441944D6} - Vector Graphics Rendering (VML)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {B8DF8BE5-2126-CB5A-E95C-1E2516D108D8} - KB910393
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\Program Files\MpcStar\Codecs\tscc\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 09:43:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
[2011/07/07 09:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\wlanapi
[2011/07/07 09:01:33 | 000,015,592 | ---- | C] (Dll-Files.com) -- C:\WINDOWS\System32\roboot.exe
[2011/06/29 10:15:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/24 16:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/06/24 16:20:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/24 12:36:39 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/06/24 12:33:50 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/06/24 12:33:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/06/24 12:33:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/06/24 12:32:03 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/24 12:28:12 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/06/24 09:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Simply Super Software
[2011/06/24 09:49:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011/06/20 21:19:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/20 20:40:15 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\IE8-WindowsXP-x86-ENU.exe
[2011/06/18 15:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn
[2011/06/18 15:51:35 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/06/18 15:51:32 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/06/18 15:51:32 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/06/18 15:50:09 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/06/18 15:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/06/18 15:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/06/17 17:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2011/06/17 17:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\spotmau
[2011/06/17 17:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pc health check
[2011/06/17 17:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2011/06/17 17:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp360
[2011/06/12 19:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/06/12 19:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/06/12 19:45:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/06/12 18:03:05 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/07 19:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SpeedMaxPc
[2011/06/07 19:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 09:43:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
[2011/07/07 09:30:59 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/07 09:19:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/07 09:19:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/07 09:19:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/07/07 09:16:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/07/07 09:14:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/07 09:14:44 | 937,046,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/07 09:09:56 | 000,170,496 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/07 09:09:48 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/07 09:06:50 | 000,033,412 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\wlanapi.zip
[2011/07/07 09:03:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 02:28:36 | 121,362,516 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/07 00:33:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/07/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/07/02 19:23:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/29 23:07:03 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/06/29 20:34:11 | 000,510,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/29 20:34:11 | 000,092,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/29 20:29:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/29 10:29:26 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/27 15:39:39 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/06/25 15:20:46 | 000,014,810 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[isoHunt] 3 Idiots In Good Quality Pre DVDRip.torrent
[2011/06/24 14:29:54 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/24 14:07:33 | 000,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/24 12:55:23 | 000,745,090 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2011/06/24 11:19:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/06/24 08:24:48 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/20 20:40:22 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\IE8-WindowsXP-x86-ENU.exe
[2011/06/18 16:07:51 | 000,017,210 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[isoHunt] The Adjustment Bureau {2011} DVDRIP. Jaybob.torrent
[2011/06/18 15:50:02 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/06/17 16:37:53 | 000,215,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/06/12 18:03:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/08 13:05:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/06/08 13:05:18 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/06/08 13:05:16 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 09:06:45 | 000,033,412 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\wlanapi.zip
[2011/06/25 15:20:43 | 000,014,810 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[isoHunt] 3 Idiots In Good Quality Pre DVDRip.torrent
[2011/06/24 15:46:00 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/06/24 14:29:54 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/24 14:29:54 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/24 12:53:36 | 000,745,090 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2011/06/24 09:49:07 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/06/24 09:49:07 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/06/24 09:49:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/06/24 09:49:07 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/06/18 16:07:46 | 000,017,210 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[isoHunt] The Adjustment Bureau {2011} DVDRIP. Jaybob.torrent
[2011/06/18 15:49:55 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/06/18 15:48:44 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/06/17 18:02:50 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/29 20:36:20 | 000,050,328 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/03 16:22:20 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/03 16:21:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/04/22 16:02:57 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Launch Internet Explorer Browser.lnk
[2008/05/14 19:47:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2008/02/19 20:28:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/12/23 00:31:37 | 000,675,579 | ---- | C] () -- C:\WINDOWS\PROGRAM.exe
[2007/11/19 17:34:12 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTApp.html
[2007/02/23 21:46:18 | 000,564,533 | ---- | C] () -- C:\Program Files\keymaster2.0.zip
[2007/02/23 21:42:37 | 000,881,255 | ---- | C] () -- C:\Program Files\DBPSW-070206P.zip
[2007/02/23 19:44:39 | 000,881,255 | ---- | C] () -- C:\Program Files\viewsat.zip
[2007/02/20 14:32:00 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007/02/14 20:37:59 | 000,000,382 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
[2007/02/14 20:37:59 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
[2007/02/14 20:37:51 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb41.dat
[2007/02/06 17:51:33 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2007/02/06 17:50:44 | 000,021,638 | ---- | C] () -- C:\WINDOWS\System32\Mpack.exe
[2007/01/15 17:10:50 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/14 18:26:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/09 17:55:16 | 000,170,496 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/06 14:13:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/01/05 20:56:23 | 000,359,112 | ---- | C] () -- C:\Program Files\LimeWireWin.exe
[2007/01/05 19:13:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2006/08/19 01:04:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/19 01:02:27 | 000,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2006/08/19 01:02:27 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/08/19 01:02:27 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
[2006/08/19 01:02:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2006/08/19 01:02:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/08/19 01:02:27 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/08/19 01:02:08 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/08/19 01:01:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/19 01:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/08/19 00:57:58 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/08/19 00:56:17 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2006/08/19 00:54:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/19 00:26:06 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/21 02:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 02:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 02:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 02:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 02:24:58 | 000,001,442 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 02:24:57 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 02:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 02:23:22 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2006/06/17 02:23:22 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2006/06/17 02:23:22 | 000,510,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 02:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 02:23:22 | 000,092,586 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 02:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 02:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 02:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 02:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 02:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 02:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 02:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 02:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 19:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 19:30:47 | 000,244,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/13 17:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/05/24 10:40:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/07 12:27:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/06/12 02:37:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe

========== Custom Scans ==========

Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Mike@MikePlayer.com on Sat 09 Jul 2011, 3:04 am


< %APPDATA%\Microsoft\*.* >
[2007/06/02 10:03:35 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2011/06/20 20:40:22 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\IE8-WindowsXP-x86-ENU.exe

< %USERPROFILE%\*.exe >
[2010/01/28 22:29:35 | 000,103,784 | ---- | M] () -- C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2007/02/06 18:54:16 | 000,000,000 | ---D | M] -- C:\Program Files\2
[2011/06/24 14:29:32 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/01/05 19:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\ANI
[2007/06/02 20:22:21 | 000,000,000 | ---D | M] -- C:\Program Files\AnswerWorks 4.0
[2008/10/07 20:12:29 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/03/07 20:38:28 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2000i
[2010/04/03 12:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2005
[2007/06/02 20:24:44 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/10/19 17:22:23 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2008/01/06 15:40:41 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2009/05/28 17:26:56 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2011/05/14 09:09:53 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2011/06/25 21:38:38 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2010/01/28 22:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2007/02/06 17:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\CNC Software, Inc
[2007/01/17 18:17:07 | 000,000,000 | ---D | M] -- C:\Program Files\codejock software
[2011/06/19 09:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\CometBird
[2011/07/07 09:37:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/06/17 02:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/06/29 09:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2006/08/19 00:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2006/08/19 00:52:47 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2007/01/05 19:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link
[2007/02/23 22:17:38 | 000,000,000 | ---D | M] -- C:\Program Files\DBPSW-070206P
[2006/08/19 00:55:27 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Media Reader
[2010/08/16 17:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\DWGeditor
[2011/05/14 09:10:52 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway Games
[2009/08/29 15:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/01/17 18:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\infragistics
[2007/02/06 19:06:08 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/06/29 10:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/05/15 13:58:03 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/05/15 13:59:53 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/03/05 14:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/29 15:31:54 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2007/02/23 22:16:30 | 000,000,000 | ---D | M] -- C:\Program Files\Loader
[2011/06/20 20:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2006/08/19 01:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/16 17:33:04 | 000,000,000 | ---D | M] -- C:\Program Files\mcam8.1
[2008/02/18 19:46:48 | 000,000,000 | ---D | M] -- C:\Program Files\mcamx
[2008/09/07 11:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/05/14 09:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/06/02 20:48:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/11 18:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/08/19 01:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 2006
[2006/06/17 02:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/01/22 17:24:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2011/06/29 20:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/24 14:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/15 03:07:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/08/19 00:53:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/06/24 13:13:22 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/04/22 18:48:33 | 000,000,000 | ---D | M] -- C:\Program Files\MpcStar
[2009/04/06 20:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/09/05 23:23:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/08/19 01:03:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2006/06/17 02:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/10/10 22:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/01/06 11:10:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/11/08 19:02:29 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2007/01/14 18:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/09/07 10:54:20 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/06/17 02:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/06/24 13:06:11 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/01/14 19:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2011/04/03 15:51:07 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/08/19 01:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/08/19 01:06:10 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2008/01/06 15:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2009/04/06 20:41:59 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/04/19 00:04:41 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2011/05/15 13:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2008/02/22 22:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\SharpC
[2008/02/19 20:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\SolidWorks
[2008/02/19 20:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\SolidWorks Installation Manager
[2008/07/13 09:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2011/07/07 09:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUp360
[2007/06/02 20:25:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2006/08/19 01:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/02/22 22:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\viewsat
[2006/08/19 00:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/02/19 20:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2011/05/08 18:50:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows iLivid Toolbar
[2008/10/10 22:06:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/11/30 04:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2007/11/30 04:11:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2007/03/20 19:45:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/03/20 21:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/07 10:54:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/06/17 02:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2006/06/17 02:39:10 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/01/19 21:39:10 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/06/17 02:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/07 10:35:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/07 10:35:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/07 10:35:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/07 10:35:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/07 10:35:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/09/07 10:35:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-30 03:34:53

