View Full Version : Malware - Search Results Redirected
ShinyGunz
2010-11-27, 11:46
I got infected with a nasty malware yesterday and spent most of the day removing it with Spybot and Malwarebytes. Thought I had removed it all because neither Spybot or mbam detected any more infections, but when I go to use the internet, my pages keep being redirected. When I click on either of the links to download DDS my computer reboots. Let me know if I need to post any more information. Any help would be greatly appreciated.
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Run this program and post the log in lew of DDS
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
ShinyGunz
2010-11-29, 21:30
OTL logfile created on: 11/29/2010 1:11:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 21.39 Gb Free Space | 14.35% Space Free | Partition Type: NTFS
Drive D: | 641.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JUSTIN | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\iolo\Common\Lib\sguard.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll ()
SRV - (IOLO_SRV) -- C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NACAgent) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe ()
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
========== Driver Services (SafeList) ==========
DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (XDva365) -- C:\WINDOWS\System32\XDva365.sys File not found
DRV - (XDva362) -- C:\WINDOWS\System32\XDva362.sys File not found
DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found
DRV - (XDva344) -- C:\WINDOWS\System32\XDva344.sys File not found
DRV - (XDva332) -- C:\WINDOWS\System32\XDva332.sys File not found
DRV - (XDva224) -- C:\WINDOWS\System32\XDva224.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (LMouKE) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys File not found
DRV - (L8042mou) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys File not found
DRV - (L8042Kbd) -- C:\WINDOWS\System32\Drivers\L8042Kbd.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)
DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (XPacket) -- C:\WINDOWS\System32\xpacket.sys (iolo technologies, LLC)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (BS_I2cIo) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys (BIOSTAR Group)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {CEAEE6ED-161E-4890-93CE-85EA5E377968}:1.0
FF - prefs.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="
FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="
FF - HKLM\software\mozilla\Firefox\Extensions\\{CEAEE6ED-161E-4890-93CE-85EA5E377968}: C:\Documents and Settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968} [2008/12/03 03:56:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/08 14:46:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/08 14:46:54 | 000,000,000 | ---D | M]
[2008/06/06 22:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2010/11/27 03:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions
[2009/06/25 16:32:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/07/20 21:41:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/17 13:14:24 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/09/01 23:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
[2010/11/27 03:40:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/08 22:48:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/29 15:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2010/03/28 22:07:33 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2006/10/12 17:18:00 | 001,245,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2006/10/12 17:17:00 | 000,003,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2006/02/13 12:07:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2010/11/11 17:26:20 | 000,002,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml
O1 HOSTS File: ([2010/11/26 01:45:14 | 000,425,925 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14674 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [iolo Personal Firewall] C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} http://www.gamescampus.com/luncher/GamesCampus.cab (GamesCampus Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231906288484 (MUWebControl Class)
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} http://www.ultimatebaseballonline.com/myubo/launchubo.OCX (LaunchUBO.Ulit)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.1.30.43 69.1.30.42
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/08 21:29:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/01/08 21:06:18 | 000,000,040 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{148cceae-d91f-11dd-ae52-00e04d95c022}\Shell - "" = AutoRun
O33 - MountPoints2\{148cceae-d91f-11dd-ae52-00e04d95c022}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{148cceae-d91f-11dd-ae52-00e04d95c022}\Shell\AutoRun\command - "" = E:\PhotoManager.exe -- File not found
O33 - MountPoints2\{978fe606-cbd2-11dd-ae43-00e04d95c022}\Shell - "" = AutoRun
O33 - MountPoints2\{978fe606-cbd2-11dd-ae43-00e04d95c022}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0dfc61c-3c9e-11dd-a980-0016e684d287}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/11/29 13:10:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/27 03:24:23 | 000,000,000 | ---D | C] -- C:\1b9f1bf7642a71ad6970b768
[2010/11/27 03:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/27 03:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/27 03:16:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/11/26 01:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/11/26 01:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/26 01:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/26 00:31:08 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/25 23:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/25 23:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/10/31 03:04:57 | 000,352,256 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/10/31 03:04:54 | 000,122,880 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/10/31 03:04:54 | 000,041,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2009/09/03 16:10:04 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\sbcrreag.dll
[2008/05/26 16:04:43 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Program Files\ijl15.dll
[2008/05/26 16:04:43 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/29 13:20:25 | 000,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/11/29 13:10:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/29 13:08:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/29 13:08:11 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/11/29 13:07:33 | 000,244,486 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/29 13:07:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/29 13:07:10 | 1072,943,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/29 03:22:29 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/29 03:22:25 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/29 03:22:22 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/29 02:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/29 00:06:14 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/28 22:52:14 | 004,159,246 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/27 03:29:16 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/27 03:17:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/27 03:16:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 22:48:44 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/26 22:48:41 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/26 22:48:36 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/26 19:29:22 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/26 18:53:41 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/26 17:35:20 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/26 17:34:57 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/26 17:34:53 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/26 17:34:51 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/26 17:34:44 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/26 15:52:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/26 12:43:19 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/26 11:29:14 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/26 03:11:44 | 000,444,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/26 03:11:43 | 000,072,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/26 01:45:14 | 000,425,925 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/26 00:59:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/26 00:35:35 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:31:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/11 15:33:16 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/11 03:39:33 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:57:03 | 072,343,566 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/10/31 03:27:14 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/28 22:52:14 | 004,159,246 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/28 22:49:00 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/11/27 03:17:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/26 01:31:35 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/26 01:31:06 | 000,763,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/11/26 01:31:01 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/26 01:31:01 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/26 01:30:59 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/26 01:30:58 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/26 00:35:35 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:32:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 15:27:52 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/10 23:17:44 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:53:25 | 072,343,566 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/09/29 12:05:30 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/29 12:05:29 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/09/09 20:11:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2010/09/09 20:11:43 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2010/09/09 20:11:43 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2010/07/09 13:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/04/27 22:32:43 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/27 19:43:51 | 000,004,764 | -HS- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\qadX88Alu
[2009/11/02 00:19:30 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/08/22 19:25:58 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/07/30 19:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/11 00:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\leverage.drm.log
[2009/05/26 23:22:39 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/02/14 20:44:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/10 11:40:18 | 919,260,488 | ---- | C] () -- C:\Program Files\2MOONSExpedition.exe.downloading
