Avanguard

Members
  • Content Count

    23
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Avanguard

  • Rank
    Member
  1. Well that's 20 something less detections. There's just three left now according to Ad-Aware, but since it hangs after the scan (but before the results display), I can't tell what or where they are. The scan log says its working fine until I close the "frozen" window and try to reopen it to view the detections. At that point the program says it crashed and the logs give "SDKController" messages of "Not in idle state" for the quarantine list and the whitelist. So guess we're out of ideas, like you said.
  2. Kaspersky finished downloading its definitions at about 8 AM or so and the scan ran through till about 10m minutes ago. I've got the log. It only picked up one real threat (Trojan.JS.Redirector.b), but googling it doesn't show up with any useful results on what that threat does. Here's the logs (including Kaspersky). Sndrec32 shows as clean but ComboFix "deletes" it anyway. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, April 12, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, April 12, 2010 05:57:40 Records in database: 3937249 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ H:\ I:\ Scan statistics: Objects scanned: 96424 Threats found: 5 Infected objects found: 41 Suspicious objects found: 0 Scan duration: 04:36:15 File name / Threat / Threats count C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\default.4u5\Mail\127.0.0.1\Junk Infected: Trojan.JS.Redirector.b 29 C:\Documents and Settings\Owner\Desktop\mIRC.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1 C:\Documents and Settings\Owner\Desktop\mIRC.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0113675.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0113676.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0120496.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0120497.EXE.bac_a03392 Infected: not-a-virus:AdWare.Win32.NewDotNet 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\mirc___0.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\NNWDAB638.EXE.bac_a03392 Infected: not-a-virus:AdWare.Win32.NewDotNet 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\VVSNInst.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 Selected area has been scanned. ------------------------------------------ Antivirus Version Last Update Result a-squared 4.5.0.50 2010.04.12 - AhnLab-V3 5.0.0.2 2010.04.12 - AntiVir 7.10.6.64 2010.04.12 - Antiy-AVL 2.0.3.7 2010.04.12 - Authentium 5.2.0.5 2010.04.12 - Avast 4.8.1351.0 2010.04.12 - Avast5 5.0.332.0 2010.04.12 - AVG 9.0.0.787 2010.04.12 - BitDefender 7.2 2010.04.12 - CAT-QuickHeal 10.00 2010.04.12 - ClamAV 0.96.0.3-git 2010.04.12 - Comodo 4578 2010.04.12 - DrWeb 5.0.2.03300 2010.04.12 - eSafe 7.0.17.0 2010.04.12 - eTrust-Vet 35.2.7421 2010.04.12 - F-Prot 4.5.1.85 2010.04.12 - F-Secure 9.0.15370.0 2010.04.12 - Fortinet 4.0.14.0 2010.04.12 - GData 19 2010.04.12 - Ikarus T3.1.1.80.0 2010.04.12 - Jiangmin 13.0.900 2010.04.12 - Kaspersky 7.0.0.125 2010.04.12 - McAfee 5.400.0.1158 2010.04.12 - McAfee-GW-Edition 6.8.5 2010.04.12 - Microsoft 1.5605 2010.04.12 - NOD32 5022 2010.04.12 - Norman 6.04.11 2010.04.12 - nProtect 2009.1.8.0 2010.04.06 - Panda 10.0.2.2 2010.04.12 - PCTools 7.0.3.5 2010.04.12 - Prevx 3.0 2010.04.12 - Rising 22.43.00.04 2010.04.12 - Sophos 4.52.0 2010.04.12 - Sunbelt 6167 2010.04.12 - Symantec 20091.2.0.41 2010.04.12 - TheHacker 6.5.2.0.259 2010.04.12 - TrendMicro 9.120.0.1004 2010.04.12 - VBA32 3.12.12.4 2010.04.09 - ViRobot 2010.4.12.2272 2010.04.12 - VirusBuster 5.0.27.0 2010.04.12 - Additional information File size: 124416 bytes MD5...: af36c624c5d7a1127b897e9cfccfa034 SHA1..: abf9fd4905d8f263a669c6ac30fd944e42519407 SHA256: cf01280872d9fce598d631210684ce8784bf7f7092a09a2a4bdc51c3188ea30d ssdeep: 1536:NnLh2c9E5j4ZRJja8eK6U9Mxbd2vim2xwcy+QynzI33zt:NnLh2iUcZ3nMx bAvywcy6nzI33zt PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xd32e timedatestamp.....: 0x3b7d82c4 (Fri Aug 17 20:47:00 2001) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x13782 0x13800 6.52 fce4d7fec914b87b18f9487cc6d386b7 .data 0x15000 0x1b98 0xa00 3.33 d4664b55cd7235d5236580ce1fdb9620 .rsrc 0x17000 0x9f60 0xa000 4.87 6ce25b4138a7f9286effe433b0bdf5ae ( 10 imports ) > ADVAPI32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, RegOpenKeyExA, RegQueryValueExA > KERNEL32.dll: UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, HeapAlloc, LoadLibraryA, GetACP, GetOEMCP, GetCPInfo, VirtualAlloc, HeapReAlloc, GetModuleFileNameA, GetStringTypeW, LCMapStringA, MultiByteToWideChar, LCMapStringW, RtlUnwind, VirtualProtect, GetSystemInfo, VirtualQuery, GetLocaleInfoA, GetStdHandle, WriteFile, GetProcAddress, ExitProcess, GetVersionExA, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, GetTempFileNameW, lstrcpynW, GlobalReAlloc, WaitForSingleObject, CreateThread, GlobalMemoryStatus, GetLocaleInfoW, GetCommandLineW, GetFullPathNameW, lstrlenW, lstrcatW, DeleteFileW, CreateFileW, CloseHandle, GlobalAlloc, GlobalLock, GlobalSize, GetCurrentThreadId, lstrcmpiW, WideCharToMultiByte, FindResourceW, LoadResource, LockResource, FreeResource, lstrcmpW, MulDiv, lstrcpyW, GlobalFree, GlobalUnlock, GlobalHandle, GetStringTypeA > GDI32.dll: SetMapMode, GetStockObject, CreateMetaFileW, SetWindowOrgEx, SetWindowExtEx, StretchBlt, CloseMetaFile, DeleteMetaFile, GetDeviceCaps, CreateCompatibleBitmap, GetObjectW, SelectPalette, RealizePalette, GetDIBits, PatBlt, BitBlt, DeleteDC, CreateCompatibleDC, CreateBitmap, SetTextColor, SelectObject, SetBkColor, GetTextExtentPointW, ExtTextOutW, DeleteObject, CreateSolidBrush, SetBrushOrgEx, CreateHatchBrush > USER32.dll: SetCursor, LoadCursorW, GetClipboardData, OpenClipboard, wsprintfW, MessageBoxW, wvsprintfW, GetWindowLongW, MessageBeep, CharPrevW, CharNextW, SetClassLongW, SetWindowTextW, LoadAcceleratorsW, DefDlgProcW, RegisterClassW, LoadIconW, GetDlgItem, ShowWindow, GetWindowTextW, ReleaseDC, GetDC, EndPaint, BeginPaint, DefWindowProcW, InflateRect, PeekMessageW, InvalidateRect, SetDlgItemTextW, GetActiveWindow, EnableWindow, GetFocus, SetTimer, KillTimer, RegisterWindowMessageW, DrawIcon, SetRect, GetSystemMetrics, ModifyMenuW, DrawMenuBar, DeleteMenu, GetMenu, IsWindow, EndDialog, SetPropW, RemovePropW, CloseClipboard, GetDlgCtrlID, DialogBoxParamW, MoveWindow, IsIconic, GetWindowRect, DrawFocusRect, CopyRect, DrawEdge, CallWindowProcW, SetWindowLongW, MapWindowPoints, CreateWindowExW, SetForegroundWindow, SetFocus, RemoveMenu, GetMenuStringW, GetSubMenu, InsertMenuW, GetParent, SetWindowPos, DestroyMenu, CreateMenu, RedrawWindow, RegisterClipboardFormatW, DispatchMessageW, UnhookWindowsHookEx, GetSysColor, GetClientRect, DestroyWindow, PostQuitMessage, LoadStringW, ClientToScreen, ScreenToClient, UpdateWindow, IsWindowEnabled, SetActiveWindow, PostMessageW, GetWindow, GetKeyState, EnableMenuItem, IsClipboardFormatAvailable, SetWindowsHookExW, CreateDialogParamW, GetMessageW, TranslateAcceleratorW, IsDialogMessageW, GetPropW, TranslateMessage, WinHelpW, GetDesktopWindow, IsWindowVisible, GetAsyncKeyState, SendMessageW, CallNextHookEx, FillRect > WINMM.dll: waveOutUnprepareHeader, mmioOpenW, mmioWrite, mmioAscend, mmioCreateChunk, mmioRead, mmioSeek, mmioDescend, waveOutGetNumDevs, waveInGetNumDevs, waveInOpen, waveOutWrite, waveInAddBuffer, waveOutPrepareHeader, waveInPrepareHeader, waveInUnprepareHeader, waveOutOpen, waveInReset, waveOutReset, mmioGetInfo, waveInStart, waveOutPause, waveOutRestart, waveOutClose, waveInClose, waveOutGetPosition, waveInGetPosition, mmioClose > comdlg32.dll: GetSaveFileNameW, GetOpenFileNameW > SHELL32.dll: ShellAboutW, DragQueryFileW, DragFinish, SHGetFileInfoW, ShellExecuteW, DragAcceptFiles > ole32.dll: OleFlushClipboard, OleUninitialize, OleInitialize, OleBuildVersion, CoRevokeClassObject, CoLockObjectExternal, CoCreateInstance, OleSetClipboard, WriteClassStg, OleNoteObjectVisible, StgCreateDocfile, OleSave, CreateFileMoniker, OleIsCurrentClipboard, CoRegisterClassObject, CLSIDFromString, OleDraw, WriteClassStm, CreateStreamOnHGlobal, ReleaseStgMedium, CreateDataAdviseHolder, WriteFmtUserTypeStg, StgOpenStorage, CreateOleAdviseHolder, GetRunningObjectTable, CreateBindCtx, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, OleCreateMenuDescriptor, OleDestroyMenuDescriptor, CoGetMalloc > MSACM32.dll: acmFormatSuggest, acmStreamOpen, acmStreamSize, acmStreamPrepareHeader, acmStreamConvert, acmStreamUnprepareHeader, acmStreamClose, acmFormatDetailsW, acmMetrics, acmFormatChooseW, acmFormatTagDetailsW > COMCTL32.dll: -, -, PropertySheetW ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%) sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Sound Recorder accessory original name: sndrec32.exe internal name: soundrec.exe file version.: 5.1.2600.0 (xpclient.010817-1148) comments.....: n/a<br>signers......: - signing date.: - verified.....: Unsigned -------- ComboFix 10-04-10.02 - MarkMcCloud 04/12/2010 16:22:34.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.841 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C} FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\Symantec c:\documents and settings\LocalService\Application Data\Symantec\Shared\MyProfile.UserProfile c:\documents and settings\NetworkService\Application Data\Symantec c:\documents and settings\NetworkService\Application Data\Symantec\Shared\MyProfile.UserProfile c:\winnt\sndrec32.exe . ((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 ))))))))))))))))))))))))))))))) . 2010-04-11 16:18 . 2010-04-11 16:18 -------- dc----w- c:\winnt\LastGood 2010-04-11 16:17 . 2010-04-11 16:17 -------- dc----w- c:\program files\Hawking 2010-04-09 20:26 . 2010-04-09 20:26 -------- dcsh--w- c:\documents and settings\NetworkService\IECompatCache 2010-04-09 19:26 . 2004-10-15 22:32 14568 -c--a-w- c:\winnt\system32\drivers\wg6n.sys 2010-04-09 19:26 . 2004-10-15 22:32 14568 -c--a-w- c:\winnt\system32\drivers\wg5n.sys 2010-04-09 19:26 . 2004-10-15 22:32 14568 -c--a-w- c:\winnt\system32\drivers\wg4n.sys 2010-04-09 19:26 . 2004-10-15 22:32 14568 -c--a-w- c:\winnt\system32\drivers\wg3n.sys 2010-04-09 19:26 . 2004-10-15 22:17 60496 -c--a-w- c:\winnt\system32\drivers\Teefer.sys 2010-04-09 19:26 . 2004-10-15 22:18 21075 -c--a-w- c:\winnt\system32\drivers\wpsdrvnt.sys 2010-04-09 19:26 . 2004-10-15 22:32 83096 -c--a-w- c:\winnt\system32\SSSensor.dll 2010-04-09 19:26 . 2010-04-09 19:26 -------- dc----w- c:\program files\Sygate 2010-04-09 19:24 . 2010-04-09 19:24 -------- dc----w- c:\winnt\Internet Logs 2010-04-01 11:53 . 2010-04-01 11:53 348160 -c--a-w- c:\winnt\system32\msvcr71.dll 2010-03-19 07:44 . 2010-03-19 07:46 862040 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2010-03-19 07:44 . 2010-03-19 07:44 15880 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2010-03-19 07:43 . 2010-03-19 07:44 206944 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2010-03-19 07:42 . 2010-03-19 07:43 390288 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2010-03-19 07:41 . 2010-03-19 07:41 537576 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2010-03-19 07:39 . 2010-03-19 07:40 389784 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-03-19 07:35 . 2010-03-19 07:38 163728 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2010-03-19 07:09 . 2010-03-19 07:13 6296864 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2010-03-19 07:08 . 2010-03-19 07:09 327000 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2010-03-19 07:08 . 2010-03-19 07:08 87496 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2010-03-19 07:05 . 2010-03-19 07:07 933120 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2010-03-19 07:01 . 2010-03-19 07:04 3803208 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-03-19 07:00 . 2010-03-19 07:01 816784 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2010-03-19 06:58 . 2010-03-19 07:00 823928 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-03-19 06:54 . 2010-03-19 06:58 1643272 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2010-03-19 06:51 . 2010-03-19 06:54 788880 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2010-03-19 06:48 . 2010-03-19 06:51 1181328 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-03-19 06:13 . 2009-12-02 13:19 64288 -c--a-w- c:\winnt\system32\drivers\Lbd.sys 2010-03-19 06:11 . 2010-03-19 06:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-03-19 06:11 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe 2010-03-19 02:53 . 2010-03-19 02:53 -------- dc----w- c:\program files\VS Revo Group . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-12 20:20 . 2010-02-15 12:12 -------- dc----w- c:\program files\Trillian 2010-04-12 20:10 . 2004-07-15 08:46 -------- dc----w- c:\program files\mIRC 2010-04-12 20:02 . 2004-07-15 10:49 -------- dc----w- c:\program files\wmconnect 2010-04-12 07:56 . 2004-07-15 08:53 -------- dc----w- c:\program files\GetRight 2010-04-11 20:41 . 2004-07-16 15:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-11 16:17 . 2004-04-15 15:36 -------- dc-h--w- c:\program files\InstallShield Installation Information 2010-04-11 08:06 . 2004-04-15 15:42 -------- dc----w- c:\program files\Common Files\Adobe 2010-04-11 01:44 . 2004-08-06 02:15 -------- dc----w- c:\program files\Java 2010-04-11 01:44 . 2004-08-06 01:53 -------- dc----w- c:\program files\Common Files\Java 2010-04-09 23:28 . 2008-12-02 00:46 411368 -c--a-w- c:\winnt\system32\deploytk.dll 2010-04-09 20:07 . 2009-11-16 00:16 -------- dc----w- c:\program files\Debugging Tools for Windows (x86) 2010-04-09 19:25 . 2007-11-17 09:45 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard 2010-04-09 18:09 . 2004-04-15 15:44 -------- dc----w- c:\program files\Common Files\Symantec Shared 2010-03-20 11:02 . 2008-02-28 19:49 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-03-19 06:10 . 2004-07-15 23:25 -------- dc----w- c:\program files\Lavasoft 2010-03-12 12:14 . 2005-02-07 13:11 4212 -c-ha-w- c:\winnt\system32\zllictbl.dat 2010-03-12 11:17 . 2007-04-08 10:41 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-12 10:52 . 2010-03-12 10:35 -------- dc----w- c:\documents and settings\All Users\Application Data\RegCure 2010-03-12 10:51 . 2010-03-12 10:34 -------- dc----w- c:\program files\RegCure 2010-03-12 09:37 . 2010-03-12 09:37 -------- dc----w- c:\documents and settings\Owner\Application Data\CheckPoint 2010-03-12 09:34 . 2010-03-12 09:28 -------- dc----w- c:\program files\SpywareBlaster 2010-03-01 02:04 . 2010-03-01 02:04 -------- dc----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-03-01 02:04 . 2010-03-01 02:04 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-01 02:04 . 2010-03-01 02:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-17 14:15 . 2010-02-17 14:15 61440 -c--a-w- c:\documents and settings\SusanCheetah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4a43ac7a-n\decora-sse.dll 2010-02-17 14:15 . 2010-02-17 14:15 12800 -c--a-w- c:\documents and settings\SusanCheetah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4a43ac7a-n\decora-d3d.dll 2010-02-17 13:50 . 2010-02-17 13:50 -------- dc----w- c:\documents and settings\SusanCheetah\Application Data\AdobeUM 2010-02-16 14:49 . 2010-02-16 14:33 57 -c--a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat 2010-02-16 14:40 . 2010-02-16 14:40 50 -c--a-w- c:\winnt\system32\bridf06a.dat 2010-02-16 14:38 . 2010-02-16 14:37 -------- dc----w- c:\program files\Brother 2010-02-16 14:37 . 2004-04-15 15:36 -------- dc----w- c:\program files\Common Files\InstallShield 2010-02-16 14:35 . 2010-02-16 14:35 -------- dc----w- c:\documents and settings\All Users\Application Data\InstallShield 2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\program files\Common Files\ScanSoft Shared 2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\program files\ScanSoft 2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft 2010-02-16 14:33 . 2010-02-16 14:33 -------- dc----w- c:\documents and settings\All Users\Application Data\Brother 2010-02-16 10:42 . 2010-02-16 10:42 -------- dc----w- c:\documents and settings\SusanCheetah\Application Data\Windows Search 2010-02-15 21:41 . 2009-04-01 08:06 -------- dc----w- c:\program files\Windows Live 2010-02-15 21:06 . 2008-08-20 00:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} 2010-02-15 11:59 . 2004-08-12 17:56 -------- dc----w- c:\program files\Mozilla Thunderbird 2010-02-14 18:52 . 2006-11-29 07:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation 2010-02-14 18:43 . 2004-10-16 01:14 -------- dc----w- c:\program files\Google 2010-02-14 18:36 . 2004-07-20 09:16 -------- dc----w- c:\program files\Audacity 2010-02-14 04:39 . 2004-07-15 08:49 -------- dc----w- c:\program files\Semagic 2010-01-31 02:58 . 2010-01-31 02:58 503808 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d76718d-n\msvcp71.dll 2010-01-31 02:58 . 2010-01-31 02:58 499712 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d76718d-n\jmc.dll 2010-01-31 02:58 . 2010-01-31 02:58 348160 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d76718d-n\msvcr71.dll 2010-01-28 12:50 . 2010-01-28 12:50 61440 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5f561f64-n\decora-sse.dll 2010-01-28 12:50 . 