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\CometBird\uninstall\helper.exe" /HideShortcuts [2009/02/18 01:12:31 | 000,502,687 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\CometBird\uninstall\helper.exe" /ShowShortcuts [2009/02/18 01:12:31 | 000,502,687 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\CometBird\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/02/18 01:12:31 | 000,502,687 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\shell\open\command\\: C:\Program Files\CometBird\CometBird.exe [2009/02/18 01:12:28 | 000,128,320 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\shell\properties\command\\: "C:\Program Files\CometBird\CometBird.exe" -preferences [2009/02/18 01:12:28 | 000,128,320 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\shell\safemode\command\\: "C:\Program Files\CometBird\CometBird.exe" -safe-mode [2009/02/18 01:12:28 | 000,128,320 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\CometBird\uninstall\helper.exe" /HideShortcuts [2009/02/18 01:12:31 | 000,502,687 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\CometBird\uninstall\helper.exe" /ShowShortcuts [2009/02/18 01:12:31 | 000,502,687 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\CometBird\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/02/18 01:12:31 | 000,502,687 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\shell\open\command\\: C:\Program Files\CometBird\CometBird.exe [2009/02/18 01:12:28 | 000,128,320 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\shell\properties\command\\: "C:\Program Files\CometBird\CometBird.exe" -preferences [2009/02/18 01:12:28 | 000,128,320 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\COMETBIRD.EXE\shell\safemode\command\\: "C:\Program Files\CometBird\CometBird.exe" -safe-mode [2009/02/18 01:12:28 | 000,128,320 | ---- | M] (CometNetwork)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Mike@MikePlayer.com on Sat 09 Jul 2011, 3:05 am

I am having problems with IE, it has data execution prevention keeping the program from running. Thanks for your help.
Mike

Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Pancake on Sat 09 Jul 2011, 10:06 am

Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.








Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Mike@MikePlayer.com on Sun 10 Jul 2011, 4:28 am

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 7060

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/9/2011 10:15:41 AM
mbam-log-2011-07-09 (10-15-41).txt

Scan type: Quick scan
Objects scanned: 257288
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\internet explorer\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Pancake on Sun 10 Jul 2011, 9:45 am

One more check and we should be all done.


Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper











Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Mike@MikePlayer.com on Mon 18 Jul 2011, 4:19 am

I posted, but was waiting for a response.....Any thoughts?

Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Pancake on Mon 18 Jul 2011, 9:39 am

Just waiting for the Combofix log.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Mike@MikePlayer.com on Mon 18 Jul 2011, 10:03 am

Sorry, I thought that I had posted that....