[2009/01/06 16:50:58 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/01/06 15:41:36 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/13 12:46:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/23 23:26:04 | 000,000,001 | ---- | C] () -- C:\Program Files\Status.inf
[2008/06/23 23:18:03 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.SIG
[2008/06/23 23:18:02 | 000,449,563 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RES
[2008/06/23 23:17:59 | 001,281,785 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RTP
[2008/06/23 23:17:59 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.SIG
[2008/06/23 23:17:58 | 000,095,018 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RTP
[2008/06/23 23:17:58 | 000,000,016 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RES
[2008/06/23 23:17:57 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.SIG
[2008/06/23 23:17:56 | 000,237,764 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RES
[2008/06/23 23:17:56 | 000,084,357 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RTP
[2008/06/23 23:17:55 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.SIG
[2008/06/23 23:17:54 | 000,031,308 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RTP
[2008/06/23 23:17:54 | 000,008,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RES
[2008/06/23 23:17:53 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.SIG
[2008/06/23 23:17:01 | 033,250,935 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RES
[2008/06/23 23:16:41 | 013,378,045 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RTP
[2008/05/26 16:06:40 | 514,337,164 | ---- | C] () -- C:\Program Files\data4.pck
[2008/05/26 16:06:01 | 629,164,503 | ---- | C] () -- C:\Program Files\data3.pck
[2008/05/26 16:05:22 | 629,175,968 | ---- | C] () -- C:\Program Files\data2.pck
[2008/05/26 16:04:43 | 629,147,117 | ---- | C] () -- C:\Program Files\data1.pck
[2008/05/26 16:04:43 | 001,196,032 | ---- | C] () -- C:\Program Files\install.exe
[2008/05/26 16:04:43 | 001,080,216 | ---- | C] () -- C:\Program Files\check.md
[2008/05/26 16:04:43 | 000,052,156 | ---- | C] () -- C:\Program Files\Copyright.txt
[2008/05/26 16:04:43 | 000,004,968 | ---- | C] () -- C:\Program Files\install.ini
[2008/05/26 16:04:43 | 000,004,150 | ---- | C] () -- C:\Program Files\icon.ico
[2008/05/26 16:04:43 | 000,000,044 | ---- | C] () -- C:\Program Files\AutoRun.inf
[2008/05/03 14:37:24 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/02/07 21:21:24 | 000,005,582 | ---- | C] () -- C:\Program Files\install.log
[2007/11/27 13:46:26 | 000,000,377 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/11/27 13:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2007/11/27 13:46:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2007/11/27 13:45:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2007/11/11 22:53:28 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\PnkBstrK.sys
[2007/10/22 04:03:08 | 001,698,816 | ---- | C] () -- C:\Program Files\Microsoft_DirectX_SDK.msi
[2007/10/11 22:01:22 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/17 13:01:24 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/06/17 12:33:34 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/17 12:33:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/09 23:10:33 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/01/27 12:49:35 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/27 00:35:22 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 21:17:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/29 23:49:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/09 05:14:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/08 21:45:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/12/08 21:39:37 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/10/20 21:32:30 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/20 21:32:30 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/20 21:32:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/20 21:32:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/20 21:32:26 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/20 21:32:26 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/02/16 22:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA2DeployClient
[2008/10/29 21:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/02/14 20:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009/05/08 11:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client
[2010/01/09 16:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/09/16 19:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Game Room
[2010/10/08 14:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/04/27 22:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/14 13:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/26 20:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/08 03:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/06 05:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/11/27 22:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/26 01:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/06/04 17:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/12/29 23:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\acccore
[2009/08/29 09:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\BitTorrent
[2009/12/27 19:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Braid
[2010/10/01 12:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\BugTrap Console Test108
[2008/08/17 12:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\CiscoCAA
[2007/04/01 00:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Command & Conquer 3 Tiberium Wars
[2007/03/02 19:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2007/01/31 20:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Dev-Cpp
[2010/08/20 23:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\gamigo
[2010/04/05 23:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GetRightToGo
[2008/01/12 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GSC
[2010/03/29 21:35:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Home\Application Data\ijjigame
[2010/11/26 11:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\iolo
[2010/08/20 23:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\launcher
[2010/09/09 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Maple
[2010/08/20 23:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Martial Empires Luancher OBT
[2009/09/24 18:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\NeopleLauncherDFO
[2009/11/02 00:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\PrimoPDF
[2009/09/11 14:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\ProxyCap
[2009/11/12 19:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\runic games
[2009/09/18 16:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Subversion
[2010/09/14 18:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\TeamViewer
[2008/10/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Uniblue
[2009/01/06 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\uTorrent
[2008/08/07 15:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Windows Search
[2010/11/26 17:34:57 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/26 12:43:19 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/26 19:29:22 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/29 00:06:14 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/26 17:34:44 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/29 03:22:22 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/27 03:29:16 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/26 18:53:41 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/26 17:35:20 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/26 17:34:53 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/29 03:22:25 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/29 03:22:29 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/26 22:48:44 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/26 22:48:36 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/26 11:29:14 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/26 22:48:41 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/26 17:34:51 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/11/29 02:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\VersionCheck.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613
< End of report >
ShinyGunz
2010-11-29, 21:31
OTL Extras logfile created on: 11/29/2010 1:11:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 21.39 Gb Free Space | 14.35% Space Free | Partition Type: NTFS
Drive D: | 641.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JUSTIN | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58708:TCP" = 58708:TCP:*:Enabled:Pando Media Booster
"58708:UDP" = 58708:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57938:TCP" = 57938:TCP:*:Enabled:Pando Media Booster
"57938:UDP" = 57938:UDP:*:Enabled:Pando Media Booster
"58708:TCP" = 58708:TCP:*:Enabled:Pando Media Booster
"58708:UDP" = 58708:UDP:*:Enabled:Pando Media Booster
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\America's Army\System\ArmyOps.exe" = C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps -- ()
"C:\Program Files\America's Army\System\Server.exe" = C:\Program Files\America's Army\System\Server.exe:*:Enabled:Server -- ()
"C:\Program Files\Sierra\FEARCombat\fpupdate.exe" = C:\Program Files\Sierra\FEARCombat\fpupdate.exe:*:Enabled:fpupdate -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\sn1per9mm\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\sn1per9mm\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Documents and Settings\Home\Local Settings\Temp\ElectronicArts_Patcher_000.exe" = C:\Documents and Settings\Home\Local Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000 -- File not found
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.2\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.2\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas -- File not found
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater -- File not found
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\G4BOX\Metin2\metin2.bin" = C:\Program Files\G4BOX\Metin2\metin2.bin:*:Enabled:metin2 -- File not found
"C:\Program Files\NETAMIN\UBO_2007\patcher\fc.exe" = C:\Program Files\NETAMIN\UBO_2007\patcher\fc.exe:*:Enabled:fc -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\AeriaGames\Shaiya\Updater.exe" = C:\AeriaGames\Shaiya\Updater.exe:*:Enabled:Shaiya Updater -- File not found
"C:\Program Files\THQ\Frontlines-Fuel of War Beta\Binaries\FFOW-Beta.exe" = C:\Program Files\THQ\Frontlines-Fuel of War Beta\Binaries\FFOW-Beta.exe:*:Enabled:Frontlines Game -- File not found
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- File not found
"C:\Program Files\Steam\SteamApps\sn1per9mm\source sdk base\hl2.exe" = C:\Program Files\Steam\SteamApps\sn1per9mm\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\ijji\ENGLISH\u_gunz.exe" = C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader> -- (NHN USA inc.)
