Jump to content


Photo

Removing Contextual tool AdzGalore


  • This topic is locked This topic is locked
21 replies to this topic

#1 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 31 October 2008 - 02:02 PM

Hi, I have been advised to post this on here from an Ad-Aware support advisor, with the hope that somebody here can help me solve the problem.

I cannot rid my PC of these annoying pop ups that keep appearing randomly from Adzgalore.

I have updated Ad-Aware Pro and done a full scan with no results.

Can anybody help with this matter?

Thanks. Richard.

Here is a Hijackthis Log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:06, on 30/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Digsy\My Documents\My Received Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: adzgalore - {8107460b-0dee-b7c2-4cc4-1ed3cf3932b6} - C:\WINDOWS\system32\nsx37.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Startup.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://webcamnow.com...e-installer.cab
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigit....Downloader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162305299875
O16 - DPF: {A417A857-7019-49DC-9A73-A0CBC965F483} (UniVoiceX Control) - http://webcamnow.com...voice/voice.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 11307 bytes

#2 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 31 October 2008 - 03:20 PM

Hello

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)




Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers[/b], File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
  • Under Rootkit Search change it to Yes
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#3 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 31 October 2008 - 03:47 PM

Hello

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers[/b], File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
  • Under Rootkit Search change it to Yes
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.
Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way


Thanks for the reply.
Here is the log from the Lop S&D.


--------------------\\ Lop S&D 4.2.4-9 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Core™2 CPU 6600 @ 2.40GHz )
BIOS : BIOS Date: 08/23/06 11:45:44 Ver: 08.00.12
USER : Digsy ( Administrator )
BOOT : Normal boot
Antivirus : BullGuard Antivirus (Not Activated)
Firewall : ActiveArmor Firewall 1.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:293 Go (Free:235 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (CD or DVD)
L:\ (Local Disk) - FAT32 - Total:149 Go (Free:148 Go)

"C:\Lop SD" ( MAJ : 30-10-2008|21:58 )
Option : [1] ( 31/10/2008|16:21 )

--------------------\\ Listing folders in APPLIC~1

[27/10/2006|13:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\BullGuard
[27/10/2006|13:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
[25/11/2005|09:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[27/10/2006|13:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[25/11/2005|09:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real

[07/10/2008|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[12/03/2008|21:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/02/2007|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[06/07/2007|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[03/07/2007|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/01/2007|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[31/10/2008|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BullGuard
[27/10/2006|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[12/06/2007|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[23/10/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[17/07/2007|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[17/03/2008|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[06/07/2007|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[31/10/2006|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[05/07/2007|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[16/12/2006|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
[25/11/2005|09:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[25/11/2005|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[29/10/2008|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28/08/2007|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[31/10/2006|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[12/12/2006|12:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[25/01/2007|18:23] C:\DOCUME~1\Carol\APPLIC~1\Adobe
[09/12/2006|02:24] C:\DOCUME~1\Carol\APPLIC~1\BullGuard
[27/10/2006|13:48] C:\DOCUME~1\Carol\APPLIC~1\CyberLink
[25/11/2005|09:00] C:\DOCUME~1\Carol\APPLIC~1\Identities
[09/12/2006|02:20] C:\DOCUME~1\Carol\APPLIC~1\Microsoft
[25/11/2005|09:19] C:\DOCUME~1\Carol\APPLIC~1\Real
[25/01/2007|18:24] C:\DOCUME~1\Carol\APPLIC~1\XTND_BTUIObjects

[27/10/2006|13:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\BullGuard
[27/10/2006|13:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
[25/11/2005|09:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[27/10/2006|13:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/11/2005|09:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real

[11/07/2007|16:09] C:\DOCUME~1\Digsy\APPLIC~1\Adobe
[05/07/2007|13:14] C:\DOCUME~1\Digsy\APPLIC~1\Ahead
[18/04/2008|15:18] C:\DOCUME~1\Digsy\APPLIC~1\Apple Computer
[04/06/2007|14:08] C:\DOCUME~1\Digsy\APPLIC~1\Blackberry Desktop
[28/10/2008|16:56] C:\DOCUME~1\Digsy\APPLIC~1\BullGuard
[19/06/2007|13:28] C:\DOCUME~1\Digsy\APPLIC~1\CoreFTP
[01/11/2006|14:27] C:\DOCUME~1\Digsy\APPLIC~1\CyberLink
[08/05/2007|12:03] C:\DOCUME~1\Digsy\APPLIC~1\Google
[24/02/2007|21:06] C:\DOCUME~1\Digsy\APPLIC~1\Help
[31/10/2006|14:30] C:\DOCUME~1\Digsy\APPLIC~1\Hewlett-Packard
[31/10/2006|18:41] C:\DOCUME~1\Digsy\APPLIC~1\Identities
[23/10/2008|12:35] C:\DOCUME~1\Digsy\APPLIC~1\LimeWire
[18/07/2007|15:13] C:\DOCUME~1\Digsy\APPLIC~1\Macromedia
[19/02/2007|14:24] C:\DOCUME~1\Digsy\APPLIC~1\MailWasherPro
[19/09/2008|14:37] C:\DOCUME~1\Digsy\APPLIC~1\Microsoft
[19/06/2007|13:52] C:\DOCUME~1\Digsy\APPLIC~1\Mozilla
[19/09/2008|17:27] C:\DOCUME~1\Digsy\APPLIC~1\MSNInstaller
[19/06/2007|13:54] C:\DOCUME~1\Digsy\APPLIC~1\Nvu
[23/11/2006|13:27] C:\DOCUME~1\Digsy\APPLIC~1\Opera
[16/12/2006|10:54] C:\DOCUME~1\Digsy\APPLIC~1\PACE Anti-Piracy
[30/11/2006|17:56] C:\DOCUME~1\Digsy\APPLIC~1\Real
[04/06/2007|14:09] C:\DOCUME~1\Digsy\APPLIC~1\Research In Motion
[22/10/2008|13:49] C:\DOCUME~1\Digsy\APPLIC~1\Samsung
[19/06/2007|13:02] C:\DOCUME~1\Digsy\APPLIC~1\SmartFTP
[12/12/2006|13:08] C:\DOCUME~1\Digsy\APPLIC~1\Sun
[23/03/2007|10:06] C:\DOCUME~1\Digsy\APPLIC~1\Template
[15/01/2007|16:26] C:\DOCUME~1\Digsy\APPLIC~1\XTND_BTUIObjects
[11/06/2008|13:42] C:\DOCUME~1\Digsy\APPLIC~1\???????sAppData