Here it is:
ComboFix 11-07-13.03 - Owner 07/13/2011 15:29:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.316 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\ComboFix-2.exe
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\program files\2\autorun.inf
c:\program files\2\Bin\data\designtracker\Eula\AdskLicense.ini
c:\program files\2\Bin\data\designtracker\Eula\All Other Countries.rtf
c:\program files\2\Bin\data\designtracker\Eula\Americas All Other.rtf
c:\program files\2\Bin\data\designtracker\Eula\APac English.rtf
c:\program files\2\Bin\data\designtracker\Eula\Belgie.rtf
c:\program files\2\Bin\data\designtracker\Eula\Belgique.rtf
c:\program files\2\Bin\data\designtracker\Eula\Ceska Republika.rtf
c:\program files\2\Bin\data\designtracker\Eula\Danmark.rtf
c:\program files\2\Bin\data\designtracker\Eula\Deutschland.rtf
c:\program files\2\Bin\data\designtracker\Eula\Espana.rtf
c:\program files\2\Bin\data\designtracker\Eula\France.rtf
c:\program files\2\Bin\data\designtracker\Eula\Greece.rtf
c:\program files\2\Bin\data\designtracker\Eula\Ireland.rtf
c:\program files\2\Bin\data\designtracker\Eula\Italia.rtf
c:\program files\2\Bin\data\designtracker\Eula\Japanese.rtf
c:\program files\2\Bin\data\designtracker\Eula\Korean.rtf
c:\program files\2\Bin\data\designtracker\Eula\LA Brazil.rtf
c:\program files\2\Bin\data\designtracker\Eula\LA Spanish.rtf
c:\program files\2\Bin\data\designtracker\Eula\Luxembourg-Luxemburg.rtf
c:\program files\2\Bin\data\designtracker\Eula\Magyar.rtf
c:\program files\2\Bin\data\designtracker\Eula\Nederland.rtf
c:\program files\2\Bin\data\designtracker\Eula\Norge.rtf
c:\program files\2\Bin\data\designtracker\Eula\Oesterreich.rtf
c:\program files\2\Bin\data\designtracker\Eula\Polska.rtf
c:\program files\2\Bin\data\designtracker\Eula\Portugal.rtf
c:\program files\2\Bin\data\designtracker\Eula\Russia.rtf
c:\program files\2\Bin\data\designtracker\Eula\Schweiz.rtf
c:\program files\2\Bin\data\designtracker\Eula\Simplified Chinese.rtf
c:\program files\2\Bin\data\designtracker\Eula\Slovenska Republika.rtf
c:\program files\2\Bin\data\designtracker\Eula\Suisse.rtf
c:\program files\2\Bin\data\designtracker\Eula\Suomi.rtf
c:\program files\2\Bin\data\designtracker\Eula\Sverige.rtf
c:\program files\2\Bin\data\designtracker\Eula\Traditional Chinese.rtf
c:\program files\2\Bin\data\designtracker\Eula\Turkiye.rtf
c:\program files\2\Bin\data\designtracker\Eula\United Kingdom.rtf
c:\program files\2\Bin\data\designtracker\Eula\US Canada.rtf
c:\program files\2\Bin\data\designtracker\InventorView.msi
c:\program files\2\Bin\data\designtracker\m1.cab
c:\program files\2\Bin\data\designtracker\m10.cab
c:\program files\2\Bin\data\designtracker\m11.cab
c:\program files\2\Bin\data\designtracker\m12.cab
c:\program files\2\Bin\data\designtracker\m13.cab
c:\program files\2\Bin\data\designtracker\m14.cab
c:\program files\2\Bin\data\designtracker\m15.cab
c:\program files\2\Bin\data\designtracker\m16.cab
c:\program files\2\Bin\data\designtracker\m17.cab
c:\program files\2\Bin\data\designtracker\m18.cab
c:\program files\2\Bin\data\designtracker\m19.cab
c:\program files\2\Bin\data\designtracker\m2.cab
c:\program files\2\Bin\data\designtracker\m20.cab
c:\program files\2\Bin\data\designtracker\m21.cab
c:\program files\2\Bin\data\designtracker\m22.cab
c:\program files\2\Bin\data\designtracker\m23.cab
c:\program files\2\Bin\data\designtracker\m24.cab
c:\program files\2\Bin\data\designtracker\m3.cab
c:\program files\2\Bin\data\designtracker\m4.cab
c:\program files\2\Bin\data\designtracker\m5.cab
c:\program files\2\Bin\data\designtracker\m6.cab
c:\program files\2\Bin\data\designtracker\m7.cab
c:\program files\2\Bin\data\designtracker\m8.cab
c:\program files\2\Bin\data\designtracker\m9.cab
c:\program files\2\Bin\data\designtracker\Msi\NT\instmsi.exe
c:\program files\2\Bin\data\designtracker\Msi\WindowsInstaller-KB884016-v2-x86.exe
c:\program files\2\Bin\data\designtracker\setup.exe
c:\program files\2\Bin\data\designtracker\setup.ini
c:\program files\2\Bin\data\directx\BDA.cab
c:\program files\2\Bin\data\directx\BDANT.cab
c:\program files\2\Bin\data\directx\BDAXP.cab
c:\program files\2\Bin\data\directx\DirectX.cab
c:\program files\2\Bin\data\directx\directx_9c_redist.exe
c:\program files\2\Bin\data\directx\DSETUP.dll
c:\program files\2\Bin\data\directx\dsetup32.dll
c:\program files\2\Bin\data\directx\dxnt.cab
c:\program files\2\Bin\data\directx\ManagedDX.CAB
c:\program files\2\Bin\data\mastercamx\0x0409.ini
c:\program files\2\Bin\data\mastercamx\Apps.cab
c:\program files\2\Bin\data\mastercamx\Autorun.inf
c:\program files\2\Bin\data\mastercamx\CD_Com~1.cab
c:\program files\2\Bin\data\mastercamx\Chooks.cab
c:\program files\2\Bin\data\mastercamx\Config.cab
c:\program files\2\Bin\data\mastercamx\Contro~1.cab
c:\program files\2\Bin\data\mastercamx\CoreFi~1.cab
c:\program files\2\Bin\data\mastercamx\Design~1.cab