"C:\Rohan\rohanclient.exe" = C:\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Steam\SteamApps\moron1991alpha\garrysmod\hl2.exe" = C:\Program Files\Steam\SteamApps\moron1991alpha\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\America's Army Deploy Client\AADeployClient.exe" = C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Enabled:AADeployClient -- (US Army)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe" = C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty(R): World at War Multiplayer -- File not found
"C:\Program Files\Steam\SteamApps\moron1991alpha\source sdk base\hl2.exe" = C:\Program Files\Steam\SteamApps\moron1991alpha\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\SteamApps\moron1991alpha\insurgency\hl2.exe" = C:\Program Files\Steam\SteamApps\moron1991alpha\insurgency\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\sn1per9mm\half-life 2\hl2.exe" = C:\Program Files\Steam\SteamApps\sn1per9mm\half-life 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Disabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\Spring\spring.exe" = C:\Program Files\Spring\spring.exe:*:Disabled:spring -- File not found
"C:\Program Files\Spring\TASClient.exe" = C:\Program Files\Spring\TASClient.exe:*:Disabled:TA Spring lobby client -- File not found
"C:\Program Files\NETAMIN\UBO_2007\game\ubo.exe" = C:\Program Files\NETAMIN\UBO_2007\game\ubo.exe:*:Disabled:UBOnline -- File not found
"C:\Documents and Settings\Home\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\Home\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" = C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe:*:Enabled:iolo Firewall® -- ()
"C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" = C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe:*:Enabled:iolo AntiVirus® -- File not found
"C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe" = C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe:*:Enabled:iolo AntiVirus® Email Protection -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Codemasters\Severance\Bin\Blade.exe" = C:\Program Files\Codemasters\Severance\Bin\Blade.exe:*:Enabled:Blade -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)
"C:\Program Files\Subagames\Metin2\metin2.bin" = C:\Program Files\Subagames\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"C:\Program Files\USArmy\America's Army 3\Binaries\AA3Game.exe" = C:\Program Files\USArmy\America's Army 3\Binaries\AA3Game.exe:*:Enabled:AA3Game -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\Program Files\USArmy\Binaries\AA3Game.exe" = C:\Program Files\USArmy\Binaries\AA3Game.exe:*:Enabled:AA3Game -- File not found
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo -- File not found
"C:\Program Files\teci\Metin2\metin2.bin" = C:\Program Files\teci\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"C:\Program Files\Steam\SteamApps\sn1per9mm\garrysmod\hl2.exe" = C:\Program Files\Steam\SteamApps\sn1per9mm\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\DFO\DFO.exe" = C:\Program Files\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online -- (neople)
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Program Files\Steam\SteamApps\common\torchlight\TorchED\Editor.exe" = C:\Program Files\Steam\SteamApps\common\torchlight\TorchED\Editor.exe:*:Enabled:Torchlight Editor -- (Runic Games, Inc.)
"C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files\Microsoft Corporation\Tinker\Tinker.exe" = C:\Program Files\Microsoft Corporation\Tinker\Tinker.exe:*:Enabled:Tinker -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\moron1991alpha\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\moron1991alpha\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37A74613-3D31-47AF-9E3B-827A010E9FCF}" = System Requirements Lab
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B22DD86-47B1-4454-BFF7-64FCA3D0631C}" = Soul of the Ultimate Nation
"{4D530901-0614-4537-B4CE-EA1000028301}" = Game Room
"{4D530901-7D3A-492E-96E0-D21000008300}" = Game Room
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5CFADB30-1F11-4C66-B9B5-CFDA9FBD6B7F}" = America's Army Server Manager
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{632B286A-CD76-47A4-8C34-1AF49B08CEA3}" = The Thing
"{6778954C-13C2-4333-AF77-F5C885EB280F}" = America's Army
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BA8220-EF76-4F0E-974D-2D56A2E25103}" = America's Army Server Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9BD391C-A3D7-47EC-847C-A22935AB0193}" = TWL AA Cheat Deterrent Client
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7476D9E-31C0-4BA9-9B0B-10ECFBC60A27}" = EG-Dekaron
"{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA97B421-06CB-4040-8EC9-6ED02EA87930}" = Microsoft DirectX SDK (November 2007)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA20FED-A903-46A2-B197-789B4456B508}" = HW Monitor
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D2CC2113-CC7C-4055-AAE9-A235C56D0136}" = Cisco NAC Agent
"{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}" = HP Deskjet 2050 J510 series Basic Device Software
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{EBE7050B-7988-4BC3-BBFD-5C6828859483}" = Game Cam v1.4
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"BBD3F66B-1180-4785-B679-3F91572CD3B4_is1" = iolo Personal Firewall
"Collab" = Collab
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DFO" = DFOLauncher
"Download Manager" = Download Manager 2.3.9
"ERUNT_is1" = ERUNT 1.1j
"FL Studio 8" = FL Studio 8
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4D530901-7D3A-492E-96E0-D21000008300}" = Game Room
"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"Gunz" = ijji - Gunz
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero
"InstallShield_{C6F2BB06-0203-4B36-BFB7-9088265682F5}" = DemonFlyFFv14
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 14" = Maple 14
"Metin2.us_is1" = Metin2.us
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Runic Games Torchlight" = Torchlight
"Starcraft" = Starcraft
"Starry Night Pro" = Starry Night Pro
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 17700" = Insurgency
"Steam App 2100" = Dark Messiah Might and Magic Single Player
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 26800" = Braid
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 440" = Team Fortress 2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tiberian Sun" = Command & Conquer Tiberian Sun
"TmNationsForever_is1" = TmNationsForever
"Toxic Biohazard" = Toxic Biohazard
"Veoh Web Player Beta" = Veoh Web Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0638265cfb8124a6" = AA2Deploy
"2a4f70b48f669acd" = AA3Deploy
"BitTorrent" = BitTorrent
"ijji.com" = ijji
"Warcraft III" = Warcraft III
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Hello,
You do have a bit going on , let me give you a heads up on these
C:\Program Files\uTorrent
C:\Program Files\BitTorrent
Any form of File Sharing is not safe. Your downloading that file from an unknown source and not all but most contain malware. The low life that write malware are in tune to this and this is one of the latest ways to infect you. I am going to ask you to uninstall them via Add Remove Programs in the Control Panel. If you don't and we clean you up, you will just keep getting infected wasting both your and my time.
After you uninstall them, then run this program.
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
ShinyGunz
2010-11-30, 04:32
Not sure why BitTorrent was on my computer but it is gone now. I could not find anything related to uTorrent on my computer. It wasn't in add/remove programs and nothing came up when searching for it. Here is the combofix log:
ComboFix 10-11-29.03 - Home 11/29/2010 19:59:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.623 [GMT -6:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: System Shield *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Home\Application Data\Google\T-Scan
c:\documents and settings\Home\Application Data\Google\T-Scan\n.gif
c:\documents and settings\Home\Application Data\Google\T-Scan\t.gif
c:\documents and settings\Home\Application Data\Google\T-Scan\Thumbs.db
c:\documents and settings\Home\Application Data\Google\T-Scan\y.gif
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}\chrome.manifest
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}\chrome\content\_cfg.js
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}\chrome\content\c.js
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}\chrome\content\overlay.xul
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}\install.rdf
C:\install.exe
c:\program files\autorun.inf
c:\program files\driver
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\system32\launcher.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\wiaserviv.log
----- BITS: Possible infected sites -----
hxxp://download.iolo.net
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-30 )))))))))))))))))))))))))))))))
.
2010-11-27 09:24 . 2010-11-27 09:24 -------- d-----w- C:\1b9f1bf7642a71ad6970b768
2010-11-27 09:17 . 2010-11-27 09:17 -------- d-----w- c:\program files\ERUNT
2010-11-26 08:09 . 2010-11-26 08:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-11-26 07:31 . 2010-11-30 02:18 763904 ----a-w- c:\windows\system32\drivers\tjjntrciv.sys
2010-11-26 07:29 . 2010-11-26 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WSTB
2010-11-26 06:35 . 2010-11-26 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-26 06:35 . 2010-11-26 06:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-04 19:35 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-04 19:35 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-10-31 09:04 . 2009-10-08 19:24 352256 ----a-w- c:\windows\vncutil.exe
2010-10-31 09:04 . 2009-10-23 23:53 41984 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-10-31 09:04 . 2009-03-17 19:07 122880 ----a-w- c:\windows\RtkAudioService.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 18:11 . 2008-08-07 02:44 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 17:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 02:11 . 2010-09-10 02:11 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-09-10 02:11 . 2010-09-10 02:11 31744 ----a-w- c:\windows\system32\maplec.dll
2010-09-10 02:11 . 2010-09-10 02:11 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-09-09 13:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-05 21:01 . 2010-09-05 21:01 967 ----a-w- c:\windows\ScUnin.pif
2010-09-05 21:01 . 2010-09-05 21:01 94208 ----a-w- c:\windows\ScUnin.exe
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2007-10-22 10:03 . 2007-10-22 10:03 1698816 ----a-w- c:\program files\Microsoft_DirectX_SDK.msi
2007-09-19 04:41 . 2008-05-26 22:04 258352 ----a-w- c:\program files\unicows.dll
2007-09-19 04:41 . 2008-05-26 22:04 1196032 ----a-w- c:\program files\install.exe
2007-09-19 04:41 . 2008-05-26 22:04 372736 ----a-w- c:\program files\ijl15.dll
2006-10-12 23:17 . 2006-12-23 20:50 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-02-13 18:07 . 2006-12-23 20:50 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
------- Sigcheck -------
[7] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"SystemGuardAlerter"="c:\program files\iolo\System Mechanic Professional\SystemGuardAlerter.exe" [2010-04-21 520616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2010-07-15 1335976]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Registration Tom Clancy's Rainbow Six]
backup=c:\windows\pss\Registration Tom Clancy's Rainbow SixStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 21:27 1242448 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe"
"<NO NAME>"=
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\America's Army\\System\\Server.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.2\\cnc3game.dat"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\source sdk base\\hl2.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Subagames\\Metin2\\metin2.bin"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\teci\\Metin2\\metin2.bin"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\DFO\\DFO.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\TorchED\\Editor.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Corporation\\Tinker\\Tinker.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\counter-strike source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57938:TCP"= 57938:TCP:Pando Media Booster
"57938:UDP"= 57938:UDP:Pando Media Booster
"58708:TCP"= 58708:TCP:Pando Media Booster
"58708:UDP"= 58708:UDP:Pando Media Booster
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [1/6/2009 4:50 PM 39424]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/6/2008 8:39 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [8/6/2008 9:54 PM 8192]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5/26/2009 11:22 PM 33824]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 6:00 AM 14336]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 5:25 PM 122408]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 5:25 PM 1117224]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 5:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 5:11 PM 117288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/6/2008 8:50 PM 38176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/19/2008 4:33 PM 1684736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 5:11 PM 113192]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva365;XDva365;\??\c:\windows\system32\XDva365.sys --> c:\windows\system32\XDva365.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [11/21/2009 8:35 PM 742144]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
*Deregistered* - tjjntrciv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2010-11-30 c:\windows\Tasks\VersionCheck.job
- c:\documents and settings\All Users\Application Data\WSTB\localeX86.exe [2010-11-11 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Kernel and Hardware Abstraction Layer - KHALMNPR.EXE
Notify-NavLogon - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 20:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tjjntrciv]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1202660629-1606980848-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,50,3d,be,28,83,ef,e5,a6,16,59,d2,7c,c8,2e,8a,70,c5,af,80,d5,2c,c7,
d9,9a,2f,9d,9b,5b,97,5e,99,6d,6d,0a,10,16,6e,e4,5b,87,62,28,89,04,00,58,50,\
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\iavlsp.dll
c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\iolo\System Mechanic Professional\IoloSGCtrl.exe
c:\windows\system32\wscntfy.exe
c:\program files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
.
**************************************************************************
.
Completion time: 2010-11-29 20:28:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-30 02:28
Pre-Run: 22,449,000,448 bytes free
Post-Run: 25,273,933,824 bytes free
- - End Of File - - 00C89315E5075E2FA0E8CC57BB76EC66
Hi,
We need to check this file, just upload it and post the report
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
c:\windows\system32\drivers\tjjntrciv.sys <--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
File::
C:\windows\system32\drivers\svchost.exe
c:\windows\system32\XDva224.sys
c:\windows\system32\XDva332.sys
c:\windows\system32\XDva344.sys
c:\windows\system32\XDva359.sys
c:\windows\system32\XDva362.sys
c:\windows\system32\XDva365.sys
Driver::
XDva224
XDva332
XDva344
XDva359
XDva362
XDva365
Fcopy::
c:\windows\system32\dllcache\ctfmon.exe | c:\windows\System32\ctfmon.exe
c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll | c:\windows\system32\mspmsnsv.dll
c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll | c:\windows\system32\dllcache\mspmsnsv.dll
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
ShinyGunz
2010-11-30, 23:27
I get no report back when uploading to VirusTotal and the virusscan one says the file is empty when I go to upload it.
Should I wait to do the notepad part until I can get the report or do it now?
No, go ahead and run Combofix with the script and post the log
ShinyGunz
2010-12-01, 01:11
ComboFix has been trying to prepare the log for almost an hour now. Should I let it keep running or what?
Yes, sometimes it takes awhile
ShinyGunz
2010-12-01, 01:59
I hope SystemGuard didn't block it from running properly. I walked away from computer while it was restarting and when I came back I noticed SystemGuard had started back up and I'm wondering if it may have blocked something while I was in other room.
C:\ComboFix.txt <--You can find the log here, look at the date and make sure you post the latest one.
ShinyGunz
2010-12-01, 03:49
Here is whats in the ComboFix.txt :
ComboFix 10-11-30.02 - Home 11/30/2010 16:19:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.479 [GMT -6:00]
Running from: C:\Documents and Settings\Home\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Home\Desktop\CFScript.txt
AV: System Shield *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
FILE ::
"C:\windows\system32\drivers\svchost.exe"
"c:\windows\system32\XDva224.sys"
"c:\windows\system32\XDva332.sys"
"c:\windows\system32\XDva344.sys"
"c:\windows\system32\XDva359.sys"
"c:\windows\system32\XDva362.sys"
"c:\windows\system32\XDva365.sys"
.
Drag Combofix to the trash and download a fresh copy and run the scan normally without any script, then post the new log please.
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
ShinyGunz
2010-12-01, 03:55
Oops, I forgot to ask in my last post if I need to still leave ComboFix running.
ShinyGunz
2010-12-01, 04:19
ComboFix 10-11-30.02 - Home 11/30/2010 20:01:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.405 [GMT -6:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: System Shield *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XDVA224
-------\Legacy_XDVA332
-------\Legacy_XDVA344
-------\Legacy_XDVA359
-------\Legacy_XDVA362
-------\Legacy_XDVA365
-------\Service_XDva224
-------\Service_XDva332
-------\Service_XDva344
-------\Service_XDva359
-------\Service_XDva362
-------\Service_XDva365
((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))
.
2010-11-27 09:24 . 2010-11-27 09:24 -------- d-----w- C:\1b9f1bf7642a71ad6970b768
2010-11-27 09:17 . 2010-11-27 09:17 -------- d-----w- c:\program files\ERUNT
2010-11-26 08:09 . 2010-11-26 08:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-11-26 07:31 . 2010-12-01 02:14 763904 ----a-w- c:\windows\system32\drivers\tjjntrciv.sys
2010-11-26 07:29 . 2010-11-26 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WSTB
2010-11-26 06:35 . 2010-11-26 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-26 06:35 . 2010-11-26 06:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-04 19:35 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-04 19:35 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 18:11 . 2008-08-07 02:44 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 17:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 02:11 . 2010-09-10 02:11 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-09-10 02:11 . 2010-09-10 02:11 31744 ----a-w- c:\windows\system32\maplec.dll
2010-09-10 02:11 . 2010-09-10 02:11 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-09-09 13:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-05 21:01 . 2010-09-05 21:01 967 ----a-w- c:\windows\ScUnin.pif
2010-09-05 21:01 . 2010-09-05 21:01 94208 ----a-w- c:\windows\ScUnin.exe
2007-10-22 10:03 . 2007-10-22 10:03 1698816 ----a-w- c:\program files\Microsoft_DirectX_SDK.msi
2007-09-19 04:41 . 2008-05-26 22:04 258352 ----a-w- c:\program files\unicows.dll
2007-09-19 04:41 . 2008-05-26 22:04 1196032 ----a-w- c:\program files\install.exe
2007-09-19 04:41 . 2008-05-26 22:04 372736 ----a-w- c:\program files\ijl15.dll
2006-10-12 23:17 . 2006-12-23 20:50 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-02-13 18:07 . 2006-12-23 20:50 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
------- Sigcheck -------
[7] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"SystemGuardAlerter"="c:\program files\iolo\System Mechanic Professional\SystemGuardAlerter.exe" [2010-04-21 520616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2010-07-15 1335976]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Registration Tom Clancy's Rainbow Six]
backup=c:\windows\pss\Registration Tom Clancy's Rainbow SixStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 21:27 1242448 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe"
"<NO NAME>"=
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\America's Army\\System\\Server.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.2\\cnc3game.dat"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\source sdk base\\hl2.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Subagames\\Metin2\\metin2.bin"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\teci\\Metin2\\metin2.bin"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\DFO\\DFO.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\TorchED\\Editor.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Corporation\\Tinker\\Tinker.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\counter-strike source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57938:TCP"= 57938:TCP:Pando Media Booster
"57938:UDP"= 57938:UDP:Pando Media Booster
"58708:TCP"= 58708:TCP:Pando Media Booster
"58708:UDP"= 58708:UDP:Pando Media Booster
"1176:TCP"= 1176:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [1/6/2009 4:50 PM 39424]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/6/2008 8:39 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [8/6/2008 9:54 PM 8192]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5/26/2009 11:22 PM 33824]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 6:00 AM 14336]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 5:25 PM 122408]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 5:25 PM 1117224]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 5:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 5:11 PM 117288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/6/2008 8:50 PM 38176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/19/2008 4:33 PM 1684736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 5:11 PM 113192]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [11/21/2009 8:35 PM 742144]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
*Deregistered* - tjjntrciv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2010-12-01 c:\windows\Tasks\VersionCheck.job
- c:\documents and settings\All Users\Application Data\WSTB\localeX86.exe [2010-11-11 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 20:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tjjntrciv]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1202660629-1606980848-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,50,3d,be,28,83,ef,e5,a6,16,59,d2,7c,c8,2e,8a,70,c5,af,80,d5,2c,c7,
d9,9a,2f,9d,9b,5b,97,5e,99,6d,6d,0a,10,16,6e,e4,5b,87,62,28,89,04,00,58,50,\
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\iavlsp.dll
c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2010-11-30 20:17:59
ComboFix-quarantined-files.txt 2010-12-01 02:17
ComboFix2.txt 2010-11-30 02:28
Pre-Run: 25,160,589,312 bytes free
Post-Run: 25,136,287,744 bytes free
- - End Of File - - 2C9A4E0BAE4924E2D7699CAE3684A633
Hi,
We still need to fix that file, lets do this
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
ctfmon.exe
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Then run OTL again and post a new log
ShinyGunz
2010-12-01, 11:22
Here is the results of the SystemLook, I'll post the OTL in few minutes when it finishes.
SystemLook 04.09.10 by jpshortstuff
Log created at 03:15 on 01/12/2010 by Home
Administrator - Elevation successful
========== filefind ==========
Searching for "ctfmon.exe"
C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe -----c- 15360 bytes [03:13 07/08/2008] [12:00 28/02/2006] 24232996A38C0B0CF151C2140AE29FC8
-= EOF =-
ShinyGunz
2010-12-01, 11:37
OTL logfile created on: 12/1/2010 3:24:08 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 467.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 23.29 Gb Free Space | 15.62% Space Free | Partition Type: NTFS
Drive D: | 641.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JUSTIN | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\iolo\Common\Lib\sguard.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (IOLO_SRV) -- C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NACAgent) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe ()
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
========== Driver Services (SafeList) ==========
DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (LMouKE) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys File not found
DRV - (L8042mou) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys File not found
DRV - (L8042Kbd) -- C:\WINDOWS\System32\Drivers\L8042Kbd.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Home\LOCALS~1\Temp\catchme.sys File not found
DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)
DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (XPacket) -- C:\WINDOWS\System32\xpacket.sys (iolo technologies, LLC)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (BS_I2cIo) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys (BIOSTAR Group)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/30 20:42:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/30 20:41:58 | 000,000,000 | ---D | M]
[2008/06/06 22:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2010/11/30 20:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions
[2009/06/25 16:32:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/07/20 21:41:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/17 13:14:24 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/09/01 23:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
[2010/11/30 20:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/08 22:48:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2010/03/28 22:07:33 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2006/10/12 17:18:00 | 001,245,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2006/10/12 17:17:00 | 000,003,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2006/02/13 12:07:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2010/11/11 17:26:20 | 000,002,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml
O1 HOSTS File: ([2010/11/30 16:35:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [iolo Personal Firewall] C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} http://www.gamescampus.com/luncher/GamesCampus.cab (GamesCampus Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231906288484 (MUWebControl Class)
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} http://www.ultimatebaseballonline.com/myubo/launchubo.OCX (LaunchUBO.Ulit)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.1.30.43 69.1.30.42
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/08 21:29:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/01/08 21:06:18 | 000,000,040 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/12/01 03:14:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/29 19:48:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/29 19:43:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/29 19:43:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/29 19:43:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/29 19:43:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/29 19:40:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/29 13:10:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/27 03:24:23 | 000,000,000 | ---D | C] -- C:\1b9f1bf7642a71ad6970b768
[2010/11/27 03:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/27 03:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/27 03:16:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/11/26 01:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/11/26 01:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/26 01:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/26 00:31:08 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/25 23:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/25 23:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/09/03 16:10:04 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\sbcrreag.dll
[2008/05/26 16:04:43 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Program Files\ijl15.dll
[2008/05/26 16:04:43 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/12/01 03:32:38 | 000,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/12/01 03:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/12/01 03:10:58 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\SystemLook.exe
[2010/12/01 03:06:57 | 000,444,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/01 03:06:57 | 000,072,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/30 19:59:27 | 003,982,824 | R--- | M] () -- C:\Documents and Settings\Home\Desktop\ComboFix.exe
[2010/11/30 16:35:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/30 16:35:39 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/11/30 16:35:36 | 000,244,486 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/30 16:35:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/30 16:35:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/30 16:35:00 | 1072,943,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/29 19:48:16 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010/11/29 13:10:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/28 22:52:14 | 004,159,246 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/27 03:17:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/27 03:16:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 15:52:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/26 00:59:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/26 00:35:35 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:31:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/11 15:33:16 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/11 03:39:33 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:57:03 | 072,343,566 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/12/01 03:11:01 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\SystemLook.exe
[2010/11/30 19:59:24 | 003,982,824 | R--- | C] () -- C:\Documents and Settings\Home\Desktop\ComboFix.exe
[2010/11/30 16:35:39 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/11/29 19:48:15 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/11/29 19:48:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/29 19:43:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/29 19:43:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/29 19:43:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/29 19:43:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/29 19:43:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/28 22:52:14 | 004,159,246 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/27 03:17:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/26 01:31:35 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/26 01:31:06 | 000,763,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/11/26 00:35:35 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:32:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 15:27:52 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/10 23:17:44 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:53:25 | 072,343,566 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/09/29 12:05:30 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/29 12:05:29 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/09/09 20:11:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2010/09/09 20:11:43 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2010/09/09 20:11:43 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2010/07/09 13:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/04/27 22:32:43 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/27 19:43:51 | 000,004,764 | -HS- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\qadX88Alu
[2009/11/02 00:19:30 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/08/22 19:25:58 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/07/30 19:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/11 00:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\leverage.drm.log
[2009/05/26 23:22:39 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/02/14 20:44:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/10 11:40:18 | 919,260,488 | ---- | C] () -- C:\Program Files\2MOONSExpedition.exe.downloading
[2009/01/06 16:50:58 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/01/06 15:41:36 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/13 12:46:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/23 23:26:04 | 000,000,001 | ---- | C] () -- C:\Program Files\Status.inf
[2008/06/23 23:18:03 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.SIG
[2008/06/23 23:18:02 | 000,449,563 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RES
[2008/06/23 23:17:59 | 001,281,785 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RTP
[2008/06/23 23:17:59 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.SIG
[2008/06/23 23:17:58 | 000,095,018 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RTP
[2008/06/23 23:17:58 | 000,000,016 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RES
[2008/06/23 23:17:57 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.SIG
[2008/06/23 23:17:56 | 000,237,764 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RES
[2008/06/23 23:17:56 | 000,084,357 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RTP
[2008/06/23 23:17:55 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.SIG
[2008/06/23 23:17:54 | 000,031,308 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RTP
[2008/06/23 23:17:54 | 000,008,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RES
[2008/06/23 23:17:53 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.SIG
[2008/06/23 23:17:01 | 033,250,935 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RES
[2008/06/23 23:16:41 | 013,378,045 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RTP
[2008/05/26 16:06:40 | 514,337,164 | ---- | C] () -- C:\Program Files\data4.pck
[2008/05/26 16:06:01 | 629,164,503 | ---- | C] () -- C:\Program Files\data3.pck
[2008/05/26 16:05:22 | 629,175,968 | ---- | C] () -- C:\Program Files\data2.pck
[2008/05/26 16:04:43 | 629,147,117 | ---- | C] () -- C:\Program Files\data1.pck
[2008/05/26 16:04:43 | 001,196,032 | ---- | C] () -- C:\Program Files\install.exe
[2008/05/26 16:04:43 | 001,080,216 | ---- | C] () -- C:\Program Files\check.md
[2008/05/26 16:04:43 | 000,052,156 | ---- | C] () -- C:\Program Files\Copyright.txt
[2008/05/26 16:04:43 | 000,004,968 | ---- | C] () -- C:\Program Files\install.ini
[2008/05/26 16:04:43 | 000,004,150 | ---- | C] () -- C:\Program Files\icon.ico
[2008/05/03 14:37:24 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/11/27 13:46:26 | 000,000,377 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/11/27 13:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2007/11/27 13:46:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2007/11/27 13:45:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2007/11/11 22:53:28 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\PnkBstrK.sys
[2007/10/22 04:03:08 | 001,698,816 | ---- | C] () -- C:\Program Files\Microsoft_DirectX_SDK.msi
[2007/10/11 22:01:22 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/17 13:01:24 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/06/17 12:33:34 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/17 12:33:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/09 23:10:33 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/01/27 12:49:35 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/27 00:35:22 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 21:17:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/29 23:49:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/09 05:14:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/08 21:45:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/12/08 21:39:37 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/10/20 21:32:30 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/20 21:32:30 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/20 21:32:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/20 21:32:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/20 21:32:26 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/20 21:32:26 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/02/16 22:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA2DeployClient
[2008/10/29 21:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/02/14 20:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009/05/08 11:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client
[2010/01/09 16:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/09/16 19:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Game Room
[2010/10/08 14:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/04/27 22:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/14 13:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/26 20:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/08 03:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/06 05:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/11/27 22:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/26 01:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/06/04 17:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/12/29 23:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\acccore
[2010/11/29 19:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\BitTorrent
[2009/12/27 19:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Braid
[2010/10/01 12:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\BugTrap Console Test108
[2008/08/17 12:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\CiscoCAA
[2007/04/01 00:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Command & Conquer 3 Tiberium Wars
[2007/03/02 19:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2007/01/31 20:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Dev-Cpp
[2010/08/20 23:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\gamigo
[2010/04/05 23:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GetRightToGo
[2008/01/12 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GSC
[2010/03/29 21:35:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Home\Application Data\ijjigame
[2010/11/26 11:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\iolo
[2010/08/20 23:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\launcher
[2010/09/09 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Maple
[2010/08/20 23:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Martial Empires Luancher OBT
[2009/09/24 18:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\NeopleLauncherDFO
[2009/11/02 00:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\PrimoPDF
[2009/09/11 14:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\ProxyCap
[2009/11/12 19:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\runic games
[2009/09/18 16:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Subversion
[2010/09/14 18:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\TeamViewer
[2008/10/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Uniblue
[2009/01/06 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\uTorrent
[2008/08/07 15:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Windows Search
[2010/12/01 03:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\VersionCheck.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613
< End of report >
ShinyGunz
2010-12-01, 11:57
Was there supposed to be an Extras log with that scan?
No need for the extras log right now
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Fcopy::
Fcopy::
C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe | c:\windows\System32\ctfmon.exe
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
ShinyGunz
2010-12-01, 12:39
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.JUSTIN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Home
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 967758 bytes
->Java cache emptied: 35706101 bytes
->FireFox cache emptied: 84367661 bytes
->Flash cache emptied: 4973155 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 534747 bytes
->FireFox cache emptied: 7666263 bytes
->Flash cache emptied: 456 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 7314 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4012892 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55413 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 17308444 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 150528 bytes
Total Files Cleaned = 149.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.17.3 log created on 12012010_041949
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2f0.dat not found!
Registry entries deleted on Reboot...
OTL Log:
OTL logfile created on: 12/1/2010 4:27:31 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 399.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 23.43 Gb Free Space | 15.72% Space Free | Partition Type: NTFS
Drive D: | 641.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JUSTIN | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\iolo\Common\Lib\sguard.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (IOLO_SRV) -- C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NACAgent) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe ()
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
========== Driver Services (SafeList) ==========
DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (LMouKE) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys File not found
DRV - (L8042mou) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys File not found
DRV - (L8042Kbd) -- C:\WINDOWS\System32\Drivers\L8042Kbd.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Home\LOCALS~1\Temp\catchme.sys File not found
DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)
DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (XPacket) -- C:\WINDOWS\System32\xpacket.sys (iolo technologies, LLC)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (BS_I2cIo) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys (BIOSTAR Group)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/30 20:42:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/30 20:41:58 | 000,000,000 | ---D | M]
[2008/06/06 22:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2010/11/30 20:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions
[2009/06/25 16:32:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/07/20 21:41:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/17 13:14:24 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/09/01 23:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
[2010/11/30 20:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/08 22:48:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2010/03/28 22:07:33 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2006/10/12 17:18:00 | 001,245,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2006/10/12 17:17:00 | 000,003,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2006/02/13 12:07:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2010/11/11 17:26:20 | 000,002,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml
O1 HOSTS File: ([2010/12/01 04:21:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [iolo Personal Firewall] C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} http://www.gamescampus.com/luncher/GamesCampus.cab (GamesCampus Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231906288484 (MUWebControl Class)
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} http://www.ultimatebaseballonline.com/myubo/launchubo.OCX (LaunchUBO.Ulit)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.1.30.43 69.1.30.42
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/08 21:29:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/01/08 21:06:18 | 000,000,040 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/12/01 04:19:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/01 03:14:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/29 19:48:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/29 19:43:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/29 19:43:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/29 19:43:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/29 19:43:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/29 19:40:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/29 13:10:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/27 03:24:23 | 000,000,000 | ---D | C] -- C:\1b9f1bf7642a71ad6970b768
[2010/11/27 03:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/27 03:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/27 03:16:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/11/26 01:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/11/26 01:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/26 01:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/26 00:31:08 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/25 23:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/25 23:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/09/03 16:10:04 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\sbcrreag.dll
[2008/05/26 16:04:43 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Program Files\ijl15.dll
[2008/05/26 16:04:43 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
========== Files - Modified Within 30 Days ==========
[2010/12/01 04:34:41 | 000,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/12/01 04:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/12/01 04:23:59 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/12/01 04:23:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/01 04:23:31 | 000,244,486 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/01 04:23:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/01 04:23:17 | 1072,943,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/01 04:21:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/01 03:10:58 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\SystemLook.exe
[2010/12/01 03:06:57 | 000,444,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/01 03:06:57 | 000,072,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/30 19:59:27 | 003,982,824 | R--- | M] () -- C:\Documents and Settings\Home\Desktop\ComboFix.exe
[2010/11/29 19:48:16 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010/11/29 13:10:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/28 22:52:14 | 004,159,246 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/27 03:17:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/27 03:16:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 15:52:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/26 00:59:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/26 00:35:35 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:31:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/11 15:33:16 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/11 03:39:33 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:57:03 | 072,343,566 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
========== Files Created - No Company Name ==========
[2010/12/01 03:11:01 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\SystemLook.exe
[2010/11/30 19:59:24 | 003,982,824 | R--- | C] () -- C:\Documents and Settings\Home\Desktop\ComboFix.exe
[2010/11/30 16:35:39 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/11/29 19:48:15 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/11/29 19:48:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/29 19:43:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/29 19:43:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/29 19:43:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/29 19:43:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/29 19:43:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/28 22:52:14 | 004,159,246 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/27 03:17:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/26 01:31:35 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/26 01:31:06 | 000,763,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/11/26 00:35:35 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:32:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 15:27:52 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/10 23:17:44 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:53:25 | 072,343,566 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/09/29 12:05:30 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/29 12:05:29 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/09/09 20:11:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2010/09/09 20:11:43 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2010/09/09 20:11:43 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2010/07/09 13:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/04/27 22:32:43 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/27 19:43:51 | 000,004,764 | -HS- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\qadX88Alu
[2009/11/02 00:19:30 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/08/22 19:25:58 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/07/30 19:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/11 00:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\leverage.drm.log
[2009/05/26 23:22:39 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/02/14 20:44:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/10 11:40:18 | 919,260,488 | ---- | C] () -- C:\Program Files\2MOONSExpedition.exe.downloading
[2009/01/06 16:50:58 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/01/06 15:41:36 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/13 12:46:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/23 23:26:04 | 000,000,001 | ---- | C] () -- C:\Program Files\Status.inf
[2008/06/23 23:18:03 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.SIG
[2008/06/23 23:18:02 | 000,449,563 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RES
[2008/06/23 23:17:59 | 001,281,785 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RTP
[2008/06/23 23:17:59 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.SIG
[2008/06/23 23:17:58 | 000,095,018 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RTP
[2008/06/23 23:17:58 | 000,000,016 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RES
[2008/06/23 23:17:57 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.SIG
[2008/06/23 23:17:56 | 000,237,764 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RES
[2008/06/23 23:17:56 | 000,084,357 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RTP
[2008/06/23 23:17:55 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.SIG
[2008/06/23 23:17:54 | 000,031,308 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RTP
[2008/06/23 23:17:54 | 000,008,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RES
[2008/06/23 23:17:53 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.SIG
[2008/06/23 23:17:01 | 033,250,935 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RES
[2008/06/23 23:16:41 | 013,378,045 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RTP
[2008/05/26 16:06:40 | 514,337,164 | ---- | C] () -- C:\Program Files\data4.pck
[2008/05/26 16:06:01 | 629,164,503 | ---- | C] () -- C:\Program Files\data3.pck
[2008/05/26 16:05:22 | 629,175,968 | ---- | C] () -- C:\Program Files\data2.pck
[2008/05/26 16:04:43 | 629,147,117 | ---- | C] () -- C:\Program Files\data1.pck
[2008/05/26 16:04:43 | 001,196,032 | ---- | C] () -- C:\Program Files\install.exe
[2008/05/26 16:04:43 | 001,080,216 | ---- | C] () -- C:\Program Files\check.md
[2008/05/26 16:04:43 | 000,052,156 | ---- | C] () -- C:\Program Files\Copyright.txt
[2008/05/26 16:04:43 | 000,004,968 | ---- | C] () -- C:\Program Files\install.ini
[2008/05/26 16:04:43 | 000,004,150 | ---- | C] () -- C:\Program Files\icon.ico
[2008/05/03 14:37:24 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/11/27 13:46:26 | 000,000,377 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/11/27 13:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2007/11/27 13:46:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2007/11/27 13:45:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2007/11/11 22:53:28 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\PnkBstrK.sys
[2007/10/22 04:03:08 | 001,698,816 | ---- | C] () -- C:\Program Files\Microsoft_DirectX_SDK.msi
[2007/10/11 22:01:22 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/17 13:01:24 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/06/17 12:33:34 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/17 12:33:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/09 23:10:33 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/01/27 12:49:35 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/27 00:35:22 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 21:17:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/29 23:49:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/09 05:14:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/08 21:45:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/12/08 21:39:37 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/10/20 21:32:30 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/20 21:32:30 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/20 21:32:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/20 21:32:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/20 21:32:26 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/20 21:32:26 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613
< End of report >
ShinyGunz
2010-12-01, 13:11
ComboFix 10-11-30.05 - Home 12/01/2010 4:46.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.483 [GMT -6:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Home\Desktop\CFScript.txt
AV: System Shield *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://download.iolo.net
.
--------------- FCopy ---------------
c:\windows\$NtServicePackUninstall$\ctfmon.exe --> c:\windows\System32\ctfmon.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))
.
2010-12-01 10:46 . 2006-02-28 12:00 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2010-12-01 10:46 . 2006-02-28 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
2010-12-01 10:19 . 2010-12-01 10:19 -------- d-----w- C:\_OTL
2010-12-01 02:41 . 2010-12-01 02:41 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-12-01 02:41 . 2010-12-01 02:41 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-11-27 09:24 . 2010-11-27 09:24 -------- d-----w- C:\1b9f1bf7642a71ad6970b768
2010-11-27 09:17 . 2010-11-27 09:17 -------- d-----w- c:\program files\ERUNT
2010-11-26 08:09 . 2010-11-26 08:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-11-26 07:31 . 2010-12-01 11:02 763904 ----a-w- c:\windows\system32\drivers\tjjntrciv.sys
2010-11-26 07:29 . 2010-11-26 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WSTB
2010-11-26 06:35 . 2010-11-26 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-26 06:35 . 2010-11-26 06:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-04 19:35 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-04 19:35 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 18:11 . 2008-08-07 02:44 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 17:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 02:11 . 2010-09-10 02:11 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-09-10 02:11 . 2010-09-10 02:11 31744 ----a-w- c:\windows\system32\maplec.dll
2010-09-10 02:11 . 2010-09-10 02:11 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-09-09 13:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-05 21:01 . 2010-09-05 21:01 967 ----a-w- c:\windows\ScUnin.pif
2010-09-05 21:01 . 2010-09-05 21:01 94208 ----a-w- c:\windows\ScUnin.exe
2007-10-22 10:03 . 2007-10-22 10:03 1698816 ----a-w- c:\program files\Microsoft_DirectX_SDK.msi
2007-09-19 04:41 . 2008-05-26 22:04 258352 ----a-w- c:\program files\unicows.dll
2007-09-19 04:41 . 2008-05-26 22:04 1196032 ----a-w- c:\program files\install.exe
2007-09-19 04:41 . 2008-05-26 22:04 372736 ----a-w- c:\program files\ijl15.dll
2006-10-12 23:17 . 2006-12-23 20:50 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-02-13 18:07 . 2006-12-23 20:50 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"SystemGuardAlerter"="c:\program files\iolo\System Mechanic Professional\SystemGuardAlerter.exe" [2010-04-21 520616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2010-07-15 1335976]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Registration Tom Clancy's Rainbow Six]
backup=c:\windows\pss\Registration Tom Clancy's Rainbow SixStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 21:27 1242448 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe"
"<NO NAME>"=
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\America's Army\\System\\Server.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.2\\cnc3game.dat"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\source sdk base\\hl2.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Subagames\\Metin2\\metin2.bin"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\teci\\Metin2\\metin2.bin"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\DFO\\DFO.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\TorchED\\Editor.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Corporation\\Tinker\\Tinker.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\counter-strike source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57938:TCP"= 57938:TCP:Pando Media Booster
"57938:UDP"= 57938:UDP:Pando Media Booster
"58708:TCP"= 58708:TCP:Pando Media Booster
"58708:UDP"= 58708:UDP:Pando Media Booster
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [1/6/2009 4:50 PM 39424]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/6/2008 8:39 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [8/6/2008 9:54 PM 8192]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5/26/2009 11:22 PM 33824]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 6:00 AM 14336]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 5:25 PM 122408]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 5:25 PM 1117224]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 5:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 5:11 PM 117288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/6/2008 8:50 PM 38176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/19/2008 4:33 PM 1684736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 5:11 PM 113192]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [11/21/2009 8:35 PM 742144]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
*Deregistered* - tjjntrciv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2010-12-01 c:\windows\Tasks\VersionCheck.job
- c:\documents and settings\All Users\Application Data\WSTB\localeX86.exe [2010-11-11 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-01 05:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tjjntrciv]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1202660629-1606980848-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,50,3d,be,28,83,ef,e5,a6,16,59,d2,7c,c8,2e,8a,70,c5,af,80,d5,2c,c7,
d9,9a,2f,9d,9b,5b,97,5e,99,6d,6d,0a,10,16,6e,e4,5b,87,62,28,89,04,00,58,50,\
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\iavlsp.dll
c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
- - - - - - - > 'explorer.exe'(2032)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\iolo\System Mechanic Professional\IoloSGCtrl.exe
c:\windows\system32\wscntfy.exe
c:\program files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-12-01 05:09:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-01 11:09
ComboFix2.txt 2010-12-01 02:18
ComboFix3.txt 2010-11-30 02:28
Pre-Run: 25,128,951,808 bytes free
Post-Run: 25,106,956,288 bytes free
- - End Of File - - B49F181DEB51B57C26C11DEA616FC514
Your log appears ok but with the amount of games on your system I need to look through it a little closer.
Let me know how things are running now ???
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
ShinyGunz
2010-12-02, 01:04
Computer has been running much better now. I haven't noticed any problems. Here are the results of the ESET scan:
C:\Program Files\Kustom Appz Software\TWL AA Cheat Deterrent Client\AACDC.exe probably a variant of Win32/Genetik trojan
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Olmarik.ADA trojan
Good Morning
Glad things are back to normal for you.
Kustom Appz Software <-- This appears related to your games and is most likely ok, if you dont use it then uninstall it.
The other file in Qoobox is just the back up of what Combofix removed. It will be removed when we clean up .
Open OTL and click on the Cleanup Feature and it will remove the programs we used to clean your system along with there backups.
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
ShinyGunz
2010-12-02, 11:27
I can't thank you enough for helping fix my computer. Now that I no longer am getting redirected I can finally access my school websites to continue to study at home for my remaining finals.
Your very welcome :)
Take care,
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.