2010-01-28 12:50 12800 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5f561f64-n\decora-d3d.dll 2010-01-26 03:10 . 2010-01-26 03:10 532360 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-01-20 12:26 . 2005-10-30 12:24 12288 -csha-w- c:\program files\Thumbs.db 2005-10-05 21:45 . 2005-10-05 21:45 21 -c--a-w- c:\program files\AVPersonalAVWIN.INI . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-07 79872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2005-06-21 126976] "IgfxTray"="c:\winnt\system32\igfxtray.exe" [2005-01-23 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Hawking Wireless Utility.lnk - c:\program files\Hawking\HWU8DD\HWU8DD.exe [2010-4-11 483328] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\winnt\system32\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2005-01-31 19:13 49152 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk] backup=c:\winnt\pss\GetRight - Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk] backup=c:\winnt\pss\Hawking Wireless Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=c:\winnt\pss\Kodak EasyShare software.lnkCommon Startup path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk] backup=c:\winnt\pss\KODAK Picture Transfer Software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] backup=c:\winnt\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wal-Mart Connect Tray Icon.lnk] backup=c:\winnt\pss\Wal-Mart Connect Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] backup=c:\winnt\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\winnt\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk] backup=c:\winnt\pss\ZoneAlarm Pro.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PhoneBOT Tray Icon.lnk] backup=c:\winnt\pss\PhoneBOT Tray Icon.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^YouTube Uploader.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\YouTube Uploader.lnk backup=c:\winnt\pss\YouTube Uploader.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2003-03-26 17:15 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] 2004-08-10 15:37 61440 -c--a-w- c:\progra~1\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] 2006-03-28 20:48 622592 -c--a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] 2006-04-10 19:58 61440 -c--a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM] 2004-02-23 08:16 144896 -c--a-w- c:\program files\AIM\DeadAIM.ocm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] 2002-12-12 04:14 46592 -c--a-w- c:\winnt\system32\dxdllreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-11-02 10:21 133104 -c--atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2005-01-23 16:36 155648 -c--a-w- c:\winnt\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2005-03-17 19:45 40960 -c--a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 -c----w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2005-03-17 19:25 57393 -c--a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-02-01 03:13 385024 -c--a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2005-05-08 19:26 208941 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2005-01-26 23:02 49152 -c--a-w- c:\program files\Brother\Brmfl06a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2003-10-14 15:22 155648 -c--a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2005-05-08 19:26 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 -c--a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PhoneBOTService"=2 (0x2) "Bonjour Service"=2 (0x2) "SharedAccess"=2 (0x2) "wscsvc"=2 (0x2) "CiSvc"=3 (0x3) "gusvc"=3 (0x3) "IswSvc"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [3/19/2010 2:13 AM 64288] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/12/2009 10:27 AM 108289] R2 PackethSvc;Virtual NIC Service;c:\winnt\system32\PackethSvc.exe [7/15/2004 6:51 AM 64512] S1 ntiomin;ntiomin; [x] S1 rxp;rxp;\??\c:\winnt\system32\drivers\rxp.sys --> c:\winnt\system32\drivers\rxp.sys [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 9:19 AM 1181328] S2 ptssvc;ptssvc;c:\program files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [6/3/2006 12:36 PM 36864] S3 dsiarhwprog;dsiarhwprog;c:\winnt\system32\drivers\dsiarhwprog.sys [12/30/2009 6:49 PM 29184] S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?] S3 VtcDrv;Philips SA60xx Recovery Device;c:\winnt\system32\drivers\vtcdrv.sys [12/29/2007 6:17 PM 18560] S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\winnt\system32\drivers\ZD1211BU.sys [7/24/2007 5:59 PM 402432] --- Other Services/Drivers In Memory --- *NewlyCreated* - JAVAQUICKSTARTERSERVICE *NewlyCreated* - SMCSERVICE . Contents of the 'Scheduled Tasks' folder 2010-04-12 c:\winnt\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:00] 2010-04-12 c:\winnt\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:00] 2010-04-12 c:\winnt\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:00] 2010-04-12 c:\winnt\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:00] 2010-04-12 c:\winnt\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:00] 2010-04-12 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3899381452-335665265-84716132-1003.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 10:21] 2010-04-11 c:\winnt\Tasks\Install.job - c:\winnt\system32\Adobe\Shockwave 11\nssstub.exe [2010-04-11 03:05] . . ------- Supplementary Scan ------- . uStart Page = www.gateway.net/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 125.242.128.78:8080 uInternet Settings,ProxyOverride = *.local IE: &Block This Image (ABP) - e:\program files\Adblock Pro\blockimg.html IE: &Download All with FlashGet - e:\hard drive\Program Files\FlashGet\jc_all.htm IE: &Download with FlashGet - e:\hard drive\Program Files\FlashGet\jc_link.htm IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: Copy to Semagic - c:\program files\Semagic\copy.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Semagic - c:\program files\Semagic\link.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} Trusted Zone: adobe.com\www DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.livejournal.com/users/markmccloud/friends/ FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-04-12 16:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(696) c:\program files\Common Files\Stardock\mcpstub.dll . Completion time: 2010-04-12 16:37:09 ComboFix-quarantined-files.txt 2010-04-12 20:37 Pre-Run: 24,247,574,528 bytes free Post-Run: 24,365,428,736 bytes free - - End Of File - - DE0CE9AE1E5B93F94922212866DE4701
  3. I loaded Kaspersky at 4 PM yesterday and its still downloading its virus definitions. Started at about 89 MB, and it kept getting bigger from there (currently 149 MB). This is a 56k connection so it might take all night before kaspersky finishes updating itself. But in the meantime I will give you the combofix and dds logs you asked for. If Kaspersky hasn't finished downloading its updates by 7 AM, I'll just give up on that part. >_< As for Adobe Acrobat 5, that has been around on this computer since 2004 and as far as I can remember I haven't seen it used. ~~~~~~~~ ComboFix -------- ComboFix 10-04-10.02 - MarkMcCloud 04/11/2010 16:23:23.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.523 [GMT -4:00] Running from: h:\documents\Downloads\Cleanup\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C} FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\winnt\sndrec32.exe . ((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 ))))))))))))))))))))))))))))))) . 2010-04-11 16:18 . 2010-04-11 16:18 -------- dc----w- c:\winnt\LastGood 2010-04-11 16:17 . 2010-04-11 16:17 -------- dc----w- c:\program files\Hawking 2010-04-09 20:26 . 2010-04-09 20:26 -------- dcsh--w- c:\documents and settings\NetworkService\IECompatCache 2010-04-09 19:26 . 2004-10-15 22:32 14568 -c--a-w- c:\winnt\system32\drivers\wg6n.sys 2010-04-09 19:26 . 2004-10-15 22:32 14568 -c--a-w- c:\winnt\system32\drivers\wg5n.sys 2010-04-09 19:26 . 2004-10-15 22:32 14568 -c--a-w- c:\winnt\system32\drivers\wg4n.sys 2010-04-09 19:26 . 2004-10-15 22:32 14568 -c--a-w- c:\winnt\system32\drivers\wg3n.sys 2010-04-09 19:26 . 2004-10-15 22:17 60496 -c--a-w- c:\winnt\system32\drivers\Teefer.sys 2010-04-09 19:26 . 2004-10-15 22:18 21075 -c--a-w- c:\winnt\system32\drivers\wpsdrvnt.sys 2010-04-09 19:26 . 2004-10-15 22:32 83096 -c--a-w- c:\winnt\system32\SSSensor.dll 2010-04-09 19:26 . 2010-04-09 19:26 -------- dc----w- c:\program files\Sygate 2010-04-09 19:24 . 2010-04-09 19:24 -------- dc----w- c:\winnt\Internet Logs 2010-04-01 11:53 . 2010-04-01 11:53 348160 -c--a-w- c:\winnt\system32\msvcr71.dll 2010-03-19 07:44 . 2010-03-19 07:46 862040 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2010-03-19 07:44 . 2010-03-19 07:44 15880 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2010-03-19 07:43 . 2010-03-19 07:44 206944 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2010-03-19 07:42 . 2010-03-19 07:43 390288 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2010-03-19 07:41 . 2010-03-19 07:41 537576 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2010-03-19 07:39 . 2010-03-19 07:40 389784 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-03-19 07:35 . 2010-03-19 07:38 163728 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2010-03-19 07:09 . 2010-03-19 07:13 6296864 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2010-03-19 07:08 . 2010-03-19 07:09 327000 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2010-03-19 07:08 . 2010-03-19 07:08 87496 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2010-03-19 07:05 . 2010-03-19 07:07 933120 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2010-03-19 07:01 . 2010-03-19 07:04 3803208 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-03-19 07:00 . 2010-03-19 07:01 816784 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2010-03-19 06:58 . 2010-03-19 07:00 823928 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-03-19 06:54 . 2010-03-19 06:58 1643272 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2010-03-19 06:51 . 2010-03-19 06:54 788880 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2010-03-19 06:48 . 2010-03-19 06:51 1181328 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-03-19 06:13 . 2009-12-02 13:19 64288 -c--a-w- c:\winnt\system32\drivers\Lbd.sys 2010-03-19 06:11 . 2010-03-19 06:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-03-19 06:11 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe 2010-03-19 02:53 . 2010-03-19 02:53 -------- dc----w- c:\program files\VS Revo Group . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-11 20:19 . 2004-07-15 10:49 -------- dc----w- c:\program files\wmconnect 2010-04-11 17:08 . 2004-07-15 08:53 -------- dc----w- c:\program files\GetRight 2010-04-11 16:17 . 2004-04-15 15:36 -------- dc-h--w- c:\program files\InstallShield Installation Information 2010-04-11 08:06 . 2004-04-15 15:42 -------- dc----w- c:\program files\Common Files\Adobe 2010-04-11 02:13 . 2010-02-15 12:12 -------- dc----w- c:\program files\Trillian 2010-04-11 01:44 . 2004-08-06 02:15 -------- dc----w- c:\program files\Java 2010-04-11 01:44 . 2004-08-06 01:53 -------- dc----w- c:\program files\Common Files\Java 2010-04-11 01:19 . 2004-07-15 08:46 -------- dc----w- c:\program files\mIRC 2010-04-09 23:28 . 2008-12-02 00:46 411368 -c--a-w- c:\winnt\system32\deploytk.dll 2010-04-09 20:07 . 2009-11-16 00:16 -------- dc----w- c:\program files\Debugging Tools for Windows (x86) 2010-04-09 19:25 . 2007-11-17 09:45 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard 2010-04-09 18:09 . 2004-04-15 15:44 -------- dc----w- c:\program files\Common Files\Symantec Shared 2010-03-20 11:02 . 2008-02-28 19:49 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-03-19 06:10 . 2004-07-15 23:25 -------- dc----w- c:\program files\Lavasoft 2010-03-12 12:14 . 2005-02-07 13:11 4212 -c-ha-w- c:\winnt\system32\zllictbl.dat 2010-03-12 11:17 . 2007-04-08 10:41 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-12 10:52 . 2010-03-12 10:35 -------- dc----w- c:\documents and settings\All Users\Application Data\RegCure 2010-03-12 10:51 . 2010-03-12 10:34 -------- dc----w- c:\program files\RegCure 2010-03-12 09:37 . 2010-03-12 09:37 -------- dc----w- c:\documents and settings\Owner\Application Data\CheckPoint 2010-03-12 09:34 . 2010-03-12 09:28 -------- dc----w- c:\program files\SpywareBlaster 2010-03-01 02:04 . 2010-03-01 02:04 -------- dc----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-03-01 02:04 . 2010-03-01 02:04 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-01 02:04 . 2010-03-01 02:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-17 14:15 . 2010-02-17 14:15 61440 -c--a-w- c:\documents and settings\SusanCheetah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4a43ac7a-n\decora-sse.dll 2010-02-17 14:15 . 2010-02-17 14:15 12800 -c--a-w- c:\documents and settings\SusanCheetah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4a43ac7a-n\decora-d3d.dll 2010-02-17 13:50 . 2010-02-17 13:50 -------- dc----w- c:\documents and settings\SusanCheetah\Application Data\AdobeUM 2010-02-16 14:49 . 2010-02-16 14:33 57 -c--a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat 2010-02-16 14:40 . 2010-02-16 14:40 50 -c--a-w- c:\winnt\system32\bridf06a.dat 2010-02-16 14:38 . 2010-02-16 14:37 -------- dc----w- c:\program files\Brother 2010-02-16 14:37 . 2004-04-15 15:36 -------- dc----w- c:\program files\Common Files\InstallShield 2010-02-16 14:35 . 2010-02-16 14:35 -------- dc----w- c:\documents and settings\All Users\Application Data\InstallShield 2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\program files\Common Files\ScanSoft Shared 2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\program files\ScanSoft 2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft 2010-02-16 14:33 . 2010-02-16 14:33 -------- dc----w- c:\documents and settings\All Users\Application Data\Brother 2010-02-16 10:42 . 2010-02-16 10:42 -------- dc----w- c:\documents and settings\SusanCheetah\Application Data\Windows Search 2010-02-15 21:41 . 2009-04-01 08:06 -------- dc----w- c:\program files\Windows Live 2010-02-15 21:06 . 2008-08-20 00:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} 2010-02-15 11:59 . 2004-08-12 17:56 -------- dc----w- c:\program files\Mozilla Thunderbird 2010-02-14 18:52 . 2006-11-29 07:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation 2010-02-14 18:43 . 2004-10-16 01:14 -------- dc----w- c:\program files\Google 2010-02-14 18:36 . 2004-07-20 09:16 -------- dc----w- c:\program files\Audacity 2010-02-14 04:39 . 2004-07-15 08:49 -------- dc----w- c:\program files\Semagic 2010-02-11 12:11 . 2010-02-11 12:11 -------- dc----w- c:\documents and settings\Owner\Application Data\fofix 2010-01-31 02:58 . 2010-01-31 02:58 503808 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d76718d-n\msvcp71.dll 2010-01-31 02:58 . 2010-01-31 02:58 499712 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d76718d-n\jmc.dll 2010-01-31 02:58 . 2010-01-31 02:58 348160 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d76718d-n\msvcr71.dll 2010-01-28 12:50 . 2010-01-28 12:50 61440 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5f561f64-n\decora-sse.dll 2010-01-28 12:50 . 2010-01-28 12:50 12800 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5f561f64-n\decora-d3d.dll 2010-01-26 03:10 . 2010-01-26 03:10 532360 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-01-20 12:26 . 2005-10-30 12:24 12288 -csha-w- c:\program files\Thumbs.db 2005-10-05 21:45 . 2005-10-05 21:45 21 -c--a-w- c:\program files\AVPersonalAVWIN.INI . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-07 79872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2005-06-21 126976] "IgfxTray"="c:\winnt\system32\igfxtray.exe" [2005-01-23 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Hawking Wireless Utility.lnk - c:\program files\Hawking\HWU8DD\HWU8DD.exe [2010-4-11 483328] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\winnt\system32\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2005-01-31 19:13 49152 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk] backup=c:\winnt\pss\GetRight - Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk] backup=c:\winnt\pss\Hawking Wireless Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=c:\winnt\pss\Kodak EasyShare software.lnkCommon Startup path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk] backup=c:\winnt\pss\KODAK Picture Transfer Software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] backup=c:\winnt\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wal-Mart Connect Tray Icon.lnk] backup=c:\winnt\pss\Wal-Mart Connect Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] backup=c:\winnt\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\winnt\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk] backup=c:\winnt\pss\ZoneAlarm Pro.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PhoneBOT Tray Icon.lnk] backup=c:\winnt\pss\PhoneBOT Tray Icon.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^YouTube Uploader.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\YouTube Uploader.lnk backup=c:\winnt\pss\YouTube Uploader.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2003-03-26 17:15 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] 2004-08-10 15:37 61440 -c--a-w- c:\progra~1\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] 2006-03-28 20:48 622592 -c--a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] 2006-04-10 19:58 61440 -c--a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM] 2004-02-23 08:16 144896 -c--a-w- c:\program files\AIM\DeadAIM.ocm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] 2002-12-12 04:14 46592 -c--a-w- c:\winnt\system32\dxdllreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-11-02 10:21 133104 -c--atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2005-01-23 16:36 155648 -c--a-w- c:\winnt\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2005-03-17 19:45 40960 -c--a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 -c----w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2005-03-17 19:25 57393 -c--a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-02-01 03:13 385024 -c--a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2005-05-08 19:26 208941 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2005-01-26 23:02 49152 -c--a-w- c:\program files\Brother\Brmfl06a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2003-10-14 15:22 155648 -c--a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2005-05-08 19:26 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 -c--a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PhoneBOTService"=2 (0x2) "NPFMntor"=2 (0x2) "navapsvc"=3 (0x3) "Bonjour Service"=2 (0x2) "SPBBCSvc"=2 (0x2) "SNDSrvc"=3 (0x3) "SBService"=2 (0x2) "SAVScan"=3 (0x3) "ccPwdSvc"=3 (0x3) "SharedAccess"=2 (0x2) "wscsvc"=2 (0x2) "CiSvc"=3 (0x3) "gusvc"=3 (0x3) "IswSvc"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [3/19/2010 2:13 AM 64288] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/12/2009 10:27 AM 108289] R2 PackethSvc;Virtual NIC Service;c:\winnt\system32\PackethSvc.exe [7/15/2004 6:51 AM 64512] S1 ntiomin;ntiomin; [x] S1 rxp;rxp;\??\c:\winnt\system32\drivers\rxp.sys --> c:\winnt\system32\drivers\rxp.sys [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 9:19 AM 1181328] S2 ptssvc;ptssvc;c:\program files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [6/3/2006 12:36 PM 36864] S3 dsiarhwprog;dsiarhwprog;c:\winnt\system32\drivers\dsiarhwprog.sys [12/30/2009 6:49 PM 29184] S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?] S3 VtcDrv;Philips SA60xx Recovery Device;c:\winnt\system32\drivers\vtcdrv.sys [12/29/2007 6:17 PM 18560] S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\winnt\system32\drivers\ZD1211BU.sys [7/24/2007 5:59 PM 402432] --- Other Services/Drivers In Memory --- *NewlyCreated* - JAVAQUICKSTARTERSERVICE *NewlyCreated* - SMCSERVICE . Contents of the 'Scheduled Tasks' folder 2010-04-09 c:\winnt\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:00] 2010-04-09 c:\winnt\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:00] 2010-04-09 c:\winnt\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:00] 2010-04-09 c:\winnt\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:00] 2010-04-09 c:\winnt\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 07:00] 2010-03-01 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3899381452-335665265-84716132-1003.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 10:21] 2010-04-11 c:\winnt\Tasks\Install.job - c:\winnt\system32\Adobe\Shockwave 11\nssstub.exe [2010-04-11 03:05] . . ------- Supplementary Scan ------- . uStart Page = www.gateway.net/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 125.242.128.78:8080 uInternet Settings,ProxyOverride = *.local IE: &Block This Image (ABP) - e:\program files\Adblock Pro\blockimg.html IE: &Download All with FlashGet - e:\hard drive\Program Files\FlashGet\jc_all.htm IE: &Download with FlashGet - e:\hard drive\Program Files\FlashGet\jc_link.htm IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: Copy to Semagic - c:\program files\Semagic\copy.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Semagic - c:\program files\Semagic\link.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} Trusted Zone: adobe.com\www DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.livejournal.com/users/markmccloud/friends/ FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_05\bin\jusched.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-04-11 16:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINNT\\System32\\shell32.dll,15" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINNT\\system32\\SHELL32.dll,17" "{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINNT\\system32\\SHELL32.dll,17" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINNT\\system32\\shell32.dll,22" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINNT\\system32\\shell32.dll,23" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINNT\\system32\\shell32.dll,24" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINNT\\system32\\shell32.dll,-175" "{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINNT\\System32\\shell32.dll,-137" "{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINNT\\System32\\shell32.dll,-138" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINNT\\system32\\shell32.dll,38" "AudioCD"="c:\\WINNT\\System32\\shell32.dll,40" "{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINNT\\system32\\shell32.dll,220" "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINNT\\system32\\mydocs.dll,0" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINNT\\system32\\main.cpl,10" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINNT\\system32\\wiashext.dll,0" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINNT\\system32\\mstask.dll,-100" "{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINNT\\System32\\occache.dll,0" "{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0" "{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINNT\\System32\\shdocvw.dll,-20785" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINNT\\System32\\webcheck.dll,0" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINNT\\system32\\syncui.dll,0" "{871C5380-42A0-1069-A2EA-08002B30309D}"="shell32.dll,220" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(696) c:\program files\Common Files\Stardock\mcpstub.dll . Completion time: 2010-04-11 16:40:57 ComboFix-quarantined-files.txt 2010-04-11 20:40 Pre-Run: 24,306,323,456 bytes free Post-Run: 24,322,686,976 bytes free - - End Of File - - FC69EDEEAEC67E8A7D39CAC3B7915363 DDS -------- DDS (Ver_10-03-17.01) - NTFSx86 Run by MarkMcCloud at 1:35:21.00 on Mon 04/12/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.344 [GMT -4:00] AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C} FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} ============== Running Processes =============== C:\WINNT\system32\svchost -k DcomLaunch svchost.exe C:\WINNT\System32\svchost.exe -k netsvcs C:\WINNT\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINNT\System32\PackethSvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINNT\System32\svchost.exe -k HTTPFilter C:\WINNT\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINNT\wanmpsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINNT\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\AIM\aim.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINNT\explorer.exe C:\Program Files\wmconnect\wwm.exe C:\Program Files\MUSHclient\mushclient.exe C:\Program Files\simplemu\SimpleMU.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\Program Files\Java\jre6\bin\java.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\GetRight\getright.exe C:\Program Files\mIRC\mirc.exe I:\Downloads\Ragnarok Online\Blackout Ragnarok Online\Blackout RO.exe C:\WINNT\system32\SearchProtocolHost.exe C:\Documents and Settings\Owner\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = www.gateway.net/ uInternet Connection Wizard,ShellNext = iexplore mWinlogon: UIHost=c:\winnt\system32\logonuiX.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\hard drive\program files\flashget\jccatch.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - e:\hard drive\program files\flashget\getflash.dll BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - e:\program files\adblock pro\AdblockPro.dll TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [SansaDispatch] c:\documents and settings\owner\application data\sandisk\sansa updater\SansaDispatch.exe mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hawkin~1.lnk - c:\program files\hawking\hwu8dd\HWU8DD.exe IE: &Block This Image (ABP) - e:\program files\adblock pro\blockimg.html IE: &Download All with FlashGet - e:\hard drive\program files\flashget\jc_all.htm IE: &Download with FlashGet - e:\hard drive\program files\flashget\jc_link.htm IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: Copy to Semagic - c:\program files\semagic\copy.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Semagic - c:\program files\semagic\link.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\hard drive\program files\flashget\FlashGet.exe IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - e:\program files\adblock pro\AdblockPro.dll Trusted Zone: adobe.com\www DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxps://support.gateway.com/support/profiler//PCPitStop.CAB DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\gateway\do more\DoMoreRunExe.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/B/E/5BE645ED-2F2D-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1236859723968 DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263255474324 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258321201703 DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38183.1688773148 DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.verizon.net/checkmypc/includes/MotivePreQual.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://gameadvisor.futuremark.com/global/msc3121.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX22/download/kdx.cab TCP: {E3AC81BD-BB02-4841-9F0B-F9D2AE353A3E} = 205.188.146.145 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxsrvc.dll Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xksmcbvj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.livejournal.com/users/markmccloud/friends/ FF - component: c:\program files\paypal\paypal plug-in\components\PayPalPlugin.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPGetRt.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2010-3-19 64288] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-12 11608] R2 avgntflt;avgntflt;c:\winnt\system32\drivers\avgntflt.sys [2009-5-12 56816] S1 ntiomin;ntiomin; [x] S1 rxp;rxp;\??\c:\winnt\system32\drivers\rxp.sys --> c:\winnt\system32\drivers\rxp.sys [?] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\winnt\system32\drivers\BRGSp50.sys [2007-7-24 20608] S3 dsiarhwprog;dsiarhwprog;c:\winnt\system32\drivers\dsiarhwprog.sys [2009-12-30 29184] S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?] S3 VtcDrv;Philips SA60xx Recovery Device;c:\winnt\system32\drivers\vtcdrv.sys [2007-12-29 18560] S4 vsdatant;vsdatant; [x] =============== Created Last 30 ================ 2010-04-11 20:21:34 98816 -c--a-w- c:\winnt\sed.exe 2010-04-11 20:21:34 161792 -c--a-w- c:\winnt\SWREG.exe 2010-04-11 20:21:15 0 dc----w- C:\ComboFix 2010-04-11 16:17:38 0 dc----w- c:\program files\Hawking 2010-04-09 19:26:28 14568 -c--a-w- c:\winnt\system32\drivers\wg6n.sys 2010-04-09 19:26:28 14568 -c--a-w- c:\winnt\system32\drivers\wg5n.sys 2010-04-09 19:26:27 14568 -c--a-w- c:\winnt\system32\drivers\wg4n.sys 2010-04-09 19:26:27 14568 -c--a-w- c:\winnt\system32\drivers\wg3n.sys 2010-04-09 19:26:26 60496 -c--a-w- c:\winnt\system32\drivers\Teefer.sys 2010-04-09 19:26:25 21075 -c--a-w- c:\winnt\system32\drivers\wpsdrvnt.sys 2010-04-09 19:26:15 83096 -c--a-w- c:\winnt\system32\SSSensor.dll 2010-04-09 19:26:08 0 dc----w- c:\program files\Sygate 2010-04-09 19:24:03 0 dc----w- c:\winnt\Internet Logs 2010-04-01 11:53:54 348160 -c--a-w- c:\winnt\system32\msvcr71.dll 2010-03-19 06:13:24 64288 -c--a-w- c:\winnt\system32\drivers\Lbd.sys 2010-03-19 06:11:45 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-03-19 02:53:08 0 dc----w- c:\program files\VS Revo Group ==================== Find3M ==================== 2010-04-09 23:28:19 411368 -c--a-w- c:\winnt\system32\deploytk.dll 2010-03-12 22:02:38 261632 -c--a-w- c:\winnt\PEV.exe 2010-03-12 12:14:22 4212 -c-ha-w- c:\winnt\system32\zllictbl.dat 2010-01-20 12:26:54 12288 -csha-w- c:\program files\Thumbs.db 2006-07-02 03:35:37 112 -c-ha-w- c:\program files\Desktop.ini 2005-10-05 21:45:08 21 -c--a-w- c:\program files\AVPersonalAVWIN.INI 2009-05-22 22:28:13 32768 -csha-w- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052220090523\index.dat ============= FINISH: 1:38:59.48 ===============
  4. DDS.Txt -------- DDS (Ver_10-03-17.01) - NTFSx86 Run by MarkMcCloud at 19:31:48.18 on Fri 04/09/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.522 [GMT -4:00] AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C} FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} ============== Running Processes =============== C:\WINNT\system32\svchost -k DcomLaunch svchost.exe C:\WINNT\System32\svchost.exe -k netsvcs C:\WINNT\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Sygate\SPF\smc.exe svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINNT\System32\PackethSvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINNT\System32\DRIVERS\dcfssvc.exe C:\WINNT\System32\svchost.exe -k HTTPFilter C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe C:\WINNT\system32\slserv.exe C:\WINNT\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINNT\wanmpsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINNT\Explorer.EXE C:\WINNT\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\Program Files\wmconnect\wwm.exe C:\WINNT\system32\slrundll.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\MUSHclient\mushclient.exe C:\Program Files\Trillian\trillian.exe C:\WINNT\system32\msiexec.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\GetRight\GetRight.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Documents and Settings\Owner\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = www.gateway.net/ uInternet Connection Wizard,ShellNext = iexplore mWinlogon: UIHost=c:\winnt\system32\logonuiX.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\hard drive\program files\flashget\jccatch.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - e:\hard drive\program files\flashget\getflash.dll BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - e:\program files\adblock pro\AdblockPro.dll TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [SansaDispatch] c:\documents and settings\owner\application data\sandisk\sansa updater\SansaDispatch.exe mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" IE: &Block This Image (ABP) - e:\program files\adblock pro\blockimg.html IE: &Download All with FlashGet - e:\hard drive\program files\flashget\jc_all.htm IE: &Download with FlashGet - e:\hard drive\program files\flashget\jc_link.htm IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: Copy to Semagic - c:\program files\semagic\copy.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Semagic - c:\program files\semagic\link.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\hard drive\program files\flashget\FlashGet.exe IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - e:\program files\adblock pro\AdblockPro.dll Trusted Zone: adobe.com\www DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxps://support.gateway.com/support/profiler//PCPitStop.CAB DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\gateway\do more\DoMoreRunExe.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/B/E/5BE645ED-2F2D-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1236859723968 DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263255474324 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258321201703 DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38183.1688773148 DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.verizon.net/checkmypc/includes/MotivePreQual.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://gameadvisor.futuremark.com/global/msc3121.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://i.grab.com/media/3ef815/games/files/663/popcaploader_v6.cab DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX22/download/kdx.cab TCP: {E3AC81BD-BB02-4841-9F0B-F9D2AE353A3E} = 205.188.146.145 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxsrvc.dll Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xksmcbvj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.livejournal.com/users/markmccloud/friends/ FF - component: c:\program files\paypal\paypal plug-in\components\PayPalPlugin.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPGetRt.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2010-3-19 64288] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-12 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-12 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-12 185089] R2 avgntflt;avgntflt;c:\winnt\system32\drivers\avgntflt.sys [2009-5-12 56816] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328] R2 PackethSvc;Virtual NIC Service;c:\winnt\system32\PackethSvc.exe [2004-7-15 64512] R2 ptssvc;ptssvc;c:\program files\kodak\kodak picture transfer software\PTSsvc.exe [2006-6-3 36864] S1 ntiomin;ntiomin; [x] S1 rxp;rxp;\??\c:\winnt\system32\drivers\rxp.sys --> c:\winnt\system32\drivers\rxp.sys [?] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\winnt\system32\drivers\BRGSp50.sys [2007-7-24 20608] S3 dsiarhwprog;dsiarhwprog;c:\winnt\system32\drivers\dsiarhwprog.sys [2009-12-30 29184] S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?] S3 VtcDrv;Philips SA60xx Recovery Device;c:\winnt\system32\drivers\vtcdrv.sys [2007-12-29 18560] S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\winnt\system32\drivers\ZD1211BU.sys [2007-7-24 402432] S4 vsdatant;vsdatant; [x] =============== Created Last 30 ================ 2010-04-09 19:26:28 14568 -c--a-w- c:\winnt\system32\drivers\wg6n.sys 2010-04-09 19:26:28 14568 -c--a-w- c:\winnt\system32\drivers\wg5n.sys 2010-04-09 19:26:27 14568 -c--a-w- c:\winnt\system32\drivers\wg4n.sys 2010-04-09 19:26:27 14568 -c--a-w- c:\winnt\system32\drivers\wg3n.sys 2010-04-09 19:26:26 60496 -c--a-w- c:\winnt\system32\drivers\Teefer.sys 2010-04-09 19:26:25 21075 -c--a-w- c:\winnt\system32\drivers\wpsdrvnt.sys 2010-04-09 19:26:15 83096 -c--a-w- c:\winnt\system32\SSSensor.dll 2010-04-09 19:26:08 0 dc----w- c:\program files\Sygate 2010-04-09 19:24:03 0 dc----w- c:\winnt\Internet Logs 2010-03-19 06:13:24 64288 -c--a-w- c:\winnt\system32\drivers\Lbd.sys 2010-03-19 06:11:45 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-03-19 02:53:08 0 dc----w- c:\program files\VS Revo Group 2010-03-12 10:35:01 0 dc----w- c:\docume~1\alluse~1\applic~1\RegCure 2010-03-12 09:37:02 0 dc----w- c:\docume~1\owner\applic~1\CheckPoint 2010-03-12 09:28:08 0 dc----w- c:\program files\SpywareBlaster 2010-03-11 22:49:12 0 dc----w- C:\ComboFix ==================== Find3M ==================== 2010-04-09 23:28:19 411368 -c--a-w- c:\winnt\system32\deploytk.dll 2010-03-12 12:14:22 4212 -c-ha-w- c:\winnt\system32\zllictbl.dat 2010-01-20 12:26:54 12288 -csha-w- c:\program files\Thumbs.db 2006-07-02 03:35:37 112 -c-ha-w- c:\program files\Desktop.ini 2005-10-05 21:45:08 21 -c--a-w- c:\program files\AVPersonalAVWIN.INI 2009-05-22 22:28:13 32768 -csha-w- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052220090523\index.dat ============= FINISH: 19:34:29.90 =============== Attach.txt -------- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 7/15/2004 12:19:45 AM System Uptime: 4/9/2010 3:58:35 PM (4 hours ago) Motherboard: Intel Corporation | | D845GVSR Processor: Intel® Celeron® CPU 2.60GHz | J2E1 | 2599/100mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 37 GiB total, 22.465 GiB free. D: is CDROM () H: is Removable I: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel® PRO/100 VE Network Connection Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_2010107B&REV_82\4&29817089&0&40F0 Manufacturer: Intel Name: Intel® PRO/100 VE Network Connection PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_2010107B&REV_82\4&29817089&0&40F0 Service: E100B ==== System Restore Points =================== RP1158: 4/9/2010 2:00:59 PM - Spybot-S&D Spyware removal RP1159: 4/9/2010 3:26:00 PM - Installed Sygate Personal Firewall RP1160: 4/9/2010 7:26:39 PM - Removed Java(tm) 6 Update 10 RP1161: 4/9/2010 7:28:05 PM - Installed Java(tm) 6 Update 19 ==== Installed Programs ====================== Sansa Media Converter AAC Decoder ActivePerl 5.8.6 Build 811 Ad-Aware Adobe Acrobat 5.0 Adobe Flash Player 10 Plugin Adobe Reader 9.3 Adobe Shockwave Player Adobe SVG Viewer 3.0 AOL Coach Version 1.0(Build:20020929.1) AOL Instant Messenger AOL Uninstaller (Choose which Products to Remove) AutoUpdate Avira AntiVir Personal - Free Antivirus Bink and Smacker Bonjour Brother MFL-Pro Suite CCScore Combined Community Codec Pack 2008-09-21 16:18 Compatibility Pack for the 2007 Office system ConvertHelper 2.1 Critical Update for Windows Media Player 11 (KB959772) DeadAIM Debugging Tools for Windows (x86) DivX Codec DivX Converter DivX Plus DirectShow Filters DivX Version Checker Do More 7.0 DVD Easy CD Creator 5 Basic ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSSONIC ESSTOOLS essvatgt ffdshow [rev 1193] [2007-05-22] fflink FoxyTunes for Firefox Futuremark Measurement Services Client GetRight GHPD Offline Pokedex 4.0 H.264 Decoder HighMAT Extension to Microsoft Windows XP CD Writing Wizard Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) IconPackager Impulse Intel® Extreme Graphics Driver Intel® PRO Network Connections Drivers Intel® PROSet InterActual Player Internet Explorer Q903235 IrfanView (remove only) Java 2 Runtime Environment, SE v1.4.2_05 Java Auto Updater Java(tm) 6 Update 19 Java(tm) 6 Update 5 Java(tm) 6 Update 7 Java(tm) SE Runtime Environment 6 Just Great Software EditPad Lite 6.5.2 K-Lite Codec Pack 2.27 Full kgcbase KODAK Camera Connection Software Help Kodak EasyShare software Magnifier Powertoy for Windows XP Malwarebytes' Anti-Malware Media Converter for Philips Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Live Add-in 1.4 Microsoft Office Standard Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works 7.0 mIRC MKV Splitter MozBackup 1.4.10 Mozilla Firefox (3.5.8) Mozilla Thunderbird (3.0.1) Mplayer.com MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) MUSHclient (remove only) netbrdg Netscape Connect OfotoXMI PaperPort PayPal Plug-In PC-Doctor for Windows Project64 1.6 QuickTime Ragnarok Online Ragnarok Sakray RealPlayer Realtek AC'97 Audio RegCure Revo Uninstaller 1.85 SA60xx Device Manager Sansa Updater Secure Delivery Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Semagic (remove only) SFR Shareaza 2.3.1.0 SHASTA SimpleMU MUD Client skin0001 SKINXSDK Skypeâ„¢ Beta 4.0 Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 SpyHunter SpywareBlaster 4.2 Stardock Central staticcr Sygate Personal Firewall The Configurator 0.25.01 tooltips TransBar Trillian Tweak UI Unlocker 1.8.8 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB969497) Update for Windows Internet Explorer 8 (KB971930) Update for Windows Internet Explorer 8 (KB972636) Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976749) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951618-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.762 Ventrilo Client Viewpoint Media Player Virtual Desktop Manager Powertoy for Windows XP VPRINTOL WebFldrs XP Winamp Windows Blaster Worm Removal Tool (KB833330) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live ID Sign-in Assistant Windows Live OneCare safety scanner Windows Live Sync Windows Live Upload Tool Windows Media Connect Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Search 4.0 Windows Vista Sounds Pack Windows XP Service Pack 3 WinRAR archiver WIRELESS Witty Xbox 360 Controller for Windows XML Paper Specification Shared Components Pack 1.0 ==== Event Viewer Messages From Past Week ======== 4/9/2010 7:32:01 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0. 4/9/2010 4:02:33 PM, error: System Error [1003] - Error code 100000d1, parameter1 f3201f48, parameter2 00000002, parameter3 00000000, parameter4 b0bc4c9d. 4/9/2010 3:28:36 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 4/9/2010 3:28:36 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. . 4/9/2010 3:28:36 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 4/9/2010 3:26:27 PM, error: Service Control Manager [7000] - The Microsoft TV/Video Connection service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/9/2010 3:26:27 PM, error: Service Control Manager [7000] - The Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/9/2010 3:25:07 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service. 4/9/2010 3:21:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 4/9/2010 3:07:15 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found. 4/9/2010 3:00:55 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 4/9/2010 2:30:55 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 4/9/2010 2:16:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ntiomin rxp ==== End Of File ===========================
  5. Done. Ran a scan and it still won't let me view the detected files for removal. Whats new this time is that on top of the "hang", it now reports a "Microsoft Visual C++ Runtime Library" Runtime Error in Ad-Aware.exe. [quote]Runtime Error! Program: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe abnormal program termination[/quote] And there isn't any crash dump files from this either. The scan logs still say that its "not in idle state" when I try to view the detections. Installed Sygate Personal Firewall. That one works so far. Edit: If this is of any help at all, the specifications for tis computer where Ad-Aware is throwing a fit is posted here. Manufacturer: Gateway Model: 310s Series OS: Windows XP Home (SP3) CPU: Intel Celeron 2.6 GHz Single Core RAM: 1.25 GB
  6. [quote name='Ltangelic' post='118620' date='Apr 4 2010, 05:43 AM']Hi Avanguard, If you have a paid version of Ad-Aware, you should go [url="http://www.lavasoftsupport.com/index.php?showforum=46"]here[/url] and consult their customer support staff. I don't know why Ad Aware is causing these problems, did you try to uninstall and reinstall it? As for firewalls, do try Sygate and Comodo and see how they work. [/quote] Twice. Once with a full clean uninstall using that "add/remove programs" alternative I saw mentioned elsewhere in the forums. Of course it ended up auto-updating itself afterward. And unfortunately no I do not have a paid version of Ad-Aware. I'll go look Comodo up on goggle, but I can tell you that so far Sygate doesn't exist anymore, it got merged into Symantec's stuff and you have to buy a subscription to their Norton Internet Security suite to get it (so I have to go find the last version they made before the merge).
  7. [quote name='Ltangelic' post='118530' date='Apr 2 2010, 07:03 AM']I am really sorry for the delay, somehow my email notification has not worked as it should. Do you still need help?[/quote] That's okay, mine doesn't tell me either, so I have to check for replies directly. Anyway, do you think an older version of Ad-Aware would help, since the current version keeps flaking out on me? Such as reverting to Ad-Aware 2007/2008? And would anyone happen to know of a firewall that plays nice with AOL ISP client off-shoots (Netscape Connect)?
  8. [quote name='Ltangelic' post='118530' date='Apr 2 2010, 07:03 AM']I am really sorry for the delay, somehow my email notification has not worked as it should. Do you still need help?[/quote] That's okay, mine doesn't tell me either, so I have to check for replies directly. Anyway, do you think an older version of Ad-Aware would help, since the current version keeps flaking out on me? Such as reverting to Ad-Aware 2007/2008? And would anyone happen to know of a firewall that plays nice with AOL ISP client off-shoots (Netscape Connect)?
  9. Thank you. I'll keep it brief. :) I tried the firewalls, particularly Zone Alarm. I found out that firewalls don't play nice with my ISP's connection software client. It in fact makes it near impossible to connect to the internet. My ISP's tech support line said to just disable it. I've updated adobe reader, added in SpywareBlaster, and already use FireFox (since version 0.8). Ad-Aware insists there's now at least 62 detections when it does a smart scan but it still hangs and locks up when it tries to display them. So unfortunately I don't have a clue what to do anymore. But I did put some of the suggestions in this thread to use.
  10. [quote name='visitor' post='118149' date='Mar 19 2010, 02:46 PM']Getting the detection icon is suspicious, yet you've gotten the all clear in the HJT forum. Have you tried my suggestion of disabling most processes, especially Avira? I have a feeling you're getting a conflict. Since 8.1 is what caused the problems, so you might try 8.0.7 or give 8.2 another try since they just released update 8.2.1. I use Anniversary Edition 8.0.3 -it lacks a lot of the newer features, but it works. The new 8.2.1 automatically deactivates Ad-Watch when it detects another security program.[/quote] There's only three proccesses running when I scan. My ISP client, a telnet client, and Firefox. This excludes Avira's auto-guard, as that's a background prccess that is usually silent. Since the scan is run offline, there is practically 0 CPU* usage. I'll try to get both 8.0.7 and 8.2.1 downloaded when I get to a library since they're both "big" and my download speed is abysmal at home. I'll start with 8.2.1 first and if it still locks up (after unloading Avira), I'll step down to 8.0.7. * - When it scans and becomes stuck it spikes up to 100% and stays there. Edit: Even tried running it without even the ISP client running (just Ad Aware in the task manager). Nothing. It finds 62 detections and it still gets stuck. Plus it auto-updated itself to 8.2.4 and still got shung up somewhere. Today's scan log: ERR [2872] 2010/03/20 05:59:43: SDKController::GetInfectionList -> Not in found infections state ERR [2872] 2010/03/20 05:59:43: SDKController::GetCurrentScanInfo -> SDK is idle MSG [2872] 2010/03/20 05:59:43: Configure new scan with profile: smart MSG [2872] 2010/03/20 05:59:43: -> scanning critical objects MSG [2872] 2010/03/20 05:59:43: -> scanning running processes MSG [2872] 2010/03/20 05:59:43: -> scanning registry MSG [2872] 2010/03/20 05:59:43: -> scanning lsp MSG [2872] 2010/03/20 05:59:43: -> scanning browser hijacks MSG [2872] 2010/03/20 05:59:43: -> scanning cookies MSG [2872] 2010/03/20 05:59:43: -> neutralizing rootkits MSG [2872] 2010/03/20 05:59:43: -> use mild rootkit detection MSG [2872] 2010/03/20 05:59:43: -> use spyware heuristics MSG [2872] 2010/03/20 05:59:43: -> use medium heuristics MSG [2872] 2010/03/20 05:59:43: -> scan only executables MSG [2872] 2010/03/20 05:59:43: -> file size limit = 20480 kB (0 = unlimited) MSG [0924] 2010/03/20 06:09:35: Scan was completed in 592 seconds MSG [0924] 2010/03/20 06:09:35: Objects processed: 20050, infections detected: 62 ERR [2872] 2010/03/20 06:22:40: SDKController::GetQuarantineList -> Not in idle state ERR [2872] 2010/03/20 06:22:40: SDKController::GetWhiteList -> Not in idle state ERR [2872] 2010/03/20 06:26:33: SDKController::GetQuarantineList -> Not in idle state ERR [2872] 2010/03/20 06:26:33: SDKController::GetWhiteList -> Not in idle state
  11. [quote name='visitor' post='117897' date='Mar 11 2010, 10:20 PM']Since Ad-Aware 8.2 has been released since you first started posting, you could try it, but it's more buggy than 8.1. I'd recommend 8.1 or even Anniversary Edition 8.0 which succeeded your prior 2008 version. 8.1 [url="http://download.lavasoft.com/public/81/Ad-AwareInstallation.exe"]http://download.lavasoft.com/public/81/Ad-...nstallation.exe[/url] 8.0.7 [url="http://filehippo.com/download_ad-aware/5878/"]http://filehippo.com/download_ad-aware/5878/[/url] Do a clean uninstall with Revo Free Uninstaller (revouninstaller.com) on the highest setting and after uninstall, let it remove all remnants. Then after 8.1/8.0 installs, turn off auto-updates so it doesn't update past 8.1.4/8.0.8 Also, since you have an older system with a lot of apps installed, try shutting down as many as possible to see if that helps so Ad-Aware isn't competing for resources. Especially try temporarily shutting down Ad-Watch and Avira's real-time protection.[/quote] I used 8.1. Used the revo, reinstalled, rebooted, scanned... And bam. It locked up again with the tray icon showing the yellow ! triangle of a detection. Like before, the CPU usage of AdAware spikes sharply to the ceiling when it gets stuck like this. Restarting the progream and its proccesses results in the "unexpected error" screen.
  12. Okay so I went through the motions in the HTJ area of these forums. They couldn't find anything to explain why it was jamming up and suggested contacting Lavasoft directly, except that since I use AdAware Free, I can't get support from them (without coughing up $$$ for a Pro version). So I'm kind of stuck. I'm going to try reinstalling again and see how that works out.
  13. [quote name='Ltangelic' post='117777' date='Mar 7 2010, 11:24 PM']Hey [b]Avanguard[/b], Your logs look clean. I think Ad Aware problem is not likely to have been caused by malware. Are there any more issues you would like to raise before I post the prevention speech? [/quote] If the logs are clean, then why do you suppose Ad-Aware keeps locking up when I try to view its detection report? Should I go through the headache of re-downloading it, uninstalling again, and reinstalling? Is there a surefire way to get it to work like it is supposed to as opposed to locking up? Though downloading it will be a headache either way. The internet connection has been very unstable since last december. It diconnected me 15 times just trying to post this reply.
  14. [quote name='Ltangelic' post='117719' date='Mar 6 2010, 03:57 AM']Hey, How is your computer doing?[/quote] I haven't tried to run the Ad-Aware yet, paranoid that it might lock up on me again. But other than the scans taking quite some time to perform (its about 8 years old), it hasn't complained too much. I'm gonna try to restore some of the items the scans have flagged (like mIRC) once I find out why Ad-Aware is locking up.
  15. The Kaspersky took the most time. 56k internet connections don't blend well with online virus scans. Logs will follow and may take more than one post, starting with the fresh OTS. ~~~~~~~~~~ OTS OTS logfile created on: 3/6/2010 2:29:10 AM - Run 2 OTS by OldTimer - Version 3.1.22.1 Folder = H:\Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 39.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 37.27 Gb Total Space | 22.41 Gb Free Space | 60.14% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 988.73 Mb Total Space | 924.25 Mb Free Space | 93.48% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: LYNDIS Current User Name: MarkMcCloud Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] scanningprocess.exe -> C:\Documents and Settings\Owner\Local Settings\temp\jkos-MarkMcCloud\binaries\ScanningProcess.exe -> [2010/03/05 05:22:39 | 000,139,264 | ---- | M] (Kaspersky Lab.) ots.exe -> H:\Documents\Downloads\OTS.exe -> [2010/02/23 06:37:44 | 000,632,832 | ---- | M] (OldTimer Tools) aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/01/30 22:33:04 | 001,181,328 | ---- | M] (Lavasoft) jusched.exe -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/12/22 12:41:29 | 000,908,248 | ---- | M] (Mozilla Corporation) jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) java.exe -> C:\Program Files\Java\jre6\bin\java.exe -> [2009/12/17 17:14:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/09/11 21:12:57 | 000,185,089 | ---- | M] (Avira GmbH) sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/06/27 03:12:26 | 000,108,289 | ---- | M] (Avira GmbH) sansadispatch.exe -> C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe -> [2009/04/07 18:37:15 | 000,079,872 | ---- | M] (SanDisk Corporation) rbroker.exe -> C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe -> [2009/04/01 11:53:08 | 000,107,008 | ---- | M] () wlidsvc.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) wlidsvcm.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE -> [2009/03/30 15:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) mushclient.exe -> C:\Program Files\MUSHclient\mushclient.exe -> [2009/02/22 21:13:26 | 002,605,056 | ---- | M] (Gammon Software Solutions) getright.exe -> C:\Program Files\GetRight\GetRight.exe -> [2008/06/23 13:50:46 | 004,694,296 | ---- | M] (Headlight Software, Inc.) slrundll.exe -> C:\WINNT\system32\slrundll.exe -> [2008/04/13 19:12:35 | 000,032,866 | ---- | M] (Smart Link) explorer.exe -> C:\WINNT\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) hkcmd.exe -> C:\WINNT\system32\hkcmd.exe -> [2005/06/21 15:44:34 | 000,126,976 | ---- | M] (Intel Corporation) sdmcp.exe -> C:\Program Files\Common Files\Stardock\SDMCP.exe -> [2005/05/10 12:31:22 | 000,241,664 | ---- | M] (Stardock) slserv.exe -> C:\WINNT\system32\slserv.exe -> [2004/01/08 15:41:40 | 000,073,796 | ---- | M] (Smart Link) wanmpsvc.exe -> C:\WINNT\wanmpsvc.exe -> [2003/04/02 13:09:44 | 000,065,536 | ---- | M] (America Online, Inc.) simplemu.exe -> C:\Program Files\simplemu\SimpleMU.exe -> [2002/12/08 15:48:50 | 000,824,832 | ---- | M] (Kathleen MacMahon) unsecapp.exe -> C:\WINNT\system32\wbem\unsecapp.exe -> [2002/08/29 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) wwm.exe -> C:\Program Files\wmconnect\wwm.exe -> [2001/10/26 14:18:10 | 000,151,615 | ---- | M] (America Online, Inc.) packethsvc.exe -> C:\WINNT\system32\PackethSvc.exe -> [2001/08/09 14:46:44 | 000,064,512 | -H-- | M] (America Online, Inc.) dcfssvc.exe -> C:\WINNT\system32\drivers\dcfssvc.exe -> [2001/06/11 10:59:04 | 000,159,806 | ---- | M] (Eastman Kodak Company) ptssvc.exe -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [2001/01/31 16:41:32 | 000,036,864 | ---- | M] () [Modules - Safe List] ots.exe -> H:\Documents\Downloads\OTS.exe -> [2010/02/23 06:37:44 | 000,632,832 | ---- | M] (OldTimer Tools) serwvdrv.dll -> C:\WINNT\system32\serwvdrv.dll -> [2002/08/29 07:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) umdmxfrm.dll -> C:\WINNT\system32\umdmxfrm.dll -> [2002/08/29 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/01/30 22:33:04 | 001,181,328 | ---- | M] (Lavasoft) (JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) (AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/09/11 21:12:57 | 000,185,089 | ---- | M] (Avira GmbH) (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/06/27 03:12:26 | 000,108,289 | ---- | M] (Avira GmbH) (wlidsvc) Windows Live ID Sign-in Assistant [Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) (gusvc) Google Updater Service [Disabled | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/04/07 18:16:26 | 000,136,120 | ---- | M] (Google) (Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -> [2005/08/07 07:38:11 | 000,068,096 | ---- | M] () (IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) (SLService) SmartLinkService [Auto | Running] -> C:\WINNT\System32\slserv.exe -> [2004/01/08 15:41:40 | 000,073,796 | ---- | M] (Smart Link) (ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) (WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINNT\wanmpsvc.exe -> [2003/04/02 13:09:44 | 000,065,536 | ---- | M] (America Online, Inc.) (NetSvc) Intel NCS NetService [On_Demand | Stopped] -> C:\Program Files\Intel\NCS\Sync\NetSvc.exe -> [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) (PackethSvc) Virtual NIC Service [Auto | Running] -> C:\WINNT\system32\PackethSvc.exe -> [2001/08/09 14:46:44 | 000,064,512 | -H-- | M] (America Online, Inc.) (Dcfssvc) Dcfssvc [Auto | Running] -> C:\WINNT\system32\drivers\dcfssvc.exe -> [2001/06/11 10:59:04 | 000,159,806 | ---- | M] (Eastman Kodak Company) (ptssvc) ptssvc [Auto | Running] -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [2001/01/31 16:41:32 | 000,036,864 | ---- | M] () [Driver Services - Safe List] (avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINNT\system32\drivers\avgntflt.sys -> [2009/12/16 02:00:35 | 000,056,816 | ---- | M] (Avira GmbH) (Lbd) Lbd [File_System | Boot | Running] -> C:\WINNT\system32\DRIVERS\Lbd.sys -> [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) (ssmdrv) ssmdrv [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ssmdrv.sys -> [2009/06/27 03:12:26 | 000,028,520 | ---- | M] (Avira GmbH) (avipbb) avipbb [Kernel | System | Running] -> C:\WINNT\system32\drivers\avipbb.sys -> [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) (avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\PxHelp20.sys -> [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\alcxwdm.sys -> [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) (tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\tmcomm.sys -> [2008/04/23 23:46:41 | 000,102,664 | ---- | M] (Trend Micro Inc.) (Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (VtcDrv) Philips SA60xx Recovery Device [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\vtcdrv.sys -> [2007/07/07 10:58:50 | 000,018,560 | ---- | M] (Windows ® Codename Longhorn DDK provider) (dsiarhwprog) dsiarhwprog [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\dsiarhwprog.sys -> [2007/02/08 08:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) (Cdralw2k) Cdralw2k [Kernel | System | Running] -> C:\WINNT\system32\drivers\cdralw2k.sys -> [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) (Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINNT\system32\drivers\cdr4_xp.sys -> [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) (xnacc) Microsoft Common Controller For Windows Driver Service [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\xnacc.sys -> [2006/06/01 14:15:20 | 000,509,440 | ---- | M] (Microsoft Corporation) (ZD1211BU(Hawking)) Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ZD1211BU.sys -> [2005/10/28 10:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) (BRGSp50) BRGSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\BRGSp50.sys -> [2005/06/08 17:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (E100B) Intel® PRO Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\e100b325.sys -> [2005/03/04 08:10:38 | 000,157,696 | ---- | M] (Intel Corporation) (ialm) ialm [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\ialmnt5.sys -> [2005/01/23 12:05:06 | 000,804,317 | ---- | M] (Intel Corporation) (ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\Entech.sys -> [2004/10/25 19:02:00 | 000,021,664 | ---- | M] (EnTech Taiwan) (ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ZDPSp50.sys -> [2004/10/25 12:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\BrScnUsb.sys -> [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) (nv) nv [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\nv4_mini.sys -> [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) (Slntamr) Smart Link 56K Modem Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slntamr.sys -> [2004/04/01 07:56:00 | 000,404,990 | ---- | M] (Smart Link) (Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\mtlmnt5.sys -> [2004/04/01 07:56:00 | 000,126,686 | ---- | M] (Smart Link) (NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ntmtlfax.sys -> [2004/01/28 15:37:46 | 000,180,360 | ---- | M] (Smart Link) (SlNtHal) SlNtHal [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slnthal.sys -> [2004/01/28 15:26:28 | 000,095,424 | ---- | M] (Smart Link) (Mtlstrm) Mtlstrm [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\mtlstrm.sys -> [2004/01/28 14:46:22 | 001,309,184 | ---- | M] (Smart Link) (SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slwdmsup.sys -> [2004/01/28 14:20:44 | 000,013,240 | ---- | M] (Smart Link) (RecAgent) RecAgent [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\RecAgent.sys -> [2004/01/13 15:03:30 | 000,013,776 | ---- | M] (Smart Link) ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ialmsbw.sys -> [2003/11/20 08:26:00 | 000,122,110 | ---- | M] (Intel Corporation) ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ialmkchw.sys -> [2003/11/20 08:26:00 | 000,099,002 | ---- | M] (Intel Corporation) (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\wanatw4.sys -> [2003/04/02 13:03:30 | 000,033,588 | ---- | M] (America Online, Inc.) (dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\Dvd_2k.sys -> [2003/03/26 12:17:14 | 000,025,930 | ---- | M] (Roxio) (mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\Mmc_2k.sys -> [2003/03/26 12:17:12 | 000,030,662 | ---- | M] (Roxio) (pwd_2k) pwd_2k [Kernel | System | Running] -> C:\WINNT\system32\drivers\pwd_2K.sys -> [2003/03/26 12:17:10 | 000,144,250 | ---- | M] (Roxio) (UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> C:\WINNT\system32\drivers\udfreadr_xp.sys -> [2003/03/26 12:15:28 | 000,206,464 | ---- | M] (Roxio) (cdudf_xp) cdudf_xp [File_System | System | Running] -> C:\WINNT\system32\drivers\cdudf_xp.sys -> [2003/03/26 12:15:02 | 000,241,280 | ---- | M] (Roxio) (iaStor) Intel Integrated RAID [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation) (DCamUSBSQTECH) Dual-Mode DSC(2770) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\SQCaptur.sys -> [2003/01/10 09:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\ptilink.sys -> [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) (ultra) ultra [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) (MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\MODEMCSA.sys -> [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ac97intc.sys -> [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) (wandrv) WAN Network Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\wandrv.sys -> [2001/08/09 16:26:02 | 000,022,608 | ---- | M] (America Online, Inc.) (Exportit) Exportit [Kernel | System | Stopped] -> C:\WINNT\system32\drivers\ExportIt.sys -> [2001/05/10 08:00:00 | 000,124,960 | ---- | M] (Eastman Kodak Company) (DcPTP) %DcPTP.SvcDesc% [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcPtp.sys -> [2001/04/20 07:58:56 | 000,055,248 | ---- | M] (Eastman Kodak Company) (DCFS2k) DCFS2k [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\DCFS2k.sys -> [2001/03/30 14:25:30 | 000,032,960 | ---- | M] (Eastman Kodak Company) (DcCam) Kodak Camera Proxy [Kernel | System | Running] -> C:\WINNT\system32\drivers\DcCam.sys -> [2001/03/30 06:35:46 | 000,034,144 | ---- | M] (Eastman Kodak Company) (DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcFpoint.sys -> [2001/01/17 08:44:06 | 000,061,872 | ---- | M] (Eastman Kodak Company) (DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcLps.sys -> [2001/01/17 08:43:54 | 000,008,304 | ---- | M] (Eastman Kodak Company) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: Main\\"Start Page" -> www.gateway.net/ -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\xksmcbvj.default\prefs.js -> browser.search.useDBForOrder -> true -> browser.startup.homepage -> "http://www.livejournal.com/users/markmccloud/friends/" -> extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 -> extensions.enabledItems -> [email protected]:1.0.6 -> extensions.enabledItems -> [email protected]:2.8.8 -> extensions.enabledItems -> [email protected]:1.0.3 -> extensions.enabledItems -> [email protected]:1.0 -> extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50 -> extensions.enabledItems -> [email protected]:2.2.26.0 -> extensions.enabledItems -> {1dbc4a33-ea62-4330-966c-7bdad3455322}:1.0.6.7 -> extensions.enabledItems -> [email protected]:3.4.10 -> extensions.enabledItems -> {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.3 -> extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 -> extensions.enabledItems -> {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.87 -> network.proxy.socks_version -> 4 -> < FireFox Settings [User.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\xksmcbvj.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\paypalfi[email protected] -> C:\Program Files\PayPal\PayPal Plug-In [C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN] -> [2009/06/16 06:52:43 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/01/20 18:11:30 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/01/20 18:10:14 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components -> C:\Program Files\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010/01/22 18:25:09 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS -> < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions -> [2010/01/20 19:28:41 | 000,000,000 | ---D | M] No name found -> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/01/20 19:28:41 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions -> [2010/03/05 04:16:11 | 000,000,000 | ---D | M] Vista-aero -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} -> [2010/01/20 23:06:20 | 000,000,000 | ---D | M] Ex Aequo -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{11e842b0-5653-11db-b0de-0800200c9a66}(2) -> [2010/01/25 21:02:39 | 000,000,000 | ---D | M] FlashGot -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2) -> [2010/01/25 21:02:40 | 000,000,000 | ---D | M] Remove It Permanently -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} -> [2010/02/03 04:38:48 | 000,000,000 | ---D | M] Flashblock -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/01/25 21:02:40 | 000,000,000 | ---D | M] ChatZilla -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}(2) -> [2010/01/25 21:02:41 | 000,000,000 | ---D | M] NoScript -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2010/03/03 17:49:20 | 000,000,000 | ---D | M] NoScript -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M] Phoenity Modern -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M] Nightly Tester Tools -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M] ReloadEvery -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2) -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M] BlackJapan -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}(2) -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M] Acid Burn r1 -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{acidburnr1-4ed8-4a4d-9194-975a45a391xp} -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M] DownloadHelper -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M] PitchDark -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M] Adblock Plus -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M] Gradient iCool -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} -> [2010/01/28 18:43:07 | 000,000,000 | ---D | M] Luna -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{F10B4D44-508F-4a2f-A941-5E834F7C1F8B}(2) -> [2010/01/25 21:02:47 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/01/25 21:02:17 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/01/25 21:02:18 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected](2).com -> [2010/01/25 21:02:23 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/02/01 00:48:45 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/01/20 19:37:36 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\staged-xpis -> [2010/03/03 17:49:21 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\temp -> [2010/01/25 21:02:39 | 000,000,000 | ---D | M] No name found -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions -> [2010/01/20 23:06:36 | 000,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> aolsearch.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\aolsearch.xml -> [2008/01/23 20:02:46 | 000,001,878 | ---- | M] () WikiFur-1.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\WikiFur-1.xml -> [2010/03/04 00:09:46 | 000,001,161 | ---- | M] () wikifur-en.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikifur-en.xml -> [2010/01/20 19:25:54 | 000,001,574 | ---- | M] () WikiFur.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\WikiFur.xml -> [2006/11/08 23:28:12 | 000,001,188 | ---- | M] () wikipedia-1.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikipedia-1.xml -> [2008/06/24 01:14:38 | 000,001,108 | ---- | M] () wikipedia.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikipedia.xml -> [2008/06/24 01:32:00 | 000,001,108 | ---- | M] () youtube-video-search.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\youtube-video-search.xml -> [2007/05/19 03:19:46 | 000,002,109 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/05 04:16:11 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> [2008/03/01 22:47:07 | 000,000,000 | ---D | M] -> C:\Program Files\Mozilla Firefox\extensions\[email protected](2).org -> [2006/11/11 17:26:38 | 000,000,000 | ---D | M] < HOSTS File > ([2010/02/28 20:45:32 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINNT\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated) {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> E:\Hard Drive\Program Files\FlashGet\jccatch.dll [FGCatchUrl] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2010/01/11 20:42:48 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2010/01/11 20:42:48 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.) {EAD3A971-6A23-4246-8691-C9244E858967} [HKLM] -> C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [OToolbarHelper Class] -> [2009/04/01 11:53:42 | 000,099,328 | ---- | M] () {F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> E:\Hard Drive\Program Files\FlashGet\getflash.dll [FlashGet GetFlash Class] -> File not found {F385C231-605B-4d8f-ACA9-DBFF765BBE17} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Adblock Pro] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{DC0F2F93-27FA-4f84-ACAA-9416F90B9511}" [HKLM] -> C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [PayPal Plug-In] -> [2009/04/01 11:55:50 | 003,147,264 | ---- | M] () < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) "HotKeysCmds" -> C:\WINNT\system32\hkcmd.exe [C:\WINNT\system32\hkcmd.exe] -> [2005/06/21 15:44:34 | 000,126,976 | ---- | M] (Intel Corporation) "IgfxTray" -> C:\WINNT\system32\igfxtray.exe [C:\WINNT\system32\igfxtray.exe] -> [2005/01/23 11:36:10 | 000,155,648 | ---- | M] (Intel Corporation) "QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/01/31 22:13:08 | 000,385,024 | ---- | M] (Apple Inc.) "SunJavaUpdateSched" -> C:\Program Files\Common Files\Java\Java Update\jusched.exe ["C:\Program Files\Common Files\Java\Java Update\jusched.exe"] -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) < Run [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SansaDispatch" -> C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe] -> [2009/04/07 18:37:15 | 000,079,872 | ---- | M] (SanDisk Corporation) < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < SusanCheetah Startup Folder > -> C:\Documents and Settings\SusanCheetah\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions \Infodelivery\Restrictions\\"NoSplash" -> [0] -> File not found < Software Policy Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HonorAutoRunSetting" -> [1] -> File not found \\"NoCDBurning" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"CDRAutoRun" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"CDRAutoRun" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> &Block This Image (ABP) -> e:\Program Files\Adblock Pro\blockimg.html [e:\Program Files\Adblock Pro\blockimg.html] -> File not found &Download All with FlashGet -> E:\Hard Drive\Program Files\FlashGet\jc_all.htm [E:\Hard Drive\Program Files\FlashGet\jc_all.htm] -> File not found &Download with FlashGet -> E:\Hard Drive\Program Files\FlashGet\jc_link.htm [E:\Hard Drive\Program Files\FlashGet\jc_link.htm] -> File not found Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.) Copy to Semagic -> C:\Program Files\Semagic\copy.htm [C:\Program Files\Semagic\copy.htm] -> [2005/08/15 04:30:58 | 000,000,267 | ---- | M] () Semagic -> C:\Program Files\Semagic\link.htm [C:\Program Files\Semagic\link.htm] -> [2005/08/15 04:30:58 | 000,000,186 | ---- | M] () < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {7F9DB11C-E358-4ca6-A83D-ACC663939424}:{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Button: Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.) {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> C:\Program Files\AIM\aim.exe [Button: AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.) {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Hard Drive\Program Files\FlashGet\FlashGet.exe [Button: FlashGet] -> File not found {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Hard Drive\Program Files\FlashGet\FlashGet.exe [Menu: FlashGet] -> File not found {d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec [HKLM] -> Reg Error: Value error. [Button: Run IMVU] -> File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) {E7FD3540-AB30-40f1-91E7-101F733C1FD5}:{7685B225-8229-4321-BA13-A24485B0A760} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Button: Adblock Pro Preferences] -> File not found {E7FD3540-AB30-40f1-91E7-101F733C1FD5}:{7685B225-8229-4321-BA13-A24485B0A760} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Menu: Adblock Pro Preferences] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.) CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.) CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.) CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.) CmdMapping\\"{F4FBA929-A891-492C-A0F6-5C79CC4F1742}" [HKLM] -> [Reg Error: Key error.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> Extension\.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Error: Value error.] -> [2001/01/30 13:56:24 | 000,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.) < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6731 domain(s) found. -> 65 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6746 domain(s) found. -> 65 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6746 domain(s) found. -> 65 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1785 domain(s) found. -> 93 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1785 domain(s) found. -> 93 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7673 domain(s) found. -> www_adobe.com [http] -> Trusted sites -> compuserve.com .[*] -> Out of zone range - ( 5 ) -> objects_compuserve.com [*] -> Out of zone range - ( 6 ) -> 67 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> [url="http://www.apple.com/qtactivex/qtplugin.cab"]http://www.apple.com/qtactivex/qtplugin.cab[/url] [QuickTime Object] -> {0742B9EF-8C83-41CA-BFBA-830A59E23533} [HKLM] -> [url="https://support.microsoft.com/OAS/ActiveX/MSDcode.cab"]https://support.microsoft.com/OAS/ActiveX/MSDcode.cab[/url] [Microsoft Data Collection Control] -> {0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> [url="https://support.gateway.com/support/profiler//PCPitStop.CAB"]https://support.gateway.com/support/profiler//PCPitStop.CAB[/url] [PCPitstop Utility] -> {0F04992B-E661-4DB9-B223-903AB628225D} [HKLM] -> file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB [DoMoreRunExe.DoMoreRun] -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> [url="http://download.microsoft.com/download/5/B/E/5BE645ED-2F2D-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab"]http://download.microsoft.com/download/5/B...heckControl.cab[/url] [Windows Genuine Advantage Validation Tool] -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> [url="http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab"]http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[/url] [Symantec AntiVirus scanner] -> {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [HKLM] -> [url="http://download.yahoo.com/dl/installs/yinst0401.cab"]http://download.yahoo.com/dl/installs/yinst0401.cab[/url] [YInstStarter Class] -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> [url="http://office.microsoft.com/officeupdate/content/opuc.cab"]http://office.microsoft.com/officeupdate/content/opuc.cab[/url] [Office Update Installation Engine] -> {49232000-16E4-426C-A231-62846947304B} [HKLM] -> [url="http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab"]http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab[/url] [Reg Error: Key error.] -> {4B48D5DF-9021-45F7-A240-60304302A215} [HKLM] -> [url="http://www.microsoft.com/security/controls/WebCleaner.cab"]http://www.microsoft.com/security/controls/WebCleaner.cab[/url] [MalwareCleaner Class] -> {511073AD-BE56-4D43-AE68-93390514385E} [HKLM] -> file://C:\Program Files\gateway\helpspot\TechTools.CAB [TechToolsActivex.TechTools] -> {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} [HKLM] -> [url="http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1236859723968"]http://catalog.update.microsoft.com/v7/sit...b?1236859723968[/url] [MUCatalogWebControl Class] -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> [url="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab"]http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab[/url] [Windows Live Safety Center Base Module] -> {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263255474324"]http://www.update.microsoft.com/microsoftu...b?1263255474324[/url] [WUWebControl Class] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> [url="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab"]http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[/url] [Symantec RuFSI Utility Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258321201703"]http://www.update.microsoft.com/microsoftu...b?1258321201703[/url] [MUWebControl Class] -> {6E5A37BF-FD42-463A-877C-4EB7002E68AE} [HKLM] -> [url="http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab"]http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[/url] [Housecall ActiveX 6.5] -> {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} [HKLM] -> hcp://system/RunExeActiveX.CAB [RunExeActiveX.RunExe] -> {7B297BFD-85E4-4092-B2AF-16A91B2EA103} [HKLM] -> [url="http://www3.ca.com/securityadvisor/virusinfo/webscan.cab"]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] [WScanCtl Class] -> {8714912E-380D-11D5-B8AA-00D0B78F3D48} [HKLM] -> [url="http://chat.yahoo.com/cab/yuplapp.cab"]http://chat.yahoo.com/cab/yuplapp.cab[/url] [Yahoo! Webcam Upload Wrapper] -> {88D969C0-F192-11D4-A65F-0040963251E5} [HKLM] -> [url="http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab"]http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab[/url] [XML DOM Document 4.0] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Java Plug-in 1.6.0_18] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab[/url] [Reg Error: Key error.] -> {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} [HKLM] -> [url="http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab"]http://support.gateway.com/eSupport/static...h/weblaunch.cab[/url] [CWebLaunchCtl Object] -> {94B82441-A413-4E43-8422-D49930E69764} [HKLM] -> [url="http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB"]http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB[/url] [TLIEFlashObj Class] -> {97BB6657-DC7F-4489-9067-51FAB9D8857E} [HKLM] -> [url="http://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab"]http://support.gateway.com/eSupport/static.../weblaunch2.cab[/url] [CWebLaunchCtl Object] -> {99FE5072-78AA-4FEE-89BA-69A5FA55343F} [HKLM] -> [url="http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab"]http://download.microsoft.com/download/B/3...44/igdtoolx.cab[/url] [IGDTester Class] -> {9A57B18E-2F5D-11D5-8997-00104BD12D94} [HKLM] -> [url="http://support.gateway.com/support/serialharvest/gwCID.CAB"]http://support.gateway.com/support/serialharvest/gwCID.CAB[/url] [compid Class] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F} [HKLM] -> [url="http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38183.1688773148"]http://v4.windowsupdate.microsoft.com/CAB/...8183.1688773148[/url] [Reg Error: Key error.] -> {A8658086-E6AC-4957-BC8E-8D54A7E8A790} [HKLM] -> [url="http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB"]http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB[/url] [GDIChk Object] -> {A8F2B9BD-A6A0-486A-9744-18920D898429} [HKLM] -> [url="http://www.sibelius.com/download/software/win/ActiveXPlugin.cab"]http://www.sibelius.com/download/software/...tiveXPlugin.cab[/url] [Reg Error: Key error.] -> {C606BA60-AB76-48B6-96A7-2C4D5C386F70} [HKLM] -> [url="http://www.verizon.net/checkmypc/includes/MotivePreQual.cab"]http://www.verizon.net/checkmypc/includes/MotivePreQual.cab[/url] [PreQualifier Class] -> {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab"]http://java.sun.com/products/plugin/autodl...indows-i586.cab[/url] [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Java Plug-in 1.6.0_18] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Java Plug-in 1.6.0_18] -> {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} [HKLM] -> [url="http://gameadvisor.futuremark.com/global/msc3121.cab"]http://gameadvisor.futuremark.com/global/msc3121.cab[/url] [Measurement Services Client v.3.12] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> [url="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[/url] [Reg Error: Key error.] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> [url="http://i.grab.com/media/3ef815/games/files/663/popcaploader_v6.cab"]http://i.grab.com/media/3ef815/games/files...aploader_v6.cab[/url] [Reg Error: Key error.] -> {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} [HKLM] -> [url="http://chat.yahoo.com/cab/yvwrctl.cab"]http://chat.yahoo.com/cab/yvwrctl.cab[/url] [Yahoo! Webcam Viewer Wrapper] -> {F54C1137-5E34-4B95-95A5-BA56D4D8D743} [HKLM] -> [url="http://www.gamespot.com/KDX22/download/kdx.cab"]http://www.gamespot.com/KDX22/download/kdx.cab[/url] [Secure Delivery] -> DirectAnimation Java Classes [HKLM] -> file://C:\WINNT\Java\classes\dajava.cab [Reg Error: Key error.] -> Microsoft XML Parser for Java [HKLM] -> file://C:\WINNT\Java\classes\xmldso.cab [Reg Error: Key error.] -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINNT\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> C:\WINNT\system32\logonuiX.exe -> C:\WINNT\system32\logonuiX.exe -> [2009/11/18 11:49:29 | 005,053,440 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\WINNT\System32\igfxsrvc.dll -> [2005/06/21 15:44:12 | 000,348,160 | ---- | M] (Intel Corporation) MCPClient -> C:\Program Files\Common Files\Stardock\MCPStub.dll -> [2005/01/31 14:13:38 | 000,049,152 | ---- | M] (Stardock) < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" [HKLM] -> C:\Program Files\Common Files\Stardock\MCPCore.dll [0aMCPClient] -> [2005/05/10 12:31:20 | 000,086,016 | ---- | M] (Stardock) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 21:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2005/11/28 11:11:36 | 000,229,376 | ---- | M] (Apple Computer, Inc.) "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/09/19 04:33:46 | 000,282,624 | ---- | M] (Eastman Kodak Company) "C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> File not found "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/06/14 19:09:28 | 026,996,008 | R--- | M] (Skype Technologies S.A.) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> H:\Autorun.inf [[Autorun] | Open=StartPortableApps.exe | Action=Start PortableApps.com | Icon=StartPortableApps.exe | Label=PortableApps.com | ] -> H:\Autorun.inf [ FAT ] -> [2008/03/04 16:31:14 | 000,000,120 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{3ef0719c-a0f0-11dc-bcdc-00038a000011} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ef0719c-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\command \{3ef0719c-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\command\\"" -> H:\StartPortableApps.exe [H:\StartPortableApps.exe] -> [2008/05/21 17:02:52 | 000,088,712 | ---- | M] (PortableApps.com) < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 13:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation) htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) https [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> regfile [merge] -> Reg Error: Key error. scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> txtfile [edit] -> Reg Error: Key error. Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Directory [MediaMonkey.1Play] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" "%1" -> File not found Directory [MediaMonkey.2PlayNext] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" -> File not found Directory [MediaMonkey.3Enqueue] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" -> File not found Directory [Winamp.Bookmark] -> "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft) Directory [Winamp.Enqueue] -> "C:\Program Files\Winamp\winamp.exe" /ADD "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft) Directory [Winamp.Play] -> "C:\Program Files\Winamp\winamp.exe" "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft) Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 2/14/2010 3:01:35 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11316 -> Description = Product: Project64 1.6 -- Error 1316.A network error occurred while attempting to read from the file C:\WINNT\Installer\Project64 1.6.msi Application [ Error ] 2/15/2010 5:06:39 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11327 -> Description = Product: Impulse -- Error 1327. Invalid Drive: E:\ Application [ Error ] 2/15/2010 5:45:53 PM Computer Name = LYNDIS | Source = .NET Runtime Optimization Service | ID = 1101 -> Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: E:\Program Files\Stardock\Impulse\Impulse.exe . Error code = 0x80131047 Application [ Error ] 2/15/2010 5:45:54 PM Computer Name = LYNDIS | Source = .NET Runtime Optimization Service | ID = 1101 -> Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: E:\Program Files\Stardock\Impulse\ImpulseDock.exe . Error code = 0x80131047 Application [ Error ] 2/18/2010 7:22:46 AM Computer Name = LYNDIS | Source = Application Error | ID = 1000 -> Description = Faulting application wwm.exe, version 6.0.2.0, faulting module supersub.dll, version 6.0.2.0, fault address 0x000043df. Application [ Error ] 2/28/2010 9:40:09 PM Computer Name = LYNDIS | Source = Application Hang | ID = 1002 -> Description = Hanging application wwm.exe, version 6.0.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 2/28/2010 10:06:35 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11706 -> Description = Product: PaperPort -- Error 1706.No valid source could be found for product PaperPort. The Windows Installer cannot continue. Application [ Error ] 2/28/2010 10:06:47 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11706 -> Description = Product: PaperPort -- Error 1706.No valid source could be found for product PaperPort. The Windows Installer cannot continue. Application [ Error ] 3/3/2010 6:52:28 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11706 -> Description = Product: PaperPort -- Error 1706.No valid source could be found for product PaperPort. The Windows Installer cannot continue. Application [ Error ] 3/4/2010 5:52:25 PM Computer Name = LYNDIS | Source = Application Hang | ID = 1002 -> Description = Hanging application dfsvc.exe, version 2.0.50727.3053, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System [ Error ] 3/5/2010 4:58:28 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) System [ Error ] 3/5/2010 4:58:28 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. System [ Error ] 3/5/2010 5:02:28 AM Computer Name = LYNDIS | Source = Service Control Manager | ID = 7023 -> Description = The Automatic Updates service terminated with the following error: %%126 System [ Error ] 3/5/2010 5:02:30 AM Computer Name = LYNDIS | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: ntiomin rxp System [ Error ] 3/5/2010 6:07:14 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) System [ Error ] 3/5/2010 6:07:14 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. [Files/Folders - Created Within 30 Days] DoctorWeb -> C:\Documents and Settings\Owner\DoctorWeb -> [2010/03/04 01:05:45 | 000,000,000 | ---D | C] Downloads -> C:\Documents and Settings\Owner\My Documents\Downloads -> [2010/03/03 18:05:06 | 000,000,000 | ---D | C] Downloads -> C:\Downloads -> [2010/02/28 22:53:17 | 000,000,000 | ---D | C] RECYCLER -> C:\RECYCLER -> [2010/02/28 21:14:47 | 000,000,000 | -HSD | C] Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2010/02/28 21:04:35 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\WINNT\System32\drivers\mbamswissarmy.sys -> [2010/02/28 21:04:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/02/28 21:04:21 | 000,000,000 | ---D | C] mbam.sys -> C:\WINNT\System32\drivers\mbam.sys -> [2010/02/28 21:04:18 | 000,019,160 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/02/28 21:04:18 | 000,000,000 | ---D | C] Prefetch -> C:\WINNT\Prefetch -> [2010/02/28 21:02:18 | 000,000,000 | ---D | C] cmdcons -> C:\cmdcons -> [2010/02/28 20:05:21 | 000,000,000 | RHSD | C] SWXCACLS.exe -> C:\WINNT\SWXCACLS.exe -> [2010/02/28 18:12:27 | 000,212,480 | ---- | C] (SteelWerX) SWREG.exe -> C:\WINNT\SWREG.exe -> [2010/02/28 18:12:27 | 000,161,792 | ---- | C] (SteelWerX) SWSC.exe -> C:\WINNT\SWSC.exe -> [2010/02/28 18:12:27 | 000,136,704 | ---- | C] (SteelWerX) NIRCMD.exe -> C:\WINNT\NIRCMD.exe -> [2010/02/28 18:12:27 | 000,031,232 | ---- | C] (NirSoft) ERDNT -> C:\WINNT\ERDNT -> [2010/02/28 18:11:40 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2010/02/28 18:09:48 | 000,000,000 | ---D | C] BrWia06a.dll -> C:\WINNT\System32\BrWia06a.dll -> [2010/02/16 09:38:20 | 001,492,480 | ---- | C] (Brother Industries, Ltd.) BrUsi06a.dll -> C:\WINNT\System32\BrUsi06a.dll -> [2010/02/16 09:38:20 | 000,038,912 | ---- | C] (Brother Industries, Ltd.) BrScnUsb.sys -> C:\WINNT\System32\drivers\BrScnUsb.sys -> [2010/02/16 09:38:20 | 000,015,295 | ---- | C] (Brother Industries Ltd.) brinsstr.dll -> C:\WINNT\System32\brinsstr.dll -> [2010/02/16 09:38:18 | 000,052,736 | ---- | C] (Brother Industries,Ltd.) PDRVINST.DLL -> C:\WINNT\System32\PDRVINST.DLL -> [2010/02/16 09:37:48 | 000,188,416 | ---- | C] (brother) BrWebIns.dll -> C:\WINNT\System32\BrWebIns.dll -> [2010/02/16 09:37:48 | 000,086,016 | ---- | C] (brother) BRWEBUP.EXE -> C:\WINNT\System32\BRWEBUP.EXE -> [2010/02/16 09:37:48 | 000,069,632 | ---- | C] (brother) BrfxD05a.dll -> C:\WINNT\System32\BrfxD05a.dll -> [2010/02/16 09:37:35 | 000,126,976 | ---- | C] (Brother Industries,LTD) brunin03.dll -> C:\WINNT\brunin03.dll -> [2010/02/16 09:37:33 | 000,147,456 | ---- | C] (Brother Industries,Ltd.) Brother -> C:\Program Files\Brother -> [2010/02/16 09:37:33 | 000,000,000 | ---D | C] InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [2010/02/16 09:35:16 | 000,000,000 | ---D | C] ScanSoft Shared -> C:\Program Files\Common Files\ScanSoft Shared -> [2010/02/16 09:34:46 | 000,000,000 | ---D | C] ScanSoft -> C:\Program Files\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | C] ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | C] Brother -> C:\Documents and Settings\All Users\Application Data\Brother -> [2010/02/16 09:33:22 | 000,000,000 | ---D | C] usbccgp.sys -> C:\WINNT\System32\dllcache\usbccgp.sys -> [2010/02/15 18:00:02 | 000,032,128 | ---- | C] (Microsoft Corporation) My Videos -> C:\Documents and Settings\Owner\My Documents\My Videos -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C] My Pictures -> C:\Documents and Settings\Owner\My Documents\My Pictures -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C] My Music -> C:\Documents and Settings\Owner\My Documents\My Music -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C] Trillian -> C:\Program Files\Trillian -> [2010/02/15 07:12:01 | 000,000,000 | ---D | C] Office 2003 -> C:\Documents and Settings\Owner\Desktop\Office 2003 -> [2010/02/11 09:42:43 | 000,000,000 | ---D | C] fofix -> C:\Documents and Settings\Owner\Application Data\fofix -> [2010/02/11 07:11:08 | 000,000,000 | ---D | C] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/08/31 05:19:15 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/08/31 05:18:43 | 000,000,000 | ---D | M] JGsoft -> C:\Documents and Settings\LocalService\Application Data\JGsoft -> [2009/03/15 03:42:23 | 000,000,000 | ---D | M] Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/03/13 21:02:03 | 000,000,000 | ---D | M] Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2008/11/05 02:37:23 | 000,000,000 | ---D | M] AdobeUM -> C:\Documents and Settings\NetworkService\Application Data\AdobeUM -> [2008/07/20 05:49:14 | 000,000,000 | ---D | M] Adobe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe -> [2008/07/20 05:48:57 | 000,000,000 | ---D | M] Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2008/07/20 05:47:42 | 000,000,000 | ---D | M] Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2008/02/29 17:43:05 | 000,000,000 | ---D | M] Symantec -> C:\Documents and Settings\NetworkService\Application Data\Symantec -> [2007/01/02 18:03:58 | 000,000,000 | ---D | M] Symantec -> C:\Documents and Settings\LocalService\Application Data\Symantec -> [2006/11/12 17:19:12 | 000,000,000 | ---D | M] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2003/05/16 11:19:14 | 000,000,000 | --SD | M] 4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 13 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> [Files/Folders - Modified Within 30 Days] Ad-Aware Update (Weekly).job -> C:\WINNT\tasks\Ad-Aware Update (Weekly).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] () Ad-Aware Update (Daily 4).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 4).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] () Ad-Aware Update (Daily 3).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 3).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] () Ad-Aware Update (Daily 2).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 2).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] () Ad-Aware Update (Daily 1).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 1).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] () win.ini -> C:\WINNT\win.ini -> [2010/03/05 04:03:19 | 000,001,708 | ---- | M] () wpa.dbl -> C:\WINNT\System32\wpa.dbl -> [2010/03/05 04:01:53 | 000,001,158 | ---- | M] () bootstat.dat -> C:\WINNT\bootstat.dat -> [2010/03/05 04:00:40 | 000,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/03/05 04:00:30 | 1332,531,200 | -HS- | M] () ntuser.dat -> C:\Documents and Settings\Owner\ntuser.dat -> [2010/03/05 03:59:29 | 016,777,216 | ---- | M] () ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2010/03/05 03:59:29 | 000,000,178 | -HS- | M] () IconCache.db -> C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db -> [2010/03/05 03:59:08 | 020,325,348 | -H-- | M] () DrWeb.csv -> C:\Documents and Settings\Owner\Desktop\DrWeb.csv -> [2010/03/04 21:48:28 | 000,002,877 | ---- | M] () drweb-cureit.exe -> C:\Documents and Settings\Owner\My Documents\drweb-cureit.exe -> [2010/03/04 01:04:28 | 032,729,168 | ---- | M] () SA.DAT -> C:\WINNT\tasks\SA.DAT -> [2010/03/01 00:25:29 | 000,000,006 | -H-- | M] () system.ini -> C:\WINNT\system.ini -> [2010/02/28 22:14:38 | 000,000,293 | ---- | M] () boot.ini -> C:\boot.ini -> [2010/02/28 22:14:38 | 000,000,277 | RHS- | M] () GoogleUpdateTaskUserS-1-5-21-3899381452-335665265-84716132-1003.job -> C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-3899381452-335665265-84716132-1003.job -> [2010/02/28 21:29:18 | 000,000,938 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/28 21:04:27 | 000,000,702 | ---- | M] () perfh009.dat -> C:\WINNT\System32\perfh009.dat -> [2010/02/28 20:48:39 | 000,462,938 | ---- | M] () perfc009.dat -> C:\WINNT\System32\perfc009.dat -> [2010/02/28 20:48:39 | 000,078,654 | ---- | M] () PerfStringBackup.INI -> C:\WINNT\System32\PerfStringBackup.INI -> [2010/02/28 20:48:37 | 000,551,784 | ---- | M] () hosts -> C:\WINNT\System32\drivers\etc\hosts -> [2010/02/28 20:45:32 | 000,000,027 | ---- | M] () LogonStudio.ini -> C:\WINNT\LogonStudio.ini -> [2010/02/23 07:45:45 | 000,000,024 | ---- | M] () Boot.bak -> C:\Boot.bak -> [2010/02/17 05:52:40 | 000,000,207 | ---- | M] () QTFont.qfn -> C:\WINNT\QTFont.qfn -> [2010/02/16 14:00:05 | 000,054,156 | -H-- | M] () QTFont.for -> C:\WINNT\QTFont.for -> [2010/02/16 14:00:05 | 000,001,409 | ---- | M] () BRWMARK.INI -> C:\WINNT\BRWMARK.INI -> [2010/02/16 09:41:47 | 000,000,419 | ---- | M] () BRPP2KA.INI -> C:\WINNT\BRPP2KA.INI -> [2010/02/16 09:41:47 | 000,000,027 | ---- | M] () Brpfx04a.ini -> C:\WINNT\Brpfx04a.ini -> [2010/02/16 09:40:09 | 000,000,210 | ---- | M] () brpcfx.ini -> C:\WINNT\brpcfx.ini -> [2010/02/16 09:40:09 | 000,000,093 | ---- | M] () bridf06a.dat -> C:\WINNT\System32\bridf06a.dat -> [2010/02/16 09:40:09 | 000,000,050 | ---- | M] () tdstemp.002 -> C:\tdstemp.002 -> [2010/02/15 15:59:15 | 000,001,421 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/15 06:54:38 | 000,095,232 | ---- | M] () cdplayer.ini -> C:\WINNT\cdplayer.ini -> [2010/02/10 08:01:48 | 000,000,849 | ---- | M] () 4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 13 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> [Files - No Company Name] DrWeb.csv -> C:\Documents and Settings\Owner\Desktop\DrWeb.csv -> [2010/03/04 21:48:28 | 000,002,877 | ---- | C] () drweb-cureit.exe -> C:\Documents and Settings\Owner\My Documents\drweb-cureit.exe -> [2010/03/03 20:46:45 | 032,729,168 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/28 21:04:27 | 000,000,702 | ---- | C] () Boot.bak -> C:\Boot.bak -> [2010/02/28 20:05:32 | 000,000,207 | ---- | C] () cmldr -> C:\cmldr -> [2010/02/28 20:05:27 | 000,260,272 | ---- | C] () PEV.exe -> C:\WINNT\PEV.exe -> [2010/02/28 18:12:27 | 000,261,632 | ---- | C] () sed.exe -> C:\WINNT\sed.exe -> [2010/02/28 18:12:27 | 000,098,816 | ---- | C] () grep.exe -> C:\WINNT\grep.exe -> [2010/02/28 18:12:27 | 000,080,412 | ---- | C] () MBR.exe -> C:\WINNT\MBR.exe -> [2010/02/28 18:12:27 | 000,077,312 | ---- | C] () zip.exe -> C:\WINNT\zip.exe -> [2010/02/28 18:12:27 | 000,068,096 | ---- | C] () QTFont.qfn -> C:\WINNT\QTFont.qfn -> [2010/02/16 14:00:05 | 000,054,156 | -H-- | C] () QTFont.for -> C:\WINNT\QTFont.for -> [2010/02/16 14:00:05 | 000,001,409 | ---- | C] () BRPP2KA.INI -> C:\WINNT\BRPP2KA.INI -> [2010/02/16 09:41:47 | 000,000,027 | ---- | C] () BRWMARK.INI -> C:\WINNT\BRWMARK.INI -> [2010/02/16 09:41:46 | 000,000,419 | ---- | C] () Brpfx04a.ini -> C:\WINNT\Brpfx04a.ini -> [2010/02/16 09:40:09 | 000,000,210 | ---- | C] () brpcfx.ini -> C:\WINNT\brpcfx.ini -> [2010/02/16 09:40:09 | 000,000,093 | ---- | C] () bridf06a.dat -> C:\WINNT\System32\bridf06a.dat -> [2010/02/16 09:40:09 | 000,000,050 | ---- | C] () CVRPAGE.BMP -> C:\WINNT\CVRPAGE.BMP -> [2010/02/16 09:37:37 | 000,006,224 | ---- | C] () brdfxspd.dat -> C:\WINNT\brdfxspd.dat -> [2010/02/16 09:37:34 | 000,000,000 | ---- | C] () maxlink.ini -> C:\WINNT\maxlink.ini -> [2010/02/16 09:35:48 | 000,027,019 | ---- | C] () tdstemp.002 -> C:\tdstemp.002 -> [2010/02/15 15:59:15 | 000,001,421 | ---- | C] () FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2010/01/25 22:10:28 | 000,532,360 | ---- | C] () RtlCPAPI.dll -> C:\WINNT\System32\RtlCPAPI.dll -> [2009/11/01 22:59:25 | 000,147,456 | ---- | C] () qt-dx331.dll -> C:\WINNT\System32\qt-dx331.dll -> [2008/09/19 16:57:34 | 003,596,288 | ---- | C] () dtu100.dll.manifest -> C:\WINNT\System32\dtu100.dll.manifest -> [2008/09/19 16:55:10 | 000,000,416 | ---- | C] () idxcntrs.ini -> C:\WINNT\System32\idxcntrs.ini -> [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () gsrvctr.ini -> C:\WINNT\System32\gsrvctr.ini -> [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () gthrctr.ini -> C:\WINNT\System32\gthrctr.ini -> [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () InsDrvZD.dll -> C:\WINNT\System32\InsDrvZD.dll -> [2007/07/24 16:59:02 | 000,028,672 | ---- | C] () InsDrvZD64.DLL -> C:\WINNT\System32\InsDrvZD64.DLL -> [2007/07/24 16:59:02 | 000,015,872 | ---- | C] () (null)toolkit.ini -> C:\WINNT\(null)toolkit.ini -> [2007/07/13 18:44:31 | 000,000,113 | ---- | C] () ff_vfw.dll -> C:\WINNT\System32\ff_vfw.dll -> [2007/05/25 20:06:45 | 000,010,752 | ---- | C] () ff_vfw.dll.manifest -> C:\WINNT\System32\ff_vfw.dll.manifest -> [2007/05/25 20:06:45 | 000,000,547 | ---- | C] () Start.INI -> C:\WINNT\Start.INI -> [2007/05/08 05:46:49 | 000,000,032 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\WINNT\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 000,030,808 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\WINNT\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 000,026,489 | ---- | C] () kodakpcd.MarkMcCloud.ini -> C:\WINNT\kodakpcd.MarkMcCloud.ini -> [2006/06/07 07:58:38 | 000,000,023 | ---- | C] () LogonStudio.ini -> C:\WINNT\LogonStudio.ini -> [2006/04/19 17:10:30 | 000,000,024 | ---- | C] () JPGUtils.dll -> C:\WINNT\System32\JPGUtils.dll -> [2006/04/19 17:09:57 | 000,187,392 | ---- | C] () GlobalSerif.CompositeFont -> C:\WINNT\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 000,029,779 | ---- | C] () GlobalMonospace.CompositeFont -> C:\WINNT\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 000,026,040 | ---- | C] () huffyuv.ini -> C:\WINNT\huffyuv.ini -> [2006/04/11 16:27:12 | 000,000,134 | ---- | C] () WB.ini -> C:\WINNT\WB.ini -> [2006/03/25 01:53:47 | 000,000,072 | ---- | C] () wbload.dll -> C:\WINNT\System32\wbload.dll -> [2006/03/25 01:49:57 | 000,020,480 | ---- | C] () atid.ini -> C:\WINNT\atid.ini -> [2006/01/25 01:51:55 | 000,000,029 | ---- | C] () CD-Start.INI -> C:\WINNT\CD-Start.INI -> [2005/11/22 20:37:06 | 000,000,032 | ---- | C] () Star Trek Birth of the Federation - Editor.INI -> C:\WINNT\Star Trek Birth of the Federation - Editor.INI -> [2005/10/28 03:42:31 | 000,000,047 | ---- | C] () StyleBuilder.INI -> C:\WINNT\StyleBuilder.INI -> [2005/09/02 17:38:36 | 000,000,099 | ---- | C] () gscr.dll -> C:\WINNT\gscr.dll -> [2005/06/02 18:51:01 | 000,028,672 | ---- | C] () cdplayer.ini -> C:\WINNT\cdplayer.ini -> [2005/05/08 15:58:30 | 000,000,849 | ---- | C] () mmpoly.ini -> C:\WINNT\mmpoly.ini -> [2005/04/11 19:00:59 | 000,000,070 | ---- | C] () dcstds3.dll -> C:\WINNT\dcstds3.dll -> [2005/03/11 11:09:10 | 000,000,006 | ---- | C] () NemuAudio08.ini -> C:\WINNT\System32\NemuAudio08.ini -> [2005/02/12 17:10:38 | 000,000,126 | ---- | C] () lq.dll -> C:\WINNT\lq.dll -> [2005/01/28 07:36:56 | 000,007,168 | ---- | C] () NMDll.dll -> C:\WINNT\System32\NMDll.dll -> [2005/01/28 07:36:55 | 000,468,480 | ---- | C] () yhl.dll -> C:\WINNT\yhl.dll -> [2005/01/28 07:36:54 | 000,020,480 | ---- | C] () ODBC.INI -> C:\WINNT\ODBC.INI -> [2005/01/08 20:54:41 | 000,000,480 | ---- | C] () Sfc3ng.INI -> C:\WINNT\Sfc3ng.INI -> [2005/01/01 04:50:29 | 000,000,604 | ---- | C] () iPlayer.INI -> C:\WINNT\iPlayer.INI -> [2004/12/23 23:58:48 | 000,000,000 | ---- | C] () pcfriend.INI -> C:\WINNT\pcfriend.INI -> [2004/11/15 04:32:39 | 000,000,000 | ---- | C] () psisdecd.dll -> C:\WINNT\System32\psisdecd.dll -> [2004/10/08 05:11:47 | 000,363,520 | ---- | C] () cncs232.dll -> C:\WINNT\System32\cncs232.dll -> [2004/09/15 08:32:10 | 000,286,208 | ---- | C] () NemuVideo.ini -> C:\WINNT\System32\NemuVideo.ini -> [2004/08/10 14:53:38 | 000,000,065 | ---- | C] () zlib.dll -> C:\WINNT\System32\zlib.dll -> [2004/07/23 22:52:03 | 000,053,760 | ---- | C] () devenum(2).dll -> C:\WINNT\System32\devenum(2).dll -> [2004/07/15 13:52:17 | 000,053,248 | ---- | C] () winamp.ini -> C:\WINNT\winamp.ini -> [2004/07/15 03:50:02 | 000,001,157 | ---- | C] () xvidvfw.dll -> C:\WINNT\System32\xvidvfw.dll -> [2004/06/06 11:53:42 | 000,155,648 | ---- | C] () xvidcore.dll -> C:\WINNT\System32\xvidcore.dll -> [2004/06/05 11:56:16 | 000,679,936 | ---- | C] () smscfg.ini -> C:\WINNT\smscfg.ini -> [2004/04/15 11:01:41 | 000,000,061 | ---- | C] () PCDrSystemInformation.dll -> C:\WINNT\System32\PCDrSystemInformation.dll -> [2004/04/15 10:43:24 | 000,282,624 | ---- | C] () PCDrKernelModeServices.dll -> C:\WINNT\System32\PCDrKernelModeServices.dll -> [2004/04/15 10:38:13 | 000,086,016 | ---- | C] () ProgressTrace.dll -> C:\WINNT\System32\ProgressTrace.dll -> [2004/04/15 10:38:13 | 000,065,536 | ---- | C] () OEMINFO.INI -> C:\WINNT\System32\OEMINFO.INI -> [2004/04/15 10:36:36 | 000,000,699 | ---- | C] () libeay32.dll -> C:\WINNT\System32\libeay32.dll -> [2004/03/22 13:22:30 | 000,880,128 | ---- | C] () ssleay32.dll -> C:\WINNT\System32\ssleay32.dll -> [2004/03/22 13:22:30 | 000,171,520 | ---- | C] () OpenQuicktimeLib.dll -> C:\WINNT\System32\OpenQuicktimeLib.dll -> [2004/01/27 12:13:54 | 000,421,888 | ---- | C] () tds3shl.dll -> C:\WINNT\System32\tds3shl.dll -> [2003/06/11 18:05:06 | 000,032,768 | ---- | C] () orun32.ini -> C:\WINNT\orun32.ini -> [2003/05/16 12:56:01 | 000,000,873 | ---- | C] () MCC16.DLL -> C:\WINNT\System32\MCC16.DLL -> [2002/12/18 15:10:36 | 000,006,048 | ---- | C] () OggDS.dll -> C:\WINNT\System32\OggDS.dll -> [2002/10/06 18:42:58 | 000,237,568 | ---- | C] () vorbisenc.dll -> C:\WINNT\System32\vorbisenc.dll -> [2002/10/04 23:04:26 | 000,921,600 | ---- | C] () vorbis.dll -> C:\WINNT\System32\vorbis.dll -> [2002/10/04 23:04:26 | 000,188,416 | ---- | C] () ogg.dll -> C:\WINNT\System32\ogg.dll -> [2002/10/04 23:04:18 | 000,045,056 | ---- | C] () mag.dll -> C:\WINNT\System32\mag.dll -> [2002/03/19 17:30:00 | 000,010,752 | ---- | C] () msvdm.dll -> C:\WINNT\System32\msvdm.dll -> [2002/03/19 16:30:00 | 000,141,824 | ---- | C] () Jpeg32.dll -> C:\WINNT\System32\Jpeg32.dll -> [2002/03/04 10:16:34 | 000,110,592 | R--- | C] () PciBus.sys -> C:\WINNT\System32\drivers\PciBus.sys -> [2001/11/19 19:05:18 | 000,003,972 | ---- | C] () cpuinf32.dll -> C:\WINNT\System32\cpuinf32.dll -> [2001/09/17 12:20:02 | 000,009,216 | ---- | C] () Canon456.dll -> C:\WINNT\System32\Canon456.dll -> [2000/11/15 17:00:00 | 000,000,019 | ---- | C] () sysres.dll -> C:\WINNT\System32\sysres.dll -> [1998/08/16 05:00:00 | 000,004,096 | ---- | C] () coinst.dll -> C:\WINNT\System32\coinst.dll -> [1980/01/01 00:00:00 | 000,049,152 | ---- | C] () [File - Lop Check] InterTrust -> C:\Documents and Settings\Administrator\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M] America Online -> C:\Documents and Settings\All Users\Application Data\America Online -> [2004/07/15 05:51:09 | 000,000,000 | ---D | M] Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk -> [2005/09/26 02:50:35 | 000,000,000 | ---D | M] Downloaded Installations -> C:\Documents and Settings\All Users\Application Data\Downloaded Installations -> [2007/06/13 16:13:12 | 000,000,000 | ---D | M] DriverScanner -> C:\Documents and Settings\All Users\Application Data\DriverScanner -> [2008/12/10 22:08:14 | 000,000,000 | ---D | M] PC Drivers HeadQuarters -> C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters -> [2008/07/09 18:28:54 | 000,000,000 | ---D | M] ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | M] SecTaskMan -> C:\Documents and Settings\All Users\Application Data\SecTaskMan -> [2009/08/01 17:00:16 | 000,000,000 | ---D | M] Stardock -> C:\Documents and Settings\All Users\Application Data\Stardock -> [2008/08/19 19:06:37 | 000,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/02/26 00:14:18 | 000,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2004/07/15 03:54:42 | 000,000,000 | ---D | M] WholeSecurity -> C:\Documents and Settings\All Users\Application Data\WholeSecurity -> [2009/06/01 09:23:44 | 000,000,000 | ---D | M] {1EB63B4B-5639-4477-8E24-05C31B5F8019} -> C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> [2010/02/15 16:06:35 | 000,000,000 | -H-D | M] {BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} -> C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} -> [2010/01/30 11:13:40 | 000,000,000 | -H-D | M] InterTrust -> C:\Documents and Settings\Default User\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M] Adblock Pro -> C:\Documents and Settings\Guest\Application Data\Adblock Pro -> [2009/02/16 08:51:13 | 000,000,000 | ---D | M] InterTrust -> C:\Documents and Settings\Guest\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M] JGsoft -> C:\Documents and Settings\LocalService\Application Data\JGsoft -> [2009/03/15 03:42:23 | 000,000,000 | ---D | M] acccore -> C:\Documents and Settings\Owner\Application Data\acccore -> [2006/12/29 17:11:26 | 000,000,000 | ---D | M] Adblock Pro -> C:\Documents and Settings\Owner\Application Data\Adblock Pro -> [2008/08/25 17:18:15 | 000,000,000 | ---D | M] Aim -> C:\Documents and Settings\Owner\Application Data\Aim -> [2004/08/11 21:31:59 | 000,000,000 | ---D | M] Desktop Sidebar -> C:\Documents and Settings\Owner\Application Data\Desktop Sidebar -> [2008/06/22 21:24:26 | 000,000,000 | ---D | M] Exodus -> C:\Documents and Settings\Owner\Application Data\Exodus -> [2005/02/10 17:54:19 | 000,000,000 | ---D | M] FileMaker -> C:\Documents and Settings\Owner\Application Data\FileMaker -> [2005/09/24 15:37:20 | 000,000,000 | ---D | M] fltk.org -> C:\Documents and Settings\Owner\Application Data\fltk.org -> [2005/02/03 00:53:12 | 000,000,000 | ---D | M] fofix -> C:\Documents and Settings\Owner\Application Data\fofix -> [2010/02/11 07:11:17 | 000,000,000 | ---D | M] gen_ff v1.04 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.04 -> [2004/09/23 05:53:06 | 000,000,000 | ---D | M] gen_ff v1.05 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.05 -> [2005/05/23 22:23:42 | 000,000,000 | ---D | M] gen_ff v1.07 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.07 -> [2006/03/21 10:03:47 | 000,000,000 | ---D | M] IMVU -> C:\Documents and Settings\Owner\Application Data\IMVU -> [2007/05/04 00:55:12 | 000,000,000 | ---D | M] InterTrust -> C:\Documents and Settings\Owner\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M] InterVideo -> C:\Documents and Settings\Owner\Application Data\InterVideo -> [2004/08/08 16:45:01 | 000,000,000 | ---D | M] IObit -> C:\Documents and Settings\Owner\Application Data\IObit -> [2010/01/24 02:06:11 | 000,000,000 | ---D | M] IP Lookup v2.0 -> C:\Documents and Settings\Owner\Application Data\IP Lookup v2.0 -> [2005/08/24 19:14:20 | 000,000,000 | ---D | M] IrfanView -> C:\Documents and Settings\Owner\Application Data\IrfanView -> [2008/08/16 20:20:41 | 000,000,000 | ---D | M] JAM Software -> C:\Documents and Settings\Owner\Application Data\JAM Software -> [2008/11/14 01:46:10 | 000,000,000 | ---D | M] JGsoft -> C:\Documents and Settings\Owner\Application Data\JGsoft -> [2007/04/23 05:26:01 | 000,000,000 | ---D | M] Kazaa Lite -> C:\Documents and Settings\Owner\Application Data\Kazaa Lite -> [2004/07/16 21:25:11 | 000,000,000 | ---D | M] Kontiki -> C:\Documents and Settings\Owner\Application Data\Kontiki -> [2004/08/16 10:53:15 | 000,000,000 | ---D | M] Offline Explorer -> C:\Documents and Settings\Owner\Application Data\Offline Explorer -> [2005/01/28 10:39:53 | 000,000,000 | ---D | M] SanDisk -> C:\Documents and Settings\Owner\Application Data\SanDisk -> [2009/04/07 18:34:39 | 000,000,000 | ---D | M] SecondLife -> C:\Documents and Settings\Owner\Application Data\SecondLife -> [2007/07/28 19:03:13 | 000,000,000 | ---D | M] SecondLife(2) -> C:\Documents and Settings\Owner\Application Data\SecondLife(2) -> [2005/07/12 03:24:20 | 000,000,000 | ---D | M] Shareaza -> C:\Documents and Settings\Owner\Application Data\Shareaza -> [2008/02/17 16:37:29 | 000,000,000 | ---D | M] Stardock -> C:\Documents and Settings\Owner\Application Data\Stardock -> [2008/08/19 19:18:59 | 000,000,000 | ---D | M] Thunderbird -> C:\Documents and Settings\Owner\Application Data\Thunderbird -> [2009/12/15 19:48:38 | 000,000,000 | ---D | M] Trillian -> C:\Documents and Settings\Owner\Application Data\Trillian -> [2009/01/10 04:01:34 | 000,000,000 | ---D | M] Uniblue -> C:\Documents and Settings\Owner\Application Data\Uniblue -> [2008/12/10 22:08:15 | 000,000,000 | ---D | M] ViStart -> C:\Documents and Settings\Owner\Application Data\ViStart -> [2007/12/01 23:22:54 | 000,000,000 | ---D | M] Windows Desktop Search -> C:\Documents and Settings\Owner\Application Data\Windows Desktop Search -> [2008/07/25 05:45:23 | 000,000,000 | ---D | M] Windows Live Writer -> C:\Documents and Settings\Owner\Application Data\Windows Live Writer -> [2009/04/01 09:19:23 | 000,000,000 | ---D | M] Windows Search -> C:\Documents and Settings\Owner\Application Data\Windows Search -> [2008/07/29 06:15:42 | 000,000,000 | ---D | M] Witty -> C:\Documents and Settings\Owner\Application Data\Witty -> [2009/06/27 07:29:06 | 000,000,000 | ---D | M] InterTrust -> C:\Documents and Settings\SusanCheetah\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M] InterVideo -> C:\Documents and Settings\SusanCheetah\Application Data\InterVideo -> [2005/07/12 03:24:53 | 000,000,000 | ---D | M] Thunderbird -> C:\Documents and Settings\SusanCheetah\Application Data\Thunderbird -> [2004/09/30 17:04:05 | 000,000,000 | ---D | M] Windows Search -> C:\Documents and Settings\SusanCheetah\Application Data\Windows Search -> [2010/02/16 05:42:21 | 000,000,000 | ---D | M] Ad-Aware Update (Daily 1).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 1).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] () Ad-Aware Update (Daily 2).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 2).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] () Ad-Aware Update (Daily 3).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 3).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] () Ad-Aware Update (Daily 4).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 4).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] () Ad-Aware Update (Weekly).job -> C:\WINNT\Tasks\Ad-Aware Update (Weekly).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > < %ProgramFiles%\Movie Maker\*.dll > wmm2ae.dll -> C:\Program Files\Movie Maker\wmm2ae.dll -> [2008/04/13 19:12:09 | 000,167,936 | ---- | M] (Microsoft Corporation) wmm2eres.dll -> C:\Program Files\Movie Maker\wmm2eres.dll -> [2008/04/13 19:12:09 | 000,004,096 | ---- | M] (Microsoft Corporation) wmm2ext.dll -> C:\Program Files\Movie Maker\wmm2ext.dll -> [2008/04/13 19:12:09 | 000,007,680 | ---- | M] (Microsoft Corporation) wmm2filt.dll -> C:\Program Files\Movie Maker\wmm2filt.dll -> [2008/04/13 19:12:09 | 000,402,432 | ---- | M] (Microsoft Corporation) wmm2fxa.dll -> C:\Program Files\Movie Maker\wmm2fxa.dll -> [2008/04/13 19:12:09 | 000,502,272 | ---- | M] (Microsoft Corporation) wmm2fxb.dll -> C:\Program Files\Movie Maker\wmm2fxb.dll -> [2008/04/13 19:12:09 | 000,325,632 | ---- | M] (Microsoft Corporation) wmm2res.dll -> C:\Program Files\Movie Maker\wmm2res.dll -> [2008/04/13 19:12:09 | 004,256,768 | ---- | M] (Microsoft Corporation) wmm2res2.dll -> C:\Program Files\Movie Maker\wmm2res2.dll -> [2008/04/13 19:12:09 | 000,005,632 | ---- | M] (Microsoft Corporation) wmmfilt.dll -> C:\Program Files\Movie Maker\wmmfilt.dll -> [2002/08/29 07:00:00 | 000,110,648 | ---- | M] (Microsoft Corporation) wmmres.dll -> C:\Program Files\Movie Maker\wmmres.dll -> [2002/08/29 07:00:00 | 000,319,542 | ---- | M] (Microsoft Corporation) wmmutil.dll -> C:\Program Files\Movie Maker\wmmutil.dll -> [2002/08/29 07:00:00 | 000,163,897 | ---- | M] (Microsoft Corporation) Invalid Environment Variable: ALLUSERSAPPDATA < %SYSTEMROOT%\*.tmp > 4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> < %PROGRAMFILES%\Internet Explorer\*.dll > custsat.dll -> C:\Program Files\Internet Explorer\custsat.dll -> [2006/11/07 21:03:36 | 000,033,792 | ---- | M] (Microsoft Corporation) hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2009/03/08 03:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation) iecompat.dll -> C:\Program Files\Internet Explorer\iecompat.dll -> [2009/10/01 23:44:07 | 000,092,160 | ---- | M] (Microsoft Corporation) iedvtool.dll -> C:\Program Files\Internet Explorer\iedvtool.dll -> [2009/03/08 03:35:32 | 000,742,912 | ---- | M] (Microsoft Corporation) ieproxy.dll -> C:\Program Files\Internet Explorer\ieproxy.dll -> [2009/12/21 14:14:03 | 000,246,272 | ---- | M] (Microsoft Corporation) jsdbgui.dll -> C:\Program Files\Internet Explorer\jsdbgui.dll -> [2009/03/08 03:35:02 | 000,521,216 | ---- | M] (Microsoft Corporation) jsdebuggeride.dll -> C:\Program Files\Internet Explorer\jsdebuggeride.dll -> [2009/03/08 03:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation) JSProfilerCore.dll -> C:\Program Files\Internet Explorer\JSProfilerCore.dll -> [2009/03/08 03:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation) jsprofilerui.dll -> C:\Program Files\Internet Explorer\jsprofilerui.dll -> [2009/03/08 03:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation) pdm.dll -> C:\Program Files\Internet Explorer\pdm.dll -> [2009/01/07 17:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation) sqmapi.dll -> C:\Program Files\Internet Explorer\sqmapi.dll -> [2009/01/07 17:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation) xpshims.dll -> C:\Program Files\Internet Explorer\xpshims.dll -> [2009/12/21 14:14:05 | 000,012,800 | ---- | M] (Microsoft Corporation) Invalid Environment Variable: DriveLetter < %systemroot%\system32\*.dll /lockedfiles > 13 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> < MD5 Scans Start> < %systemdrive%\AGP440.SYS /md5 /s > AGP440.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] () AGP440.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] () AGP440.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] () AGP440.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] () agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\ERDNT\cache\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\ServicePackFiles\i386\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\system32\dllcache\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\system32\drivers\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINNT\$NtServicePackUninstall$\agp440.sys -> [2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) < %systemdrive%\ATAPI.SYS /md5 /s > atapi.sys : .cab file -> C:\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] () atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] () atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] () atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] () atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] () atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] () atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] () atapi.sys : MD5=95B858761A00E1D4F81F79A0DA019ACA -> C:\WINNT\system32\ReinstallBackups�06\DriverFiles\i386\atapi.sys -> [2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\ERDNT\cache\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\ServicePackFiles\i386\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\system32\dllcache\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\system32\drivers\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINNT\$NtServicePackUninstall$\atapi.sys -> [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) < %systemdrive%\EVENTLOG.DLL /md5 /s > eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\ERDNT\cache\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\system32\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINNT\$NtServicePackUninstall$\eventlog.dll -> [2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) EventLog.dll : MD5=CAD468899536326818AE00BF0A750F9C -> C:\Perl\site\lib\auto\Win32\EventLog\EventLog.dll -> [2004/12/13 10:37:30 | 000,028,791 | ---- | M] () < %systemdrive%\IASTOR.SYS /md5 /s > iaStor.sys : MD5=18E3972D9632485D80D609D4674F9D83 -> C:\OEMDRVRS\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation) iaStor.sys : MD5=18E3972D9632485D80D609D4674F9D83 -> C:\WINNT\system32\drivers\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation) < %systemdrive%\NETLOGON.DLL /md5 /s > netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\ERDNT\cache\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\system32\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINNT\$NtServicePackUninstall$\netlogon.dll -> [2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) < %systemdrive%\SCECLI.DLL /md5 /s > scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINNT\$NtServicePackUninstall$\scecli.dll -> [2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\ERDNT\cache\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\ServicePackFiles\i386\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\system32\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > 13 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> < %systemroot%\Tasks\*.job /lockedfiles > < c:\$recycle.bin\*.* /s > Restore point Set: OTS Restore Point (68719476736) [Alternate Data Streams] @Alternate Data Stream - 479 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 88 bytes -> C:\WINNT\sndvol32.exe:SummaryInformation < End of report > ~~~~~~~~~~ VirScan VirSCAN.org Scanned Report : Scanned time : 2010/03/04 07:00:01 (CST) Scanner results: Scanners did not find malware! File Name : brunin03.dll File Size : 147456 byte File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi MD5 : 46ae67007ed872050db3ba9615283eb5 SHA1 : 07ef57b1c06da4e28800af6a90ee815b28ebdb49 Online report : [url="http://virscan.org/report/527521f9e63f19ad013c2adb91830323.html"]http://virscan.org/report/527521f9e63f19ad...db91830323.html[/url] Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20100304053904 2010-03-04 6.22 - AhnLab V3 2010.03.04.00 2010.03.04 2010-03-04 1.03 - AntiVir 8.2.1.180 7.10.4.192 2010-03-03 0.31 - Antiy 2.0.18 20100302.3946376 2010-03-02 0.02 - Arcavir 2009 201003031711 2010-03-03 0.05 - Authentium 5.1.1 201003031107 2010-03-03 1.51 - AVAST! 4.7.4 100303-0 2010-03-03 0.01 - AVG 8.5.720 271.1.1/2720 2010-03-03 0.25 - BitDefender 7.81008.5367913 7.30613 2010-03-04 5.60 - ClamAV 0.95.3 10507 2010-03-04 0.04 - Comodo 3.13.579 4136 2010-03-03 0.93 - CP Secure 1.3.0.5 2010.03.04 2010-03-04 0.09 - Dr.Web 5.0.1.12222 2010.03.04 2010-03-04 5.81 - F-Prot 4.4.4.56 20100303 2010-03-03 1.53 - F-Secure 7.02.73807 2010.03.03.13 2010-03-03 10.40 - Fortinet 11.546- 11.546 2010-03-03 0.21 - GData 19.10730/19.795 20100303 2010-03-03 6.57 - ViRobot 20100303 2010.03.03 2010-03-03 0.47 - Ikarus T3.1.01.80 2010.03.03.75324 2010-03-03 4.93 - JiangMin 13.0.900 2010.03.03 2010-03-03 4.92 - Kaspersky 5.5.10 2010.03.03 2010-03-03 0.17 - KingSoft 2009.2.5.15 2010.3.3.19 2010-03-03 0.59 - McAfee 5.3.00 5909 2010-03-03 3.63 - Microsoft 1.5502 2010.03.03 2010-03-03 6.78 - Norman 6.01.09 6.01.00 2010-02-10 4.02 - Panda 9.05.01 2010.03.03 2010-03-03 1.88 - Trend Micro 9.120-1004 6.889.00 2010-03-03 0.03 - Quick Heal 10.00 2010.03.03 2010-03-03 1.40 - Rising 20.0 22.37.02.04 2010-03-03 1.07 - Sophos 3.04.1 4.50 2010-03-04 3.61 - Sunbelt 3.9.2406.2 5742 2010-03-03 3.00 - Symantec 1.3.0.24 20100303.005 2010-03-03 0.05 - nProtect 20100302.01 7621007 2010-03-02 4.49 - The Hacker 6.5.1.7 v00220 2010-03-03 0.38 - VBA32 3.12.12.2 20100301.2254 2010-03-01 2.71 - VirusBuster 4.5.11.10 10.121.1/2014475 2010-03-04 2.42 - ~~~~~~~~~~ DrWeb inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Moved.; 4b03edab.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b03edab.qua;Probably Trojan.Packed.Based;; 4b03edab.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.; 4b28d602.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b28d602.qua;Probably Trojan.Packed.Based;; 4b28d602.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.; 4b56db28.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b56db28.qua;Probably Trojan.Packed.Based;; 4b56db28.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.; 4bb5f5b1.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4bb5f5b1.qua;Probably Trojan.Packed.Based;; 4bb5f5b1.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.; A0113675.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.; A0113676.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.; A0120496.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.; A0120497.EXE.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.NewDotNet;Moved.; NNWDAB638.EXE.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.NewDotNet;Moved.; VVSNInst.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.; CouponPrinter.exe\data012;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;; CouponPrinter.exe\data013;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;; CouponPrinter.exe\data015;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;; CouponPrinter.exe\data016;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;; CouponPrinter.exe;C:\Documents and Settings\SusanCheetah\My Documents;Container contains infected objects;Moved.; WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Moved.; mirc.exe;C:\Program Files\mIRC;Program.mIRC.621;Moved.; mirc.exe;C:\Program Files\mIRC\backup;Program.mIRC.617;Moved.; _desktop.ini;C:\WINNT\Resources\Themes\VistaCG127\material;Win32.HLLW.Gavir.ini;Deleted.; _desktop.ini;C:\WINNT\Resources\Themes\VistaCG127\material\basic;Win32.HLLW.Gavir.ini;Deleted.; ~~~~~~~~~~ Kaspersky -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, March 6, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, March 05, 2010 03:03:49 Records in database: 3693272 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ H:\ Scan statistics: Objects scanned: 95975 Threats found: 4 Infected objects found: 10 Suspicious objects found: 0 Scan duration: 07:24:56 File name / Threat / Threats count C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0113675.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0113676.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0120496.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0120497.EXE.bac_a03392 Infected: not-a-virus:AdWare.Win32.NewDotNet 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\mirc___0.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\NNWDAB638.EXE.bac_a03392 Infected: not-a-virus:AdWare.Win32.NewDotNet 1 C:\Documents and Settings\Owner\DoctorWeb\Quarantine\VVSNInst.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP1151\A0273437.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP1151\A0273438.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1 Selected area has been scanned.