c:\program files\2\Bin\data\mastercamx\Design~2.cab
c:\program files\2\Bin\data\mastercamx\Docume~1.cab
c:\program files\2\Bin\data\mastercamx\Engrave.cab
c:\program files\2\Bin\data\mastercamx\FileCo~1.cab
c:\program files\2\Bin\data\mastercamx\Fonts.cab
c:\program files\2\Bin\data\mastercamx\FZT.cab
c:\program files\2\Bin\data\mastercamx\GetXVe~1.cab
c:\program files\2\Bin\data\mastercamx\HaspPr~1.cab
c:\program files\2\Bin\data\mastercamx\Help.cab
c:\program files\2\Bin\data\mastercamx\InchFi~1.cab
c:\program files\2\Bin\data\mastercamx\instmsia.exe
c:\program files\2\Bin\data\mastercamx\instmsiw.exe
c:\program files\2\Bin\data\mastercamx\ISScript11.Msi
c:\program files\2\Bin\data\mastercamx\LatheI~1.cab
c:\program files\2\Bin\data\mastercamx\LatheM~1.cab
c:\program files\2\Bin\data\mastercamx\Master~1.cab
c:\program files\2\Bin\data\mastercamx\Master~2.cab
c:\program files\2\Bin\data\mastercamx\Mastercam X.msi
c:\program files\2\Bin\data\mastercamx\MCEd.cab
c:\program files\2\Bin\data\mastercamx\Metric~1.cab
c:\program files\2\Bin\data\mastercamx\MillIn~1.cab
c:\program files\2\Bin\data\mastercamx\MillMe~1.cab
c:\program files\2\Bin\data\mastercamx\Pfe.cab
c:\program files\2\Bin\data\mastercamx\PRM.cab
c:\program files\2\Bin\data\mastercamx\Resour~1.cab
c:\program files\2\Bin\data\mastercamx\Router~1.cab
c:\program files\2\Bin\data\mastercamx\Router~2.cab
c:\program files\2\Bin\data\mastercamx\Sample~1.cab
c:\program files\2\Bin\data\mastercamx\setup.exe
c:\program files\2\Bin\data\mastercamx\Setup.ini
c:\program files\2\Bin\data\mastercamx\setup.isn
c:\program files\2\Bin\data\mastercamx\System~1.cab
c:\program files\2\Bin\data\mastercamx\update~1.cab
c:\program files\2\Bin\data\mastercamx\WinRoot\mcamx\documentation\Introducing Mastercam X.avi
c:\program files\2\Bin\data\mastercamx\Zip2Go.cab
c:\program files\2\Bin\data\netframework\dotnetfx.exe
c:\program files\2\Bin\data\nethaspmonitor\readme.txt
c:\program files\2\Bin\data\nethaspserver\lmsetup.exe
c:\program files\2\Bin\data\nethaspserver\nhsrv.ini
c:\program files\2\Bin\data\nethaspserver\readme.txt
c:\program files\2\Bin\demo32.exe
c:\program files\2\Bin\demo32.exe.manifest
c:\program files\2\Bin\ensharpendecoder_win.exe
c:\program files\2\Bin\Mastercamx.dbd
c:\program files\2\Bin\Tscc.exe
c:\program files\2\Crack\install.txt
c:\program files\2\setup.exe
c:\program files\2\setup.exe.manifest
c:\program files\2\setup.ini
c:\windows\system32\Thumbs.db
c:\windows\Update.bat
c:\documents and settings\Default User\WINDOWS . . . . Failed to delete
c:\documents and settings\LogMeInRemoteUser\WINDOWS . . . . Failed to delete
c:\documents and settings\Owner\WINDOWS . . . . Failed to delete
c:\program files\2 . . . . Failed to delete
c:\windows\system32\config\systemprofile\WINDOWS . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-09 16:48 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-09 16:48 . 2011-07-09 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-09 16:48 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 16:01 . 2011-03-26 01:03 15592 ----a-w- c:\windows\system32\roboot.exe
2011-06-29 17:15 . 2011-06-29 17:18 -------- dc-h--w- c:\windows\ie8
2011-06-24 23:20 . 2011-06-24 23:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-06-24 23:20 . 2011-06-24 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-24 19:36 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-24 19:33 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-24 19:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-24 19:33 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-24 19:32 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-24 19:28 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-24 16:49 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-06-24 16:49 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-06-24 16:49 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-06-24 16:49 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-06-24 16:49 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-06-21 03:46 . 2011-07-13 23:28 -------- d-----w- c:\documents and settings\LogMeInRemoteUser
2011-06-18 22:52 . 2011-06-18 22:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn
2011-06-18 22:51 . 2011-06-08 20:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-18 22:51 . 2011-06-08 20:05 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-06-18 22:51 . 2011-06-08 20:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-18 22:51 . 2011-01-12 02:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-06-18 22:51 . 2011-01-12 02:04 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2011-06-18 22:50 . 2011-06-08 20:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-18 22:49 . 2011-07-13 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2011-06-18 22:48 . 2011-06-21 03:24 -------- d-----w- c:\program files\LogMeIn