[11/05/2007|15:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[01/11/2006|12:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[25/11/2005|09:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[16/09/2008 14:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[18/04/2008 14:55][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{059123A2-0BD4-42BC-97E3-F64F7F00AEAA}.job
[19/02/2007 14:30][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1162304856.job
[16/09/2008 14:53][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[29/10/2008|21:01] C:\Program Files\A
[18/07/2007|14:49] C:\Program Files\Abexo
[27/10/2008|19:10] C:\Program Files\Adobe
[15/06/2007|11:20] C:\Program Files\Ahead
[25/11/2005|09:19] C:\Program Files\aod
[16/09/2008|14:54] C:\Program Files\Apple Software Update
[27/10/2006|13:48] C:\Program Files\AvRack
[16/09/2008|13:31] C:\Program Files\Bonjour
[27/10/2006|13:33] C:\Program Files\BullGuard Software
[11/08/2008|15:07] C:\Program Files\CCleaner
[28/10/2008|16:41] C:\Program Files\Common Files
[25/11/2005|08:58] C:\Program Files\ComPlus Applications
[25/11/2005|09:18] C:\Program Files\CyberLink
[22/10/2008|14:02] C:\Program Files\Dr.STIKA PLUS
[22/10/2007|21:00] C:\Program Files\Electronic Arts
[15/01/2007|16:21] C:\Program Files\Extended Systems
[16/12/2006|10:53] C:\Program Files\GameSpy
[12/06/2007|13:54] C:\Program Files\Google
[31/10/2006|14:28] C:\Program Files\Hewlett-Packard
[25/11/2005|09:14] C:\Program Files\HighMAT CD Writing Wizard
[23/10/2008|12:37] C:\Program Files\InstallShield Installation Information
[09/12/2006|00:35] C:\Program Files\Internet
[14/10/2008|19:27] C:\Program Files\Internet Explorer
[07/10/2008|14:41] C:\Program Files\iPod
[07/10/2008|14:41] C:\Program Files\iTunes
[24/07/2008|15:08] C:\Program Files\Java
[23/10/2008|14:41] C:\Program Files\Lavasoft
[27/10/2006|13:51] C:\Program Files\Marvell
[15/01/2008|12:59] C:\Program Files\Mesh Online
[15/08/2008|10:04] C:\Program Files\Messenger
[25/11/2005|09:15] C:\Program Files\Microsoft ActiveSync
[25/11/2005|09:00] C:\Program Files\microsoft frontpage
[25/11/2005|09:16] C:\Program Files\Microsoft Office
[25/11/2005|09:16] C:\Program Files\Microsoft Works
[25/11/2005|09:15] C:\Program Files\Microsoft.NET
[15/06/2007|11:40] C:\Program Files\MioNet
[02/08/2008|12:02] C:\Program Files\Movie Maker
[19/09/2008|17:17] C:\Program Files\MSN
[25/11/2005|08:58] C:\Program Files\MSN Gaming Zone
[09/03/2007|19:42] C:\Program Files\MSN Messenger
[31/10/2006|14:57] C:\Program Files\MSXML 4.0
[15/12/2006|12:49] C:\Program Files\Nero
[02/08/2008|12:00] C:\Program Files\NetMeeting
[27/10/2006|13:49] C:\Program Files\NVIDIA Corporation
[19/06/2007|13:52] C:\Program Files\Nvu
[25/11/2005|08:58] C:\Program Files\Online Services
[02/08/2008|12:00] C:\Program Files\Outlook Express
[31/10/2008|15:08] C:\Program Files\Panda Security
[02/01/2007|15:54] C:\Program Files\PartyGaming
[31/10/2006|19:09] C:\Program Files\PCPitstop
[18/05/2007|23:39] C:\Program Files\Philips
[16/09/2008|13:46] C:\Program Files\QuickTime
[25/11/2005|09:19] C:\Program Files\Real
[27/10/2006|13:48] C:\Program Files\Realtek AC97
[27/10/2006|13:48] C:\Program Files\Realtek Sound Manager
[25/11/2005|09:14] C:\Program Files\Recovery
[04/06/2007|14:08] C:\Program Files\Research In Motion
[29/10/2008|21:04] C:\Program Files\Roland CutChoice
[21/10/2008|17:37] C:\Program Files\Roland CutChoice 1.1 Updater 2
[21/10/2008|15:07] C:\Program Files\Roland CutChoice AI10 Updater
[05/09/2008|15:03] C:\Program Files\Safari
[31/08/2007|14:14] C:\Program Files\Samsung
[23/10/2008|12:57] C:\Program Files\SDHelper (Spybot - Search & Destroy)
[28/08/2007|14:38] C:\Program Files\Setup
[29/10/2008|23:26] C:\Program Files\Spybot - Search & Destroy
[18/05/2007|19:51] C:\Program Files\SystemRequirementsLab
[11/07/2007|15:07] C:\Program Files\Tablet
[23/10/2008|12:57] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[25/11/2006|14:55] C:\Program Files\Total Training
[20/03/2007|13:33] C:\Program Files\Ubisoft
[25/11/2005|09:02] C:\Program Files\Uninstall Information
[12/12/2006|13:09] C:\Program Files\UniVoice
[01/11/2006|13:28] C:\Program Files\Valve
[01/11/2006|12:47] C:\Program Files\Windows Media Connect
[01/11/2006|12:48] C:\Program Files\Windows Media Connect 2
[02/08/2008|12:00] C:\Program Files\Windows Media Player
[02/08/2008|12:00] C:\Program Files\Windows NT
[25/11/2005|08:59] C:\Program Files\WindowsUpdate
[25/11/2005|09:00] C:\Program Files\xerox
[06/02/2007|16:55] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[27/10/2008|19:11] C:\Program Files\Common Files\Adobe
[08/02/2007|14:48] C:\Program Files\Common Files\Adobe Systems Shared
[06/07/2007|12:15] C:\Program Files\Common Files\Ahead
[16/09/2008|13:46] C:\Program Files\Common Files\Apple
[25/11/2005|09:15] C:\Program Files\Common Files\DESIGNER
[30/01/2007|18:21] C:\Program Files\Common Files\EasyInfo
[31/10/2006|14:24] C:\Program Files\Common Files\Hewlett-Packard
[27/10/2006|13:48] C:\Program Files\Common Files\InstallShield
[12/12/2006|13:04] C:\Program Files\Common Files\Java
[17/07/2007|19:17] C:\Program Files\Common Files\LightScribe
[15/02/2007|17:41] C:\Program Files\Common Files\Microsoft Shared
[25/11/2005|08:59] C:\Program Files\Common Files\MSSoap
[25/11/2005|08:54] C:\Program Files\Common Files\ODBC
[16/12/2006|10:54] C:\Program Files\Common Files\PACE Anti-Piracy
[30/11/2006|17:54] C:\Program Files\Common Files\Real
[04/06/2007|14:08] C:\Program Files\Common Files\Research In Motion
[25/11/2005|08:59] C:\Program Files\Common Files\Services
[25/11/2005|08:54] C:\Program Files\Common Files\SpeechEngines
[02/08/2008|11:59] C:\Program Files\Common Files\System
[28/10/2008|16:41] C:\Program Files\Common Files\Wise Installation Wizard
[30/11/2006|17:54] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 68 Processes )

iexplore.exe ~ [PID:3972]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Digsy\Cookies\digsy@adopt.euroclick[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 16:22:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:17][D:11]-> C:\DOCUME~1\Digsy\LOCALS~1\Temp
[F:26][D:0]-> C:\DOCUME~1\Digsy\Cookies
[F:1115][D:11]-> C:\DOCUME~1\Digsy\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 31/10/2008|16:22 - Option : [1]

--------------------\\ Scan completed at 16:22:52

#4 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 31 October 2008 - 03:59 PM

OtScan as requested.

Cheers.

Attached Files



#5 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 31 October 2008 - 08:09 PM

Can I get you to post that log here, seems it got messed up when you attached it. You may need to use two posts to get it all in
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#6 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 01 November 2008 - 10:37 AM

Can I get you to post that log here, seems it got messed up when you attached it. You may need to use two posts to get it all in


Here is the top half.

[code=auto:0]
OTScanIt2 logfile created on: 01/11/2008 11:08:21 - Run 2
OTScanIt2 by OldTimer - Version 1.0.0.27b Folder = C:\Documents and Settings\Digsy\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.20% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.69 Gb Total Space | 235.96 Gb Free Space | 80.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIGS
Current User Name: Digsy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 90 Days

[Processes - Safe List]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/10/28 16:43:57 | 00,611,664 | ---- | M] (Lavasoft)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.)
bullguardupdate.exe -> %ProgramFiles%\BullGuard Software\BullGuard\BullGuardUpdate.exe -> [2006/10/31 14:04:46 | 00,561,152 | ---- | M] (BullGuard Software)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> [2005/09/23 10:04:38 | 00,020,543 | ---- | M] (Apache Software Foundation)
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2007/05/15 16:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company)
nsvcip.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> [2005/09/30 12:59:46 | 00,118,843 | ---- | M] (NVIDIA)
nsvclog.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> [2005/09/30 12:59:30 | 00,061,503 | ---- | M] (NVIDIA)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2007/09/17 00:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation)
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [2007/08/31 16:44:23 | 00,066,872 | ---- | M] ()
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> [2005/09/23 10:04:38 | 00,020,543 | ---- | M] (Apache Software Foundation)
pnkbstrb.exe -> %SystemRoot%\system32\PnkBstrB.exe -> [2008/03/17 16:12:29 | 00,107,832 | ---- | M] ()
tablet.exe -> %SystemRoot%\system32\Tablet.exe -> [2005/12/05 21:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.)
nsvcappflt.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [2005/09/30 13:02:40 | 00,139,264 | ---- | M] ()
wmpnetwk.exe -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
ntrayfw.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe -> [2005/09/30 13:04:16 | 00,270,336 | ---- | M] (NVIDIA Corporation)
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> [2005/08/17 10:39:58 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.)
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> [2004/11/02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.)
pcmservice.exe -> %ProgramFiles%\CyberLink\PowerCinema\PCMService.exe -> [2005/01/14 18:21:46 | 00,110,744 | ---- | M] (CyberLink Corp.)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
btusrbdg.exe -> %SystemRoot%\system32\BtUsrBdg.exe -> [2003/11/05 21:21:00 | 00,053,248 | ---- | M] (Extended Systems, Inc.)
btsetbootkey.exe -> %SystemRoot%\system32\BTSetBootKey.exe -> [2003/04/15 09:48:00 | 00,036,864 | ---- | M] ()
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/14 00:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
applesyncnotifier.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe -> [2008/09/03 19:12:50 | 00,111,936 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.)
bullguard.exe -> %ProgramFiles%\BullGuard Software\BullGuard\BullGuard.exe -> [2006/10/31 14:03:29 | 00,102,400 | ---- | M] (BullGuard Software)
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> [2007/06/27 18:03:40 | 00,152,872 | ---- | M] (Nero AG)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/14 00:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
wmpnscfg.exe -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe -> [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation)
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited)
nmindexingservice.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> [2007/06/27 18:04:00 | 00,279,848 | ---- | M] (Nero AG)
hpohmr08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> [2003/04/06 01:17:18 | 00,147,456 | ---- | M] (Hewlett-Packard Co.)
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/04/06 01:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard)
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> [2007/06/27 18:04:00 | 01,213,736 | ---- | M] (Nero AG)
tabuserw.exe -> %SystemRoot%\system32\WTablet\TabUserW.exe -> [2005/12/05 20:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.)
hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> [2003/04/06 00:45:10 | 00,286,720 | ---- | M] (Hewlett-Packard Co.)
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2003/03/09 04:31:02 | 00,065,795 | R--- | M] (HP)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.)
xcblumgr.exe -> %ProgramFiles%\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe -> [2003/11/20 15:33:00 | 00,245,760 | ---- | M] (Windigo Systems)
hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> [2003/04/06 00:55:04 | 00,311,296 | ---- | M] (Hewlett-Packard Co.)
sushim~1.exe -> %ProgramFiles%\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\SUSHIMonAPI.exe -> [2003/11/14 13:27:00 | 00,135,168 | ---- | M] ()
btprot.exe -> %ProgramFiles%\Extended Systems\XTNDConnect Blue Manager\btprot.exe -> [2004/10/04 20:29:00 | 00,253,952 | ---- | M] (Windigo Systems)
distnoted.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\distnoted.exe -> [2008/10/01 12:06:26 | 00,015,376 | ---- | M] ()
btui_m~1.exe -> %ProgramFiles%\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\BTUI_MiddleMgr.exe -> [2002/07/11 11:21:24 | 00,102,400 | ---- | M] ()
syncserver.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\SyncServer.exe -> [2008/10/01 12:06:58 | 00,518,120 | ---- | M] ()
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/10/30 23:52:54 | 00,419,840 | ---- | M] (OldTimer Tools)
wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/10/28 16:43:57 | 00,611,664 | ---- | M] (Lavasoft)
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2007/02/08 14:48:41 | 00,072,704 | ---- | M] (Adobe Systems)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(BGLiveSvc) BullGuard LiveUpdate [Win32_Own | Auto | Running] -> %ProgramFiles%\BullGuard Software\BullGuard\BullGuardUpdate.exe -> [2006/10/31 14:04:46 | 00,561,152 | ---- | M] (BullGuard Software)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -> [2005/01/14 18:22:24 | 00,172,153 | ---- | M] ()
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -> [2005/01/14 18:22:26 | 00,110,711 | ---- | M] ()
(CyberLink Media Library Service) CyberLink Media Library Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> [2005/01/14 18:22:50 | 00,024,576 | ---- | M] (Cyberlink)
(ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [2005/09/30 13:02:40 | 00,139,264 | ---- | M] ()
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> [2005/09/23 10:04:38 | 00,020,543 | ---- | M] (Apache Software Foundation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2007/05/15 16:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company)
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007/06/29 18:16:56 | 00,800,040 | ---- | M] (Nero AG)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> [2007/06/27 18:04:00 | 00,279,848 | ---- | M] (Nero AG)
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> [2005/09/30 12:59:46 | 00,118,843 | ---- | M] (NVIDIA)
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> [2005/09/30 12:59:30 | 00,061,503 | ---- | M] (NVIDIA)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2007/09/17 00:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2003/03/09 04:31:02 | 00,065,795 | R--- | M] (HP)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2007/08/31 16:44:23 | 00,066,872 | ---- | M] ()
(PnkBstrB) PnkBstrB [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrB.exe -> [2008/03/17 16:12:29 | 00,107,832 | ---- | M] ()
(TabletService) TabletService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Tablet.exe -> [2005/12/05 21:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(Ad-Watch Connect Filter) Ad-Watch Connect Kernel Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NSDriver.sys -> [2008/04/29 11:20:00 | 00,015,648 | ---- | M] (Lavasoft AB)
(Ad-Watch Real-Time Scanner) AW Real-Time Scanner [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Awrtpd.sys -> [2008/04/29 11:19:50 | 00,012,960 | ---- | M] (Lavasoft AB)
(Ad-Watch Registry Filter) Ad-Watch Registry Kernel Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Awrtrd.sys -> [2008/04/29 11:19:54 | 00,015,648 | ---- | M] (Lavasoft AB)
(AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> [2004/10/08 01:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2005/08/19 09:31:52 | 03,644,800 | ---- | M] (Realtek Semiconductor Corp.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(BTCOMM) BTCOMM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Btcomm.sys -> [2004/09/28 15:18:00 | 00,057,512 | ---- | M] (Windigo Systems)
(BthEnum) Bluetooth Enumerator Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bthenum.sys -> [2008/04/13 18:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation)
(BthPan) Bluetooth Device (Personal Area Network) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bthpan.sys -> [2008/04/13 18:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation)
(BTHPORT) Bluetooth Port Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bthport.sys -> [2008/06/13 11:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation)
(BTHUSB) Bluetooth Radio USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bthusb.sys -> [2008/04/13 18:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation)
(BTKRNBDG) Bluetooth COM Bridge [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BtKrnBdg.sys -> [2003/03/18 10:31:00 | 00,015,876 | ---- | M] (Windigo Systems)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(CSRBC01) %CSRBC01.SvcDesc% [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\csrbc01.sys -> [2003/10/29 18:52:00 | 00,024,523 | ---- | M] (Windigo)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(fasttx2k) fasttx2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\Fasttx2k.sys -> [2003/08/06 09:43:00 | 00,159,744 | ---- | M] (Promise Technology, Inc.)
(FileSpy5) BullGuard File Monitor [Kernel | On_Demand | Running] -> %ProgramFiles%\BullGuard Software\BullGuard\filespy5.sys -> [2006/10/31 14:04:50 | 00,019,536 | ---- | M] (BullGuard Ltd.)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2008/04/13 18:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hpzid412.sys -> [2003/03/09 04:31:00 | 00,051,024 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2003/03/09 04:31:02 | 00,016,080 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2003/03/09 04:31:02 | 00,021,456 | R--- | M] (HP)
(iaStor) Intel AHCI Controller [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\iaStor.sys -> [2004/04/20 10:13:00 | 00,472,960 | ---- | M] (Intel Corporation)
(imagedrv) imagedrv [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\imagedrv.sys -> [2007/07/03 18:10:10 | 00,011,304 | ---- | M] (Ahead Software AG)
(imagesrv) imagesrv [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\imagesrv.sys -> [2007/07/03 18:10:12 | 00,132,904 | ---- | M] (Ahead Software AG)
(m5287) m5287 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\m5287.sys -> [2005/02/05 07:00:00 | 00,085,888 | ---- | M] (ULi Electronics Inc.)
(m5289) m5289 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\m5289.sys -> [2004/12/01 10:49:00 | 00,051,840 | ---- | M] (ULi Electronics Inc.)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(ms_mpu401) Microsoft MPU-401 MIDI UART Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msmpu401.sys -> [2001/08/17 13:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys -> [2004/08/13 10:56:20 | 00,005,810 | ---- | M] ()
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2007/09/17 00:07:00 | 06,853,088 | ---- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2005/09/30 04:52:20 | 00,034,048 | ---- | M] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2005/09/30 04:52:22 | 00,013,056 | ---- | M] (NVIDIA Corporation)
(NVTCP) NVIDIA TCP/IP Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\nvtcp.sys -> [2005/10/27 10:10:50 | 00,101,632 | ---- | M] (NVIDIA Corporation)
(Par1284) Par1284 [Kernel | Auto | Running] -> %ProgramFiles%\Roland CutChoice\Program\Par1284.sys -> [2001/09/05 10:29:02 | 00,047,328 | ---- | M] (Warp Nine Engineering)
(pavboot) pavboot [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\pavboot.sys -> [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.)
(PenClass) Pen Class [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PenClass.sys -> [2005/11/29 21:50:42 | 00,008,138 | ---- | M] (Wacom Technology Corporation)
(PnkBstrK) PnkBstrK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PnkBstrK.sys -> [2008/03/17 16:13:13 | 00,022,328 | ---- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(Reconn) BullGuard Email Monitor [Kernel | On_Demand | Running] -> %ProgramFiles%\BullGuard Software\BullGuard\reconn.sys -> [2006/10/31 14:04:54 | 00,012,240 | ---- | M] ()
(RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rfcomm.sys -> [2008/04/13 18:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation)
(RimUsb) BlackBerry Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RimUsb.sys -> [2006/07/13 09:17:24 | 00,022,528 | ---- | M] (Research In Motion Limited)
(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RimSerial.sys -> [2006/06/30 15:10:56 | 00,026,752 | R--- | M] (Research in Motion Ltd)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rootmdm.sys -> [2004/08/04 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SI3132) SiI-3132 SATALink Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SI3132.sys -> [2006/04/19 09:45:12 | 00,067,712 | ---- | M] (Silicon Image, Inc.)
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiWinAcc.sys -> [2004/11/01 12:21:32 | 00,010,368 | ---- | M] (Silicon Image, Inc.)
(SiRemFil) SATALink External Device Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiRemFil.sys -> [2006/04/18 10:49:00 | 00,005,504 | ---- | M] (Silicon Image, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 18:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Teefer.sys -> [2003/09/12 15:08:00 | 00,055,888 | ---- | M] (Sygate Technologies, Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(vad_multi) Windigo Virtual Audio Device (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vadmulti.sys -> [2003/11/05 10:53:00 | 00,019,840 | ---- | M] (Windigo Systems)
(viamraid) viamraid [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\viamraid.sys -> [2004/03/29 12:45:00 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd)
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg3n.sys -> [2003/09/12 15:08:06 | 00,011,914 | ---- | M] (Sygate Technologies, Inc.)
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> [2003/09/12 15:08:02 | 00,018,515 | ---- | M] (Sygate Technologies, Inc.)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 12:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> [2006/05/23 07:56:00 | 00,245,248 | ---- | M] (Marvell)
(ZSMC301b) Philips SPC 200NC PC Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbVM31b.sys -> [2005/02/26 15:25:52 | 00,091,527 | ---- | M] (VM)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft...p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsof...search.asp?p=%s ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< HOSTS File > (269159 bytes and 9359 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 03:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{8107460b-0dee-b7c2-4cc4-1ed3cf3932b6} [HKLM] -> %SystemRoot%\system32\nsx37.dll [adzgalore] -> [2008/10/07 15:05:42 | 00,364,032 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}" -> %ProgramFiles%\CyberLink\PowerBackup\PBKScheduler.exe ["C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"] -> [2004/06/08 18:33:32 | 00,069,721 | ---- | M] (CyberLink Corp.)
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/09/03 19:12:50 | 00,111,936 | ---- | M] (Apple Inc.)
"BTSETBOOTKEY" -> %SystemRoot%\system32\BTSetBootKey.exe [BTSetBootKey.exe] -> [2003/04/15 09:48:00 | 00,036,864 | ---- | M] ()
"BTUSRBDG" -> %SystemRoot%\system32\BtUsrBdg.exe [BtUsrBdg.exe] -> [2003/11/05 21:21:00 | 00,053,248 | ---- | M] (Extended Systems, Inc.)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.)
"NeroFilterCheck" -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2007/03/01 14:57:24 | 00,153,136 | ---- | M] (Nero AG)
"nTrayFw" -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe] -> [2005/09/30 13:04:16 | 00,270,336 | ---- | M] (NVIDIA Corporation)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007/09/17 00:07:00 | 08,491,008 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2007/09/17 00:07:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2007/09/17 00:07:00 | 01,626,112 | ---- | M] ()
"PCMService" -> %ProgramFiles%\CyberLink\PowerCinema\PCMService.exe ["C:\Program Files\CyberLink\PowerCinema\PCMService.exe"] -> [2005/01/14 18:21:46 | 00,110,744 | ---- | M] (CyberLink Corp.)
"RemoteControl" -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> [2004/11/02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.)
"SoundMan" -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> [2005/08/17 10:39:58 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> [2007/06/27 18:03:40 | 00,152,872 | ---- | M] (Nero AG)
"BGNewsAgent" -> %ProgramFiles%\BullGuard Software\BullGuard\BgNewsUI.exe ["C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"] -> [2006/10/31 14:03:25 | 00,114,688 | ---- | M] (BullGuard Software)
"BullGuard" -> %ProgramFiles%\BullGuard Software\BullGuard\BullGuard.exe ["C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"] -> [2006/10/31 14:03:29 | 00,102,400 | ---- | M] (BullGuard Software)
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited)
"WMPNSCFG" -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2000/08/24 14:16:34 | 00,110,592 | ---- | M] (Adobe Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\hp psc 1000 series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> [2003/04/06 01:17:18 | 00,147,456 | ---- | M] (Hewlett-Packard Co.)
%AllUsersProfile%\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/04/06 01:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard)
-> %AllUsersProfile%\Start Menu\Programs\Startup\Startup.exe -> [2003/10/16 16:37:00 | 00,036,864 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\TabUserW.exe.lnk -> %SystemRoot%\system32\WTablet\TabUserW.exe -> [2005/12/05 20:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.)
< Digsy Startup Folder > -> C:\Documents and Settings\Digsy\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2000/08/24 14:16:34 | 00,110,592 | ---- | M] (Adobe Systems, Inc.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2007/05/31 11:27:28 | 10,290,008 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [Button: PartyPoker.com] -> [2006/10/25 17:43:22 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [Menu: PartyPoker.com] -> [2006/10/25 17:43:22 | 00,110,592 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4896 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4903 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 53 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} [HKLM] -> http://webcamnow.com...e-installer.cab[UniInstaller Class] ->
{04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} [HKLM] -> https://www.hmvdigit....Downloader.cab[HMVDownloader Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macr...director/sw.cab[Shockwave ActiveX Control] ->
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} [HKLM] -> http://acs.pandasoft...s/as2stubie.cab[ActiveScan 2.0 Installer Class] ->
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} [HKLM] -> http://www.nvidia.co.../sysreqlab2.cab[System Requirements Lab Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.micros...b?1162305299875[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_07] ->
{A417A857-7019-49DC-9A73-A0CBC965F483} [HKLM] -> http://webcamnow.com...voice/voice.cab[UniVoiceX Control] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_09] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.m...ash/swflash.cab[Shockwave Flash Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{06F821BC-8007-4F10-AE61-76841701751B} -> () ->
{13E98F5F-8E9A-4410-A306-AD15A8169933} -> (NVIDIA nForce Networking Controller) ->
{7C41812B-3A19-4439-B36D-E69ED7469334} -> () ->
{BBA7C943-CA38-4026-8EB4-924F8FA6FD87} -> (1394 Net Adapter) ->
{D5DF6D4D-A86A-4893-8944-60C1E1715809} -> (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" -> C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe [C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema] -> [2005/01/14 18:21:44 | 00,045,056 | ---- | M] (CyberLink Corp.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" -> C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server] -> [2005/09/23 10:04:38 | 00,020,543 | ---- | M] (Apache Software Foundation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 18:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->

#7 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 01 November 2008 - 10:41 AM

The rest.


C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005/11/25 09:00:41 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
"CLCapSvc" -> ->
"CLSched" -> ->
"CyberLink Media Library Service" -> ->
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin200.exe.lnk -> %ProgramFiles%\Philips\SPC 200NC PC Camera\TrayMin200.exe -> [2005/07/12 18:54:32 | 00,278,528 | ---- | M] ()
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 2 ->
"services" -> 2 ->
"startup" -> 0 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/14 00:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004/08/04 12:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2006/10/17 12:56:10 | 00,045,568 | ---- | M] (Microsoft Corporation)
.html [@ = SafariHTML] -> %ProgramFiles%\Safari\Safari.exe -> [2008/06/17 23:16:12 | 03,463,976 | ---- | M] (Apple Inc.)
.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/14 00:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S ->
.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> [] ->
AppMgmt -> C:\WINDOWS\System32\appmgmts.dll [C:\WINDOWS\System32\appmgmts.dll] -> File not found
Ias -> [] ->
Iprip -> [] ->
Irmon -> [] ->
NWCWorkstation -> [] ->
Nwsapagent -> [] ->
Wmi -> [] ->
WmdmPmSp -> [] ->
helpsvc -> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll] -> [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807553E5-5146-11D5-A672-00B0D022E945} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL[Reg Error: Value does not exist or could not be read.] -> [2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKLM] -> No CLSID value
ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\msitss.dll[Microsoft Infotech Storage Protocol for IE 4.0] -> [2001/06/20 16:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation)
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation)
mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL[Data Page Plugable Protocal mso-offdap11 Handler] -> [2005/04/25 13:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation)

[Files/Folders - Created Within 90 Days]
1 C:\*.tmp files -> C:\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/10/31 16:26:39 | 00,000,000 | ---D | C]
Lop SD -> %SystemDrive%\Lop SD -> [2008/10/31 16:20:51 | 00,000,000 | ---D | C]
pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> [2008/10/31 15:08:57 | 00,028,544 | ---- | C] (Panda Security, S.L.)
Panda Security -> %ProgramFiles%\Panda Security -> [2008/10/31 15:08:40 | 00,000,000 | ---D | C]
A -> %ProgramFiles%\A -> [2008/10/29 21:01:12 | 00,000,000 | ---D | C]
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/10/28 16:42:36 | 00,000,800 | ---- | C] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/10/28 16:42:36 | 00,000,800 | ---- | C] ()
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2008/10/28 16:41:59 | 00,000,000 | ---D | C]
Roland CutChoice.lnk -> %AllUsersProfile%\Desktop\Roland CutChoice.lnk -> [2008/10/27 19:15:13 | 00,001,721 | ---- | C] ()
Adobe Gamma Loader.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> [2008/10/27 19:11:19 | 00,001,827 | ---- | C] ()
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/27 19:07:29 | 00,337,408 | ---- | C] (Microsoft Corporation)
35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl -> %UserProfile%\My Documents\35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl -> [2008/10/23 19:16:49 | 00,000,000 | ---D | C]
35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl.zip -> %UserProfile%\My Documents\35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl.zip -> [2008/10/23 19:08:58 | 56,477,5803 | ---- | C] ()
spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> [2008/10/23 13:02:33 | 14,968,808 | ---- | C] (Safer Networking Limited )
TeaTimer (Spybot - Search & Destroy) -> %ProgramFiles%\TeaTimer (Spybot - Search & Destroy) -> [2008/10/23 12:57:06 | 00,000,000 | ---D | C]
SDHelper (Spybot - Search & Destroy) -> %ProgramFiles%\SDHelper (Spybot - Search & Destroy) -> [2008/10/23 12:57:06 | 00,000,000 | ---D | C]
cont_adzgalore-remove.exe -> %SystemRoot%\System32\cont_adzgalore-remove.exe -> [2008/10/22 16:04:32 | 00,102,190 | ---- | C] ()
LimeWire -> %AppData%\LimeWire -> [2008/10/22 15:04:48 | 00,000,000 | ---D | C]
Dr.STIKA PLUS -> %ProgramFiles%\Dr.STIKA PLUS -> [2008/10/22 14:02:16 | 00,000,000 | ---D | C]
Roland CutChoice 1.1 Updater 2 -> %ProgramFiles%\Roland CutChoice 1.1 Updater 2 -> [2008/10/21 17:37:02 | 00,000,000 | ---D | C]
rdgstikp.drv -> %SystemRoot%\System32\rdgstikp.drv -> [2008/10/21 17:13:41 | 00,102,416 | R--- | C] (Roland DG Corporation)
spoolerlogs -> %SystemDrive%\spoolerlogs -> [2008/10/21 15:45:24 | 00,000,000 | ---D | C]
RD462LM1.DLL -> %SystemRoot%\System32\RD462LM1.DLL -> [2008/10/21 15:45:23 | 00,013,630 | ---- | C] (Roland DG Corporation)
ousb2hub.sys -> %SystemRoot%\System32\drivers\ousb2hub.sys -> [2008/10/21 15:23:15 | 00,043,648 | ---- | C] (OrangeWare Corporation)
ousbehci.sys -> %SystemRoot%\System32\drivers\ousbehci.sys -> [2008/10/21 15:23:15 | 00,029,696 | ---- | C] (OrangeWare Corporation)
Drivers -> %SystemRoot%\Drivers -> [2008/10/21 15:23:15 | 00,000,000 | ---D | C]
ser2pl.sys -> %SystemRoot%\System32\drivers\ser2pl.sys -> [2008/10/21 15:16:06 | 00,042,752 | ---- | C] (Prolific Technology Inc.)
VBA5.DLL -> %SystemRoot%\System32\VBA5.DLL -> [2008/10/21 15:09:08 | 01,766,160 | ---- | C] (Microsoft Corporation)
VB5.OLB -> %SystemRoot%\System32\VB5.OLB -> [2008/10/21 15:09:08 | 00,279,098 | ---- | C] ()
Roland CutChoice -> %ProgramFiles%\Roland CutChoice -> [2008/10/21 15:08:55 | 00,000,000 | ---D | C]
uninst.exe -> %SystemRoot%\uninst.exe -> [2008/10/21 15:08:18 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.)
Roland CutChoice AI10 Updater -> %ProgramFiles%\Roland CutChoice AI10 Updater -> [2008/10/21 15:07:24 | 00,000,000 | ---D | C]
RDCOMMON.DLL__ -> %SystemRoot%\System32\RDCOMMON.DLL__ -> [2008/10/21 15:06:56 | 00,013,630 | ---- | C] (Roland DG Corporation)
RDCOMMON.DLL -> %SystemRoot%\System32\RDCOMMON.DLL -> [2008/10/21 15:06:56 | 00,013,630 | ---- | C] (Roland DG Corporation)
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/14 17:56:43 | 00,333,824 | ---- | C] (Microsoft Corporation)
win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/14 17:55:56 | 01,846,400 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/14 17:55:51 | 02,189,184 | ---- | C] (Microsoft Corporation)
ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/14 17:55:51 | 02,145,280 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/14 17:55:50 | 02,066,048 | ---- | C] (Microsoft Corporation)
ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/14 17:55:50 | 02,023,936 | ---- | C] (Microsoft Corporation)
nsx37.dll -> %SystemRoot%\System32\nsx37.dll -> [2008/10/07 15:05:42 | 00,364,032 | ---- | C] ()
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/10/07 14:41:15 | 00,000,000 | ---D | C]
sisters.ai -> %UserProfile%\My Documents\sisters.ai -> [2008/09/22 15:54:09 | 00,942,959 | ---- | C] ()
MSNInstaller -> %AppData%\MSNInstaller -> [2008/09/19 17:27:09 | 00,000,000 | ---D | C]
MSN Installer.lnk -> %AllUsersProfile%\Desktop\MSN Installer.lnk -> [2008/09/19 17:17:54 | 00,001,864 | ---- | C] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/09/16 14:53:07 | 00,000,284 | ---- | C] ()
Prefetch -> %SystemRoot%\Prefetch -> [2008/09/16 14:53:07 | 00,000,000 | ---D | C]
QuickTime -> %ProgramFiles%\QuickTime -> [2008/09/16 13:46:14 | 00,000,000 | ---D | C]
Bonjour -> %ProgramFiles%\Bonjour -> [2008/09/16 13:31:47 | 00,000,000 | ---D | C]
Safari.lnk -> %AllUsersProfile%\Desktop\Safari.lnk -> [2008/09/05 15:04:01 | 00,001,599 | ---- | C] ()
Safari -> %ProgramFiles%\Safari -> [2008/09/05 15:03:32 | 00,000,000 | ---D | C]
Team Fortress 2.lnk -> %UserProfile%\Desktop\Team Fortress 2.lnk -> [2008/08/27 17:59:04 | 00,001,669 | ---- | C] ()
msadce.dll -> %SystemRoot%\System32\dllcache\msadce.dll -> [2008/08/15 09:32:20 | 00,331,776 | ---- | C] (Microsoft Corporation)
inetcomm.dll -> %SystemRoot%\System32\dllcache\inetcomm.dll -> [2008/08/15 09:31:50 | 00,691,712 | ---- | C] (Microsoft Corporation)
Fantasy -> %UserProfile%\My Documents\Fantasy -> [2008/08/09 14:40:27 | 00,000,000 | ---D | C]
My Projects -> %UserProfile%\My Documents\My Projects -> [2008/08/09 14:32:08 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 90 Days]
1 C:\*.tmp files -> C:\*.tmp ->
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2006/10/31 13:52:34 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/10/27 19:07:29 | 00,004,232 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/10/27 19:07:29 | 00,004,646 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2005/11/25 09:15:53 | 00,000,000 | ---D | M]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2008/10/27 21:15:48 | 00,011,184 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [2008/08/09 14:29:48 | 00,000,000 | ---D | M]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2007/03/23 10:06:31 | 00,016,384 | ---- | M] ()
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [2007/03/23 10:52:14 | 00,161,385 | ---- | M] ()
C:\Documents and Settings\Digsy\Local Settings\Temp\Saf3B.tmp\ -> C:\Documents and Settings\Digsy\Local Settings\Temp\Saf3B.tmp\ -> [2008/10/28 16:41:54 | 00,000,000 | ---D | M]
aaw2008.exe -> C:\Documents and Settings\Digsy\Local Settings\Temp\Saf3B.tmp\aaw2008.exe -> [2008/10/28 16:41:54 | 19,153,264 | ---- | M] ()
C:\Documents and Settings\Digsy\Local Settings\Temp\ -> C:\Documents and Settings\Digsy\Local Settings\Temp -> [2008/11/01 11:05:28 | 00,000,000 | ---D | M]
swpklkdv.dll -> C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll -> [2008/10/31 16:27:22 | 00,053,248 | ---- | M] ()
4 C:\Documents and Settings\Digsy\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Digsy\Local Settings\Temp\*.tmp ->
hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [2008/11/01 11:06:18 | 00,000,521 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/11/01 11:02:13 | 00,012,706 | ---- | M] ()
tablet.dat -> %SystemRoot%\System32\tablet.dat -> [2008/11/01 11:01:42 | 00,012,914 | ---- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/11/01 11:00:47 | 00,002,048 | --S- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/10/31 16:09:29 | 00,070,248 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/10/31 14:47:30 | 00,269,159 | R--- | M] ()
Roland CutChoice.lnk -> %AllUsersProfile%\Desktop\Roland CutChoice.lnk -> [2008/10/29 20:53:55 | 00,001,721 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/29 20:42:34 | 00,248,696 | ---- | M] ()
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/10/28 16:42:36 | 00,000,800 | ---- | M] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/10/28 16:42:36 | 00,000,800 | ---- | M] ()
Mesh Online Support.lnk -> %UserProfile%\Desktop\Mesh Online Support.lnk -> [2008/10/27 22:31:42 | 00,001,643 | ---- | M] ()
Adobe Gamma Loader.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> [2008/10/27 19:11:19 | 00,001,827 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/10/27 19:07:39 | 00,483,426 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/10/27 19:07:39 | 00,410,908 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/10/27 19:07:39 | 00,065,442 | ---- | M] ()
35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl.zip -> %UserProfile%\My Documents\35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl.zip -> [2008/10/23 19:10:04 | 56,477,5803 | ---- | M] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2008/10/23 13:04:03 | 00,000,940 | ---- | M] ()
spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> [2008/10/23 13:03:17 | 14,968,808 | ---- | M] (Safer Networking Limited )
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/10/22 16:19:26 | 00,014,848 | ---- | M] ()
cont_adzgalore-remove.exe -> %SystemRoot%\System32\cont_adzgalore-remove.exe -> [2008/10/22 16:04:32 | 00,102,190 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/10/21 16:21:19 | 00,000,116 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/10/21 16:09:02 | 00,000,658 | ---- | M] ()
netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/10/07 19:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation)
nsx37.dll -> %SystemRoot%\System32\nsx37.dll -> [2008/10/07 15:05:42 | 00,364,032 | ---- | M] ()
ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008/10/03 17:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation)
ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2008/10/03 17:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation)
sisters.ai -> %UserProfile%\My Documents\sisters.ai -> [2008/09/22 16:07:23 | 00,942,959 | ---- | M] ()
MSN Installer.lnk -> %AllUsersProfile%\Desktop\MSN Installer.lnk -> [2008/09/19 17:17:54 | 00,001,864 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/09/16 14:53:29 | 00,000,006 | -H-- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/09/16 14:53:07 | 00,000,284 | ---- | M] ()
win32k.sys -> %SystemRoot%\System32\win32k.sys -> [2008/09/15 12:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation)
win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/09/15 12:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation)
srv.sys -> %SystemRoot%\System32\drivers\srv.sys -> [2008/09/08 10:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation)
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/09/08 10:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation)
Safari.lnk -> %AllUsersProfile%\Desktop\Safari.lnk -> [2008/09/05 15:04:01 | 00,001,599 | ---- | M] ()
Team Fortress 2.lnk -> %UserProfile%\Desktop\Team Fortress 2.lnk -> [2008/08/27 17:59:04 | 00,001,669 | ---- | M] ()
mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/08/27 08:24:32 | 03,593,216 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/08/27 08:24:32 | 03,593,216 | ---- | M] (Microsoft Corporation)
urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008/08/26 07:24:31 | 01,159,680 | ---- | M] (Microsoft Corporation)
urlmon.dll -> %SystemRoot%\System32\dllcache\urlmon.dll -> [2008/08/26 07:24:31 | 01,159,680 | ---- | M] (Microsoft Corporation)
wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008/08/26 07:24:31 | 00,826,368 | ---- | M] (Microsoft Corporation)
wininet.dll -> %SystemRoot%\System32\dllcache\wininet.dll -> [2008/08/26 07:24:31 | 00,826,368 | ---- | M] (Microsoft Corporation)
webcheck.dll -> %SystemRoot%\System32\webcheck.dll -> [2008/08/26 07:24:31 | 00,233,472 | ---- | M] (Microsoft Corporation)
webcheck.dll -> %SystemRoot%\System32\dllcache\webcheck.dll -> [2008/08/26 07:24:31 | 00,233,472 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> %SystemRoot%\System32\inetcpl.cpl -> [2008/08/26 07:24:30 | 01,831,424 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> %SystemRoot%\System32\dllcache\inetcpl.cpl -> [2008/08/26 07:24:30 | 01,831,424 | ---- | M] (Microsoft Corporation)
mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2008/08/26 07:24:30 | 00,671,232 | ---- | M] (Microsoft Corporation)
mstime.dll -> %SystemRoot%\System32\dllcache\mstime.dll -> [2008/08/26 07:24:30 | 00,671,232 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> %SystemRoot%\System32\mshtmled.dll -> [2008/08/26 07:24:30 | 00,477,696 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> %SystemRoot%\System32\dllcache\mshtmled.dll -> [2008/08/26 07:24:30 | 00,477,696 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\msfeeds.dll -> [2008/08/26 07:24:30 | 00,459,264 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\dllcache\msfeeds.dll -> [2008/08/26 07:24:30 | 00,459,264 | ---- | M] (Microsoft Corporation)
msrating.dll -> %SystemRoot%\System32\msrating.dll -> [2008/08/26 07:24:30 | 00,193,024 | ---- | M] (Microsoft Corporation)
msrating.dll -> %SystemRoot%\System32\dllcache\msrating.dll -> [2008/08/26 07:24:30 | 00,193,024 | ---- | M] (Microsoft Corporation)
url.dll -> %SystemRoot%\System32\url.dll -> [2008/08/26 07:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)
url.dll -> %SystemRoot%\System32\dllcache\url.dll -> [2008/08/26 07:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)
occache.dll -> %SystemRoot%\System32\occache.dll -> [2008/08/26 07:24:30 | 00,102,912 | ---- | M] (Microsoft Corporation)
occache.dll -> %SystemRoot%\System32\dllcache\occache.dll -> [2008/08/26 07:24:30 | 00,102,912 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\msfeedsbs.dll -> [2008/08/26 07:24:30 | 00,052,224 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\dllcache\msfeedsbs.dll -> [2008/08/26 07:24:30 | 00,052,224 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> %SystemRoot%\System32\pngfilt.dll -> [2008/08/26 07:24:30 | 00,044,544 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> %SystemRoot%\System32\dllcache\pngfilt.dll -> [2008/08/26 07:24:30 | 00,044,544 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2008/08/26 07:24:30 | 00,027,648 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> %SystemRoot%\System32\dllcache\jsproxy.dll -> [2008/08/26 07:24:30 | 00,027,648 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> %SystemRoot%\System32\iedkcs32.dll -> [2008/08/26 07:24:29 | 00,384,512 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> %SystemRoot%\System32\dllcache\iedkcs32.dll -> [2008/08/26 07:24:29 | 00,384,512 | ---- | M] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2008/08/26 07:24:29 | 00,267,776 | ---- | M] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\dllcache\iertutil.dll -> [2008/08/26 07:24:29 | 00,267,776 | ---- | M] (Microsoft Corporation)
iernonce.dll -> %SystemRoot%\System32\iernonce.dll -> [2008/08/26 07:24:29 | 00,044,544 | ---- | M] (Microsoft Corporation)
iernonce.dll -> %SystemRoot%\System32\dllcache\iernonce.dll -> [2008/08/26 07:24:29 | 00,044,544 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\ieapfltr.dll -> [2008/08/26 07:24:28 | 00,383,488 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\dllcache\ieapfltr.dll -> [2008/08/26 07:24:28 | 00,383,488 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> %SystemRoot%\System32\dxtmsft.dll -> [2008/08/26 07:24:28 | 00,347,136 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> %SystemRoot%\System32\dllcache\dxtmsft.dll -> [2008/08/26 07:24:28 | 00,347,136 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> %SystemRoot%\System32\ieaksie.dll -> [2008/08/26 07:24:28 | 00,230,400 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> %SystemRoot%\System32\dllcache\ieaksie.dll -> [2008/08/26 07:24:28 | 00,230,400 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> %SystemRoot%\System32\dxtrans.dll -> [2008/08/26 07:24:28 | 00,214,528 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> %SystemRoot%\System32\dllcache\dxtrans.dll -> [2008/08/26 07:24:28 | 00,214,528 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> %SystemRoot%\System32\ieakeng.dll -> [2008/08/26 07:24:28 | 00,153,088 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> %SystemRoot%\System32\dllcache\ieakeng.dll -> [2008/08/26 07:24:28 | 00,153,088 | ---- | M] (Microsoft Corporation)
extmgr.dll -> %SystemRoot%\System32\extmgr.dll -> [2008/08/26 07:24:28 | 00,133,120 | ---- | M] (Microsoft Corporation)
extmgr.dll -> %SystemRoot%\System32\dllcache\extmgr.dll -> [2008/08/26 07:24:28 | 00,133,120 | ---- | M] (Microsoft Corporation)
advpack.dll -> %SystemRoot%\System32\dllcache\advpack.dll -> [2008/08/26 07:24:28 | 00,124,928 | ---- | M] (Microsoft Corporation)
advpack.dll -> %SystemRoot%\System32\advpack.dll -> [2008/08/26 07:24:28 | 00,124,928 | ---- | M] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\icardie.dll -> [2008/08/26 07:24:28 | 00,063,488 | ---- | M] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\dllcache\icardie.dll -> [2008/08/26 07:24:28 | 00,063,488 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\ieudinit.exe -> [2008/08/25 08:38:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\dllcache\ieudinit.exe -> [2008/08/25 08:38:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> %SystemRoot%\System32\ie4uinit.exe -> [2008/08/25 08:37:59 | 00,070,656 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> %SystemRoot%\System32\dllcache\ie4uinit.exe -> [2008/08/25 08:37:59 | 00,070,656 | ---- | M] (Microsoft Corporation)
iexplore.exe -> %SystemRoot%\System32\dllcache\iexplore.exe -> [2008/08/23 05:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation)
ieakui.dll -> %SystemRoot%\System32\ieakui.dll -> [2008/08/23 05:54:51 | 00,161,792 | ---- | M] (Microsoft Corporation)
ieakui.dll -> %SystemRoot%\System32\dllcache\ieakui.dll -> [2008/08/23 05:54:51 | 00,161,792 | ---- | M] (Microsoft Corporation)
PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [2008/08/21 18:09:29 | 00,000,151 | ---- | M] ()
ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/08/14 10:11:02 | 02,189,184 | ---- | M] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\ntoskrnl.exe -> [2008/08/14 10:09:26 | 02,145,280 | ---- | M] (Microsoft Corporation)
ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/08/14 10:09:26 | 02,145,280 | ---- | M] (Microsoft Corporation)
afd.sys -> %SystemRoot%\System32\drivers\afd.sys -> [2008/08/14 10:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation)
afd.sys -> %SystemRoot%\System32\dllcache\afd.sys -> [2008/08/14 10:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/08/14 09:33:16 | 02,066,048 | ---- | M] (Microsoft Corporation)
ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/08/14 09:33:16 | 02,023,936 | ---- | M] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\ntkrnlpa.exe -> [2008/08/14 09:33:16 | 02,023,936 | ---- | M] (Microsoft Corporation)
wklnhst.dat -> %AppData%\wklnhst.dat -> [2008/08/09 17:00:43 | 00,000,656 | ---- | M] ()
[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/10/07 14:41:15 | 00,000,000 | RH-D | M]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/10/07 14:41:33 | 00,000,000 | ---D | M]
Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [2007/07/06 12:15:48 | 00,000,000 | ---D | M]
BullGuard -> C:\Documents and Settings\All Users\Application Data\BullGuard -> [2008/10/31 21:07:35 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2006/10/27 16:37:53 | 00,000,000 | ---D | M]
LightScribe -> C:\Documents and Settings\All Users\Application Data\LightScribe -> [2007/07/17 19:18:21 | 00,000,000 | ---D | M]
PACE Anti-Piracy -> C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy -> [2006/12/16 10:54:34 | 00,000,000 | ---D | M]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2005/11/25 09:16:56 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2007/08/28 13:45:19 | 00,000,000 | ---D | M]
@Alternate Data Stream - 112 bytes -> %AllUsersProfile%\Application Data\TEMP:44DAF2F1
Application Data -> C:\Documents and Settings\Digsy\Application Data -> [2008/10/23 15:30:58 | 00,000,000 | -H-D | M]
Ahead -> C:\Documents and Settings\Digsy\Application Data\Ahead -> [2007/07/05 13:14:32 | 00,000,000 | ---D | M]
Blackberry Desktop -> C:\Documents and Settings\Digsy\Application Data\Blackberry Desktop -> [2007/06/04 14:08:31 | 00,000,000 | ---D | M]
BullGuard -> C:\Documents and Settings\Digsy\Application Data\BullGuard -> [2008/10/28 16:56:14 | 00,000,000 | ---D | M]
CoreFTP -> C:\Documents and Settings\Digsy\Application Data\CoreFTP -> [2007/06/19 13:28:42 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\Digsy\Application Data\CyberLink -> [2006/11/01 14:27:43 | 00,000,000 | ---D | M]
LimeWire -> C:\Documents and Settings\Digsy\Application Data\LimeWire -> [2008/10/23 12:35:41 | 00,000,000 | ---D | M]
MailWasherPro -> C:\Documents and Settings\Digsy\Application Data\MailWasherPro -> [2007/02/19 14:24:55 | 00,000,000 | ---D | M]
MSNInstaller -> C:\Documents and Settings\Digsy\Application Data\MSNInstaller -> [2008/09/19 17:27:12 | 00,000,000 | ---D | M]
Nvu -> C:\Documents and Settings\Digsy\Application Data\Nvu -> [2007/06/19 13:54:30 | 00,000,000 | ---D | M]
Opera -> C:\Documents and Settings\Digsy\Application Data\Opera -> [2006/11/23 13:27:59 | 00,000,000 | ---D | M]
PACE Anti-Piracy -> C:\Documents and Settings\Digsy\Application Data\PACE Anti-Piracy -> [2006/12/16 10:54:34 | 00,000,000 | ---D | M]
Research In Motion -> C:\Documents and Settings\Digsy\Application Data\Research In Motion -> [2007/06/04 14:09:00 | 00,000,000 | ---D | M]
Samsung -> C:\Documents and Settings\Digsy\Application Data\Samsung -> [2008/10/22 13:49:38 | 00,000,000 | ---D | M]
SmartFTP -> C:\Documents and Settings\Digsy\Application Data\SmartFTP -> [2007/06/19 13:02:23 | 00,000,000 | ---D | M]
Template -> C:\Documents and Settings\Digsy\Application Data\Template -> [2007/03/23 10:06:22 | 00,000,000 | ---D | M]
XTND_BTUIObjects -> C:\Documents and Settings\Digsy\Application Data\XTND_BTUIObjects -> [2007/01/15 16:26:05 | 00,000,000 | ---D | M]
???????sAppData -> C:\Documents and Settings\Digsy\Application Data\敎潲䍄敔灭慬整sAppData -> [2008/06/11 13:42:44 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/10/28 16:17:44 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/09/16 14:53:07 | 00,000,284 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 12:00:00 | 00,000,065 | RH-- | M] ()
FRU Task #Hewlett-Packard#hp psc 1200 series#1162304856.job -> C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1162304856.job -> [2007/02/19 14:30:08 | 00,000,342 | ---- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/09/16 14:53:29 | 00,000,006 | -H-- | M] ()
User_Feed_Synchronization-{059123A2-0BD4-42BC-97E3-F64F7F00AEAA}.job -> C:\WINDOWS\Tasks\User_Feed_Synchronization-{059123A2-0BD4-42BC-97E3-F64F7F00AEAA}.job -> [2008/04/18 14:55:14 | 00,000,422 | -H-- | M] ()
[File - Purity Scan]

< End of report >
[/code]

#8 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 01 November 2008 - 01:07 PM

Hello

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YN -> aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe
YN -> bullguardupdate.exe -> %ProgramFiles%\BullGuard Software\BullGuard\BullGuardUpdate.exe
YN -> teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {8107460b-0dee-b7c2-4cc4-1ed3cf3932b6} [HKLM] -> %SystemRoot%\system32\nsx37.dll [adzgalore]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\Startup.exe
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} [HKLM] -> http://webcamnow.com...e-installer.cab[UniInstaller Class]
[Files/Folders - Created Within 90 Days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> Lop SD -> %SystemDrive%\Lop SD
NY -> cont_adzgalore-remove.exe -> %SystemRoot%\System32\cont_adzgalore-remove.exe
NY -> nsx37.dll -> %SystemRoot%\System32\nsx37.dll
[Files/Folders - Modified Within 90 Days]
NY -> swpklkdv.dll -> C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll
NY -> cont_adzgalore-remove.exe -> %SystemRoot%\System32\cont_adzgalore-remove.exe
[Custom Items]
:commands
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Also post a new HJT log
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#9 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 03 November 2008 - 03:09 PM

Hello

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.
Also post a new HJT log


Explorer killed successfully
[Processes - Safe List]
Unable to kill process aawservice.exe .
Unable to kill process bullguardupdate.exe .
Process teatimer.exe killed successfully.
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8107460b-0dee-b7c2-4cc4-1ed3cf3932b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8107460b-0dee-b7c2-4cc4-1ed3cf3932b6}\ deleted successfully.
LoadLibrary failed for C:\WINDOWS\system32\nsx37.dll
C:\WINDOWS\system32\nsx37.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\nsx37.dll scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup.exe moved successfully.
File ~EmptyValue not found.
Starting removal of ActiveX control {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2}
C:\WINDOWS\Downloaded Program Files\UniInstaller.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2}\ deleted successfully.
[Files/Folders - Created Within 90 Days]
C:\Lop SD folder moved successfully.
C:\WINDOWS\System32\cont_adzgalore-remove.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\nsx37.dll
C:\WINDOWS\System32\nsx37.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\nsx37.dll scheduled to be moved on reboot.
[Files/Folders - Modified Within 90 Days]
LoadLibrary failed for C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll
C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll NOT unregistered.
File move failed. C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\cont_adzgalore-remove.exe not found!
[Custom Items]
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Digsy\Local Settings\Temp\BCG1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Digsy\Local Settings\Temp\~DF571B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Digsy\Local Settings\Temp\~DF6948.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.0.27b fix logfile created on 11032008_154216

Files moved on Reboot...
C:\WINDOWS\system32\nsx37.dll moved successfully.
C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll moved successfully.
File C:\Documents and Settings\Digsy\Local Settings\Temp\BCG1.tmp not found!
File C:\Documents and Settings\Digsy\Local Settings\Temp\~DF571B.tmp not found!
File C:\Documents and Settings\Digsy\Local Settings\Temp\~DF6948.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

#10 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 03 November 2008 - 03:12 PM

New HJT Log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:09, on 03/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe
C:\Documents and Settings\Digsy\My Documents\My Received Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} -
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigit....Downloader.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162305299875
O16 - DPF: {A417A857-7019-49DC-9A73-A0CBC965F483} (UniVoiceX Control) - http://webcamnow.com...voice/voice.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10904 bytes

#11 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 03 November 2008 - 04:45 PM

Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#12 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 03 November 2008 - 05:10 PM

Log from Malwarebytes...

Malwarebytes' Anti-Malware 1.30
Database version: 1360
Windows 5.1.2600 Service Pack 3

03/11/2008 17:51:12
mbam-log-2008-11-03 (17-51-12).txt

Scan type: Quick Scan
Objects scanned: 58350
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f06e2abe-3a50-4079-be25-fc100d9eaa25} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dde5591-a8ab-4897-93ef-1e4e943f85a7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uniinstallerbottom.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uniinstallergui.xml (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uniinstallerlicense.htm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uniinstallertop.bmp (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\UniInstallerBottom.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\UniInstallerGui.xml (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\UniInstallerLicense.htm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\UniInstallerTop.bmp (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\UniInstallerBottom.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\UniInstallerGui.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\UniInstallerLicense.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\UniInstallerTop.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\UniVoice.inf (Trojan.Agent) -> Quarantined and deleted successfully.

#13 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 03 November 2008 - 05:23 PM

Ok lets see what Kaspersky shows
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#14 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 03 November 2008 - 06:47 PM

Results from Kaspersky scan...

Program database last update: Monday, November 03, 2008 17:00:38
Records in database: 1369018
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 91365
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:14:35


File name / Threat name / Threats count
C:\Documents and Settings\Digsy\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Digsy\Local Settings\Temporary Internet Files\Content.IE5\YBC9QNA1\gnida[1].swf Infected: Trojan-Downloader.SWF.Gida.a 1

The selected area was scanned.

#15 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 03 November 2008 - 07:23 PM

Hello

Please download the OTMoveIt3 by OldTimer or from here.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    &#58;Processes
    explorer.exe
    
    &#58;Services
    
    &#58;Reg
    
    &#58;Files
    C&#58;\Documents and Settings\Digsy\Local Settings\Temporary Internet Files\Content.IE5\YBC9QNA1\gnida&#91;1&#93;.swf
    
    &#58;Commands
    &#91;purity&#93;
    &#91;emptytemp&#93;
    &#91;start explorer&#93;
    &#91;Reboot&#93;
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#16 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 03 November 2008 - 07:49 PM

Results from OTMoveIt3 scan..

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\Documents and Settings\Digsy\Local Settings\Temporary Internet Files\Content.IE5\YBC9QNA1\gnida[1].swf scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Digsy\LOCALS~1\Temp\~DFFB7A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Digsy\LOCALS~1\Temp\~DFFB87.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11032008_202508

Files moved on Reboot...
C:\Documents and Settings\Digsy\Local Settings\Temporary Internet Files\Content.IE5\YBC9QNA1\gnida[1].swf moved successfully.
File C:\DOCUME~1\Digsy\LOCALS~1\Temp\~DFFB7A.tmp not found!
File C:\DOCUME~1\Digsy\LOCALS~1\Temp\~DFFB87.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

#17 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 03 November 2008 - 07:52 PM

log.txt log...

Logfile of random's system information tool 1.04 (written by random/random)
Run by Digsy at 2008-11-03 20:32:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 242 GB (80%) free of 301 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:51, on 03/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Digsy\Desktop\RSIT.exe
C:\Documents and Settings\Digsy\My Documents\My Received Files\HiJackThis\Digsy.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} -
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigit....Downloader.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162305299875
O16 - DPF: {A417A857-7019-49DC-9A73-A0CBC965F483} (UniVoiceX Control) - http://webcamnow.com...voice/voice.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 11001 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1162304856.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{059123A2-0BD4-42BC-97E3-F64F7F00AEAA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-09-30 270336]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-08-17 90112]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"=C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe [2004-06-08 69721]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"PCMService"=C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2005-01-14 110744]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"BTUSRBDG"=C:\WINDOWS\system32\BtUsrBdg.exe [2003-11-05 53248]
"BTSETBOOTKEY"=C:\WINDOWS\system32\BTSetBootKey.exe [2003-04-15 36864]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-09-17 8491008]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-09-17 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BullGuard"=C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe [2006-10-31 102400]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"BGNewsAgent"=C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe [2006-10-31 114688]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin200.exe.lnk]
C:\PROGRA~1\Philips\SPC200~1\TRAYMI~1.EXE [2005-07-12 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CyberLink Media Library Service"=2
"CLSched"=2
"CLCapSvc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Documents and Settings\Digsy\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-11-03 20:32:32 ----D---- C:\rsit
2008-11-03 20:25:08 ----D---- C:\_OTMoveIt
2008-11-03 17:40:26 ----D---- C:\Documents and Settings\Digsy\Application Data\Malwarebytes
2008-11-03 17:40:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-03 17:40:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-03 15:42:16 ----D---- C:\_OTScanIt
2008-10-31 16:21:37 ----A---- C:\lopR.txt
2008-10-31 15:08:40 ----D---- C:\Program Files\Panda Security
2008-10-29 21:01:12 ----D---- C:\Program Files\A
2008-10-28 16:41:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-27 19:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 12:57:06 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-23 12:57:06 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-22 15:04:48 ----D---- C:\Documents and Settings\Digsy\Application Data\LimeWire
2008-10-22 14:02:16 ----D---- C:\Program Files\Dr.STIKA PLUS
2008-10-21 17:37:02 ----D---- C:\Program Files\Roland CutChoice 1.1 Updater 2
2008-10-21 15:45:24 ----D---- C:\spoolerlogs
2008-10-21 15:45:23 ----A---- C:\WINDOWS\system32\RD462LM1.DLL
2008-10-21 15:23:15 ----D---- C:\WINDOWS\Drivers
2008-10-21 15:09:08 ----A---- C:\WINDOWS\system32\VBA5.DLL
2008-10-21 15:09:08 ----A---- C:\WINDOWS\system32\OWL250F.DLL
2008-10-21 15:08:55 ----D---- C:\Program Files\Roland CutChoice
2008-10-21 15:08:18 ----A---- C:\WINDOWS\uninst.exe
2008-10-21 15:07:24 ----D---- C:\Program Files\Roland CutChoice AI10 Updater
2008-10-21 15:06:56 ----A---- C:\WINDOWS\system32\RDCOMMON.DLL__
2008-10-21 15:06:56 ----A---- C:\WINDOWS\system32\RDCOMMON.DLL
2008-10-14 19:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 19:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 19:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 19:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 19:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-07 14:41:15 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

======List of files/folders modified in the last 1 months======

2008-11-03 20:28:43 ----A---- C:\WINDOWS\ModemLog_Windigo Bluetooth DUN Modem.txt
2008-11-03 20:28:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-03 20:28:37 ----D---- C:\WINDOWS\Temp
2008-11-03 20:28:37 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-11-03 20:28:34 ----D---- C:\WINDOWS\system32
2008-11-03 18:56:33 ----D---- C:\Documents and Settings\All Users\Application Data\BullGuard
2008-11-03 17:51:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-03 17:40:21 ----D---- C:\WINDOWS\system32\drivers
2008-11-03 17:40:17 ----RD---- C:\Program Files
2008-11-03 15:42:17 ----AD---- C:\WINDOWS
2008-10-31 15:08:40 ----HD---- C:\WINDOWS\inf
2008-10-29 23:26:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-29 23:25:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 16:09:57 ----RSD---- C:\WINDOWS\Fonts
2008-10-28 16:56:14 ----D---- C:\Documents and Settings\Digsy\Application Data\BullGuard
2008-10-28 16:45:27 ----SHD---- C:\WINDOWS\Installer
2008-10-28 16:45:27 ----SHD---- C:\Config.Msi
2008-10-28 16:41:59 ----D---- C:\Program Files\Common Files
2008-10-28 16:17:44 ----SD---- C:\WINDOWS\Tasks
2008-10-28 16:10:13 ----D---- C:\WINDOWS\Debug
2008-10-27 19:25:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-27 19:23:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-27 19:11:07 ----D---- C:\Program Files\Common Files\Adobe
2008-10-27 19:10:38 ----D---- C:\Program Files\Adobe
2008-10-27 19:07:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 14:47:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-23 14:41:31 ----D---- C:\Program Files\Lavasoft
2008-10-23 12:37:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 13:49:38 ----D---- C:\Documents and Settings\Digsy\Application Data\Samsung
2008-10-21 17:26:09 ----D---- C:\WINDOWS\Help
2008-10-21 16:21:19 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-21 16:10:29 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-21 16:09:02 ----A---- C:\WINDOWS\win.ini
2008-10-21 15:45:53 ----D---- C:\WINDOWS\twain_32
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 19:27:01 ----D---- C:\Program Files\Internet Explorer
2008-10-07 19:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-07 14:41:33 ----D---- C:\Program Files\iTunes
2008-10-07 14:41:17 ----D---- C:\Program Files\iPod
2008-10-07 14:33:29 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2005-10-27 101632]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 Par1284;Par1284; \??\C:\Program Files\Roland CutChoice\Program\Par1284.sys []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2003-09-12 11914]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BTCOMM;BTCOMM; C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 57512]
R3 BTKRNBDG;Bluetooth COM Bridge; C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 15876]
R3 FileSpy5;BullGuard File Monitor; \??\C:\Program Files\BullGuard Software\BullGuard\filespy5.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-17 6853088]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 Reconn;BullGuard Email Monitor; \??\C:\Program Files\BullGuard Software\BullGuard\reconn.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 vad_multi;Windigo Virtual Audio Device (WDM); C:\WINDOWS\system32\drivers\vadmulti.sys [2003-11-05 19840]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-05-23 245248]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CSRBC01;%CSRBC01.SvcDesc%; C:\WINDOWS\System32\Drivers\csrbc01.sys [2003-10-29 24523]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-13 22528]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC301b;Philips SPC 200NC PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-02-26 91527]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 fasttx2k;fasttx2k; C:\WINDOWS\system32\DRIVERS\fasttx2k.sys [2003-08-06 159744]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2004-04-20 472960]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 m5287;m5287; C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-02-05 85888]
S4 m5289;m5289; C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 51840]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-03-29 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-28 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 BGLiveSvc;BullGuard LiveUpdate; C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe [2006-10-31 561152]
R2 BGMainSvc;BullGuard Main Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BsFileSpy;BullGuard File Monitoring Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 BsFirewall;BullGuard Firewall Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-09-30 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2005-09-23 20543]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-09-30 118843]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-09-30 61503]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-17 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-31 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-03-17 107832]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-12-05 753664]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-01-14 172153]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-01-14 110711]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-01-14 24576]

-----------------EOF-----------------

Edited by DiscoDigs, 03 November 2008 - 07:53 PM.


#18 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 03 November 2008 - 07:54 PM

Your logs are clean
  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

*ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

*Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#19 DiscoDigs

DiscoDigs

    Member

  • Members
  • PipPip
  • 14 posts

Posted 03 November 2008 - 07:54 PM

info.txt log...

info.txt logfile of random's system information tool 1.04 2008-11-03 20:32:53

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abexo Free Registry Cleaner-->C:\Program Files\Abexo\afrc\uninst.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BlackBerry Desktop Software 4.2-->MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
BlackBerry Desktop Software 4.2-->MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BullGuard 6.0-->C:\Program Files\BullGuard Software\BullGuard\uninst.exe
Contextual Tool Adzgalore-->C:\WINDOWS\system32\cont_adzgalore-remove.exe
Dr.STIKA PLUS-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Dr.STIKA PLUS\Uninst.isu"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Far Cry-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057
Half-Life® 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Documents and Settings\Digsy\My Documents\My Received Files\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
hp psc 1200 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Mesh Online-->"C:\Program Files\Mesh Online\uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerCinema 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD Copy 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PowerStarter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Roland CutChoice 1.1v1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Roland CutChoice\DeIsL5.isu"
Roland CutChoice AI10 Updater-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\A\AI 10 Cut Plugin Updater\Uninst.isu"
Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Steam™-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tablet-->C:\Program Files\Tablet\Remove.exe /u
Team Fortress 2-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/440
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XTNDConnect Blue Manager 3.1c-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0C65E65-5CF2-4C16-8023-950BA678FE15}\Setup.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: BullGuard Antivirus
FW: BullGuard Firewall
FW: ActiveArmor Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#20 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 03 November 2008 - 07:59 PM

Follow the steps in my previous post and do this

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users