2011-06-18 00:23 . 2011-06-18 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spotmau
2011-06-18 00:22 . 2011-06-18 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\pc health check
2011-06-18 00:22 . 2011-06-18 00:22 -------- d-----w- c:\documents and settings\Owner\Application Data\spotmau
2011-06-18 00:22 . 2011-07-09 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp360
2011-06-18 00:22 . 2011-07-07 16:35 -------- d-----w- c:\program files\TuneUp360
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 18:19 . 2006-06-21 09:45 23552 ----a-w- c:\windows\system32\drivers\abp480n5.sys
2011-06-13 01:03 . 2011-06-13 01:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2006-06-17 09:23 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2006-06-17 09:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-06-17 09:23 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-06-17 09:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-06-17 09:23 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2006-06-17 09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2006-06-17 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-06-17 09:23 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-06-17 09:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-06-17 09:23 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-06-17 09:23 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2007-01-06 03:56 . 2007-01-06 03:56 359112 -c--a-w- c:\program files\LimeWireWin.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-03 30192]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]
"SymLnch"="c:\documents and settings\Owner\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" [2007-08-27 687976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-01-29 05:29 13672 ----a-w- c:\program files\Citrix\GoToAssist\607\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-08 20:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24829:TCP"= 24829:TCP:BitComet 24829 TCP
"24829:UDP"= 24829:UDP:BitComet 24829 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6/8/2011 1:04 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 7:04 PM 12856]
S2 gupdate1ca28f5461350d0;Google Update Service (gupdate1ca28f5461350d0);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2009 3:08 PM 133104]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [7/25/2005 11:32 PM 348352]
S3 ATHFMWDL;802.11 USB Wireless Adapter Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/19/2006 12:50 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2009 3:08 PM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/9/2011 9:48 AM 39984]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-07-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 22:08]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 22:08]
.
2011-07-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-07-13 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-07-13 17:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\607\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\zHotkey.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-07-13 18:10:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-14 01:10
.
Pre-Run: 88,304,910,336 bytes free
Post-Run: 89,936,650,240 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B29E25635D5643078FA14A89E84E3CA1

Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Pancake on Mon 18 Jul 2011, 10:21 am

What was this for c:\program files\2\Crack\install.txt ?






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Mike@MikePlayer.com on Mon 18 Jul 2011, 11:20 am

I have no idea. I do not use pirated software, but rather buy what I need. This program sure sounds like a code or password cracker...
Mike

Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Pancake on Mon 18 Jul 2011, 11:50 am

How are things now.It all looks fine to me.?






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Mike@MikePlayer.com on Mon 18 Jul 2011, 1:06 pm

Yes, I think things are much better, is there anything that I should do about the crack file or folder that you had mentioned?
Thanks for your help.

Mike

Mike@MikePlayer.com

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2009-05-16
Operating System : Windows 7, Vista, XP.

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Pancake on Mon 18 Jul 2011, 2:16 pm

Combofix has removed that crack file so all is well...

Ok.All done.I see no more malware.Log looks good! All those detections are either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.


ComboFix /uninstall






Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================








Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Unknown malware, etc.

Post by Sponsored content Today at 6:04 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum