Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Flim

Pages: [1] 2

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 17, 2009, 10:09:39 PM »

Thanks for all the help with this guestolo. The IDriverT.exe process is more a question of why it gets left running I guess. I just disabled it and stopped the service. I suppose I could use sc and remove the service too but I'm not sure what the implications are sometimes.

Anyway. I guess we've got it beat. Thanks again, I learned a lot too.

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 17, 2009, 07:49:52 AM »

We did it! Smooth as could be. I've succeeded at installing it before but never without complaints. It's running very smoothly. I've reconnected everything with no problems too. Thanks for sticking with it this far.

Windows update has 18 new updates now. I guess new versions apply now of a bunch of these that look familiar. I'll go ahead and put them in.

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 16, 2009, 11:48:43 PM »

[quote name=\'guestolo\' post=\'466373\' date=\'Nov 16 2009, 08:41 PM\']Is HKEY_CLASSES_ROOT\.xbm
Set to Allow for Administrators in the registry
For both Full Control and Read?[/quote]

Ya sorry. I wasn't but it is now. The System user is not checked for allow or deny

Should I go ahead with the install?

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 16, 2009, 11:28:58 PM »

[quote name=\'guestolo\' post=\'466363\' date=\'Nov 16 2009, 11:32 AM\']Navigate to the following key
HKEY_CLASSES_ROOT\.xbm\PersistentHandler

Do the same for it's parent key HKEY_CLASSES_ROOT\.xbm[/quote]

HKEY_CLASSES_ROOT\.xbm\PersistentHandler - SubKey Does not exist

Only key under \.xbm is - \OpenWithProgIds that contains only the value name "Opera.Image"

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 16, 2009, 11:08:54 AM »

Well, we've found a different way for SP3 to fail at least. It's never had this problem before for me.

Before I get into that I wanted to mention that the last couple of days (since before I installed a few apps) I've noticed an Install shield process running after bootup all the time - IDriverT.exe. Can't find where it loads from yet.

SP3 - I downloaded the fullfile version (I already had a copy but thought we'd go fresh) and followed all the other steps and ran the installer. It ran for a while and ran into problems while copying the new files into the system directories with an "Access Denied" screen - no more info than that. Then a window saying the install didn't complete and it was going to undo the changes. After that it says the install didn't complete and XP has been partially updated and may not work properly. Exit that and the system reboots.

The install extracted the install files to a temp directory on one of my removable drives I noticed (I've noticed that happening with some installers for a while). I thought that might be an issue so just to be sure I shut down and disconnected all that kind of stuff, started up again and had another try at installing SP3. Got the same result.

I'm now running back on my image from before the SP installs. I made an image of the disk after those attempts for reference. I can mount them and get at files easy enough.

Here is a segment of the updspapi.log. Didn't put it all in here as it's the same stuff happening over and over with all the files. This just shows what is going on before, during and after the errors occur.

#-336 Copying file "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\wuauserv.dl_" to "C:\WINDOWS\system32\wuauserv.dll" via temporary file "C:\WINDOWS\system32\SET128E.tmp".
#W190 File "C:\WINDOWS\system32\SET128E.tmp" marked to be moved to "C:\WINDOWS\system32\wuauserv.dll" on next reboot.
#-336 Copying file "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\wscsvc.dl_" to "C:\WINDOWS\system32\wscsvc.dll" via temporary file "C:\WINDOWS\system32\SET1291.tmp".
#W190 File "C:\WINDOWS\system32\SET1291.tmp" marked to be moved to "C:\WINDOWS\system32\wscsvc.dll" on next reboot.
#-336 Copying file "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\wscntfy.ex_" to "C:\WINDOWS\system32\wscntfy.exe" via temporary file "C:\WINDOWS\system32\SET1292.tmp".
#W190 File "C:\WINDOWS\system32\SET1292.tmp" marked to be moved to "C:\WINDOWS\system32\wscntfy.exe" on next reboot.
#-336 Copying file "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\winhttp.dl_" to "C:\WINDOWS\system32\winhttp.dll" via temporary file "C:\WINDOWS\system32\SET1296.tmp".
#W190 File "C:\WINDOWS\system32\SET1296.tmp" marked to be moved to "C:\WINDOWS\system32\winhttp.dll" on next reboot.
#-336 Copying file "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\sbeio.dl_" to "C:\WINDOWS\system32\sbeio.dll" via temporary file "C:\WINDOWS\system32\SET12AA.tmp".
#W190 File "C:\WINDOWS\system32\SET12AA.tmp" marked to be moved to "C:\WINDOWS\system32\sbeio.dll" on next reboot.
#-336 Copying file "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\msctfime.im_" to "C:\WINDOWS\system32\msctfime.ime" via temporary file "C:\WINDOWS\system32\SET12C6.tmp".
#W190 File "C:\WINDOWS\system32\SET12C6.tmp" marked to be moved to "C:\WINDOWS\system32\msctfime.ime" on next reboot.
#-336 Copying file "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\encapi.dl_" to "C:\WINDOWS\system32\encapi.dll" via temporary file "C:\WINDOWS\system32\SET12F2.tmp".
#W190 File "C:\WINDOWS\system32\SET12F2.tmp" marked to be moved to "C:\WINDOWS\system32\encapi.dll" on next reboot.
#-336 Copying file "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\ip\tabletoc.dl_" to "C:\WINDOWS\system32\Setup\tabletoc.dll" via temporary file "C:\WINDOWS\system32\Setup\SET1353.tmp".
#W190 File "C:\WINDOWS\system32\Setup\SET1353.tmp" marked to be moved to "C:\WINDOWS\system32\Setup\tabletoc.dll" on next reboot.
#E008 Setting registry value HKCR\.xbm\PersistentHandler
#E033 Error 5: Access is denied.
#E065 Parsing AddReg section [Product.Add.Reg] in "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\update\update.inf" failed. Error 5: Access is denied.
#E064 Parsing install section [ProductInstall.GlobalRegistryChanges.Install] in "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\update\update.inf" failed. Error 5: Access is denied.
#E008 Setting registry value HKCR\.xbm\PersistentHandler
#E033 Error 5: Access is denied.
#E065 Parsing AddReg section [Product.Add.Reg] in "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\update\update.inf" failed. Error 5: Access is denied.
#E064 Parsing install section [ProductInstall.GlobalRegistryChanges.Install] in "f:\eebc62828ee80c1a3dd9fbb8fd7700\i386\update\update.inf" failed. Error 5: Access is denied.
[2009/11/16 04:31:25 2056.1]
#-336 Copying file "C:\WINDOWS\$NtServicePackUninstall$\msader15.dll" to "c:\program files\common files\system\ado\msader15.dll" via temporary file "c:\program files\common files\system\ado\SET1413.tmp".
#W190 File "c:\program files\common files\system\ado\SET1413.tmp" marked to be moved to "c:\program files\common files\system\ado\msader15.dll" on next reboot.
#-336 Copying file "C:\WINDOWS\$NtServicePackUninstall$\msado15.dll" to "c:\program files\common files\system\ado\msado15.dll" via temporary file "c:\program files\common files\system\ado\SET1414.tmp".
#W190 File "c:\program files\common files\system\ado\SET1414.tmp" marked to be moved to "c:\program files\common files\system\ado\msado15.dll" on next reboot.
#-336 Copying file "C:\WINDOWS\$NtServicePackUninstall$\msado20.tlb" to "c:\program files\common files\system\ado\msado20.tlb" via temporary file "c:\program files\common files\system\ado\SET1415.tmp".
#W190 File "c:\program files\common files\system\ado\SET1415.tmp" marked to be moved to "c:\program files\common files\system\ado\msado20.tlb" on next reboot.
#-336 Copying file "C:\WINDOWS\$NtServicePackUninstall$\msado21.tlb" to "c:\program files\common files\system\ado\msado21.tlb" via temporary file "c:\program files\common files\system\ado\SET1416.tmp".
#W190 File "c:\program files\common files\system\ado\SET1416.tmp" marked to be moved to "c:\program files\common files\system\ado\msado21.tlb" on next reboot.
#-336 Copying file "C:\WINDOWS\$NtServicePackUninstall$\msado25.tlb" to "c:\program files\common files\system\ado\msado25.tlb" via temporary file "c:\program files\common files\system\ado\SET1417.tmp".

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 08:07:15 PM »

[quote name=\'guestolo\' post=\'466341\' date=\'Nov 15 2009, 04:05 PM\']Good work, I take it you got Java installed then

I did.

I'm going to also make another disk image before I install SP3, I've found it the simplest way to get back to work if it fails.[/quote]

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 06:52:41 PM »

I need to go out for about an hour. Will be right back.

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 06:41:25 PM »

All Done. Took a little longer. The Java install had error 25099. Sun's not sure of the reason for it (could not unzip package) but they have a fix that works (delete the \jre6 contents). Obviously not an MS program.

Here's the log you requested.

2009-11-15 01:24:57 . 2009-11-15 01:24:57 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2009-11-01 20:38:08 . 2009-11-01 20:38:08 1,548 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Audio Record Wizard_is1.reg.dat
2009-11-01 20:37:44 . 2009-11-01 20:37:44 4,212 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-AutorunsDisabled.reg.dat
2009-11-01 20:09:03 . 2009-11-15 22:26:34 510 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-01-26 23:37:48 . 2009-01-26 23:37:48 1,592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-WgaLogon.reg.dat
2009-01-26 23:28:42 . 2009-11-15 22:35:53 19,831 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-25 14:16:29 . 2008-11-25 14:23:39 75 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mp3codec32win.dll.vir
2008-01-04 22:36:27 . 2008-01-04 22:36:51 87,608 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\B4BD\Application Data\inst.exe.vir
2007-02-18 14:56:25 . 2007-02-18 14:56:25 286,720 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\PATCH.EXE.vir
2006-05-19 13:34:19 . 2006-03-21 03:23:12 23,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\kb913800.exe.vir

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 06:09:44 PM »

Here's the OTL Log. And by the way, I didn't download a new Combofix when I ran the last one in case that's an issue.

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\\Malwarebytes Anti-Malware (reboot) deleted successfully.

OTL by OldTimer - Version 3.1.4.0 log created on 11152009_150040

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 05:58:57 PM »

I just about to runt OTL

Here's the programs I removed

My Sirius Studio
Presto! PageManager 6
Replay Screencast 1.21
Scott's Wallpaper Switcher v 1.1
Software Virtualization Trinket
Task Coach 0.71.3
version 3.5 (which as also Winxmedia converter - was in here twice)
WinXMedia DVD MPEG/AVI/Audio Converter 3.5

Here's the last CF Log

ComboFix 09-11-15.01 - B4BD 15/11/2009 14:28.6.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.3326.2511 [GMT -8:00]
Running from: c:\documents and settings\B4BD\Desktop\ComboFix.exe
Command switches used :: /u
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.

2009-11-15 07:18 . 2009-11-15 07:18 -------- d-----w- C:\_OTL
2009-11-14 16:21 . 2009-11-09 17:51 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-14 16:21 . 2009-11-09 17:51 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-14 16:21 . 2009-11-09 17:51 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-14 16:21 . 2009-10-18 17:48 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-14 16:21 . 2009-11-09 17:51 3963672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-14 16:21 . 2009-10-24 07:05 496920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-14 14:12 . 2009-11-14 14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-11 14:48 . 2009-11-11 14:47 2124089 ----a-w- c:\temp\pictures.zip
2009-11-11 14:23 . 2009-11-11 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-09 17:50 . 2009-10-18 17:48 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-09 14:23 . 2009-11-09 14:24 -------- d-----w- C:\rsit
2009-11-09 06:42 . 2008-05-30 01:00 806985 ----a-w- c:\windows\system32\hcwtvwnd.dll
2009-11-09 06:42 . 2008-05-09 05:13 294968 ----a-w- c:\windows\system32\hcwpnp32.dll
2009-11-09 06:42 . 2008-04-22 22:53 163840 ----a-w- c:\windows\system32\hcwChDB.dll
2009-11-09 06:42 . 2008-03-26 22:54 30720 ----a-w- c:\windows\system32\hcwWinTVCI.dll
2009-11-09 06:42 . 2008-03-12 01:36 106552 ----a-w- c:\windows\system32\hcwi2c32.dll
2009-11-09 06:42 . 2004-06-08 08:03 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2009-11-09 06:42 . 2004-01-26 22:49 90190 ----a-w- c:\windows\system32\Bt848WST.DLL
2009-11-09 06:42 . 2003-11-07 20:45 106559 ----a-w- c:\windows\system32\hcwTVDlg.dll
2009-11-09 06:42 . 1999-04-28 00:26 11264 ----a-w- c:\windows\system32\hcwhook.dll
2009-11-09 06:42 . 2001-07-19 16:44 393216 ----a-w- c:\windows\system32\hcwsnbd9.dll
2009-11-08 15:38 . 2009-11-15 13:17 -------- d-----w- C:\Fix
2009-11-04 04:33 . 2009-11-04 04:33 -------- d-----w- C:\found.000
2009-11-03 14:37 . 2009-11-03 14:40 197676 ----a-w- C:\MGlogs.zip
2009-11-03 14:35 . 2009-11-03 14:40 -------- d-----w- C:\MGtools
2009-11-03 03:30 . 2009-11-03 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-03 03:29 . 2009-11-11 21:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-03 03:29 . 2009-11-11 21:38 -------- d-----w- c:\documents and settings\B4BD\Application Data\SUPERAntiSpyware.com
2009-11-02 13:57 . 2009-11-02 13:57 3584 ----a-r- c:\documents and settings\B4BD\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-11-02 13:57 . 2009-11-02 13:57 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-11-01 21:50 . 2009-11-09 05:32 -------- d-----w- C:\Hauppauge
2009-10-31 15:27 . 2009-01-28 19:52 142337 ----a-w- c:\windows\system32\Wait.exe
2009-10-31 15:27 . 2009-11-09 13:55 -------- d-----w- c:\program files\WinTV
2009-10-31 15:16 . 2009-11-11 21:39 363088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-25 18:46 . 2009-10-25 18:46 -------- d-----w- c:\documents and settings\B4BD\Application Data\AVG9
2009-10-24 16:08 . 2009-10-24 16:12 -------- d-----w- C:\I386
2009-10-24 07:06 . 2009-10-24 07:05 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-10-24 07:04 . 2009-10-18 17:48 842520 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-10-24 07:04 . 2009-10-24 07:04 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-10-23 04:23 . 2009-10-23 04:23 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-18 17:49 . 2009-10-20 03:13 -------- d-----w- C:\$AVG
2009-10-18 17:48 . 2009-11-09 17:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-18 17:48 . 2009-10-18 17:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-18 17:48 . 2009-10-18 17:48 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-18 17:48 . 2009-10-18 17:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-18 17:48 . 2009-11-15 16:46 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-18 17:48 . 2009-10-18 17:48 -------- d-----w- c:\program files\AVG
2009-10-18 17:48 . 2009-10-18 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 22:25 . 2009-02-20 04:46 -------- d-----w- c:\program files\Everything
2009-11-15 15:40 . 2007-01-06 00:43 -------- d-----w- c:\program files\WinXMedia
2009-11-15 15:08 . 2005-12-23 23:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 14:59 . 2007-09-19 05:18 -------- d-----w- c:\program files\Sirius
2009-11-15 00:54 . 2006-02-20 14:24 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-14 16:05 . 2009-01-08 19:57 1 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-11 21:38 . 2006-02-16 04:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-11 17:36 . 2007-08-08 03:35 -------- d-----w- c:\program files\ESET
2009-11-11 14:22 . 2009-07-10 13:45 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-11 14:13 . 2006-02-07 05:19 -------- d-----w- c:\documents and settings\B4BD\Application Data\AdobeUM
2009-11-10 14:32 . 2006-10-09 21:22 -------- d-----w- c:\program files\TimeLeft3
2009-11-10 14:30 . 2008-12-04 15:11 -------- d-----w- c:\program files\StationRipper
2009-11-10 14:29 . 2009-08-16 16:58 -------- d-----w- c:\program files\r2 Studios
2009-11-08 22:51 . 2007-09-19 05:21 -------- d-----w- c:\program files\Yahoo!
2009-11-08 22:51 . 2007-09-19 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO
2009-11-05 07:33 . 2009-06-06 18:53 -------- d-----w- c:\program files\TweakNow PowerPack 2009
2009-11-05 06:56 . 2007-03-02 13:45 -------- d-----w- c:\program files\WhatsRunning
2009-11-03 13:08 . 2007-11-21 05:35 -------- d-----w- c:\program files\EarthTime
2009-11-03 13:08 . 2007-01-06 01:01 -------- d-----w- c:\program files\Aurora Media Workshop
2009-11-02 13:56 . 2008-03-24 13:45 -------- d-----w- c:\program files\MSECache
2009-11-02 05:38 . 2009-06-12 05:26 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-02 05:09 . 2009-04-11 18:13 -------- d-----w- c:\program files\AML Registry Cleaner
2009-11-02 04:39 . 2007-06-12 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2009-11-02 04:38 . 2007-10-09 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G4
2009-11-02 00:50 . 2009-01-15 16:06 -------- d-----w- c:\program files\Kiwi CatTools3
2009-11-02 00:50 . 2007-05-28 15:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-02 00:49 . 2009-10-01 12:44 -------- d-----w- c:\program files\Syslogd
2009-10-31 05:22 . 2008-03-16 03:13 492164 ------w- c:\documents and settings\B4BD\Application Data\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\ISSetup.dll
2009-10-31 05:22 . 2008-03-16 03:13 460248 ----a-w- c:\documents and settings\B4BD\Application Data\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\setup.exe
2009-10-31 05:22 . 2008-03-16 03:13 164784 ----a-w- c:\documents and settings\B4BD\Application Data\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\_Setup.dll
2009-10-25 21:03 . 2009-08-04 15:26 -------- d-----w- c:\documents and settings\B4BD\Application Data\vlc
2009-10-25 15:44 . 2009-04-18 13:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 15:43 . 2009-08-23 14:08 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-23 03:23 . 2008-03-02 18:02 -------- d-----w- c:\documents and settings\B4BD\Application Data\Canon
2009-10-20 13:03 . 2009-09-24 12:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-20 03:40 . 2007-10-18 13:06 -------- d-----w- c:\program files\SmartWhois
2009-10-18 17:54 . 2005-12-24 02:23 213936 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 17:22 . 2009-10-12 17:22 -------- d-----w- c:\program files\DemoForge
2009-10-09 03:30 . 2006-06-21 14:29 -------- d-----w- c:\program files\Java
2009-10-09 03:29 . 2009-10-09 03:29 152576 ----a-w- c:\documents and settings\B4BD\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-04 22:25 . 2009-02-26 15:03 -------- d-----w- c:\program files\Opera
2009-09-22 05:05 . 2009-09-22 05:05 -------- d-----w- c:\program files\JRE
2009-09-22 05:04 . 2009-01-08 19:46 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-21 03:50 . 2009-07-06 04:52 -------- d-----w- c:\program files\Songbird
2009-09-14 18:44 . 2008-07-15 05:31 256792 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-09-10 21:54 . 2009-04-18 13:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-04-18 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 13:27 . 2009-09-03 13:27 10134 ----a-r- c:\documents and settings\B4BD\Application Data\Microsoft\Installer\{57A5EB05-1B4C-4133-9315-5ECDFC01C0F4}\ARPPRODUCTICON.exe
2009-08-29 00:36 . 2008-04-26 15:56 714112 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-08-18 04:27 . 2009-08-18 04:27 686080 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\56F.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2009-08-18 04:27 . 2009-08-18 04:27 568832 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\56F.tmp_\sun-pdfimport.oxt\msvcp90.dll
2009-08-18 04:27 . 2009-08-18 04:27 655872 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\56F.tmp_\sun-pdfimport.oxt\msvcr90.dll
2009-08-18 04:27 . 2009-08-18 04:27 583168 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\56F.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2009-08-18 04:27 . 2009-08-18 04:27 224768 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\56F.tmp_\sun-pdfimport.oxt\msvcm90.dll
2007-04-11 20:12 . 2008-01-04 22:36 2279464 ----a-w- c:\program files\PcSetup.exe
2006-02-23 15:16 . 2007-06-24 14:50 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 15:16 . 2007-06-24 14:50 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2006-05-03 09:06 . 2009-08-17 05:09 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-08-17 05:09 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-08-17 05:09 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-13_05.01.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-15 20:35 . 2009-11-15 20:35 16384 c:\windows\temp\Perflib_Perfdata_8d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"="c:\appsnoinstall\volumouse\volumouse.exe" [2009-03-15 31744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-14 2020120]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-09-24 1270080]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-09-23 436552]

c:\documents and settings\B4BD\Start Menu\Programs\Startup\AutorunsDisabled
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft3\TimeLeft.exe [2006-12-9 1026560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-9-15 221247]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-4-19 25214]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-18 17:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Media Center Diagnostic Kit\\MCDiag.exe"=
"c:\\Program Files\\Media Center Diagnostic Kit\\MCEHostRemote.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\Ikernel.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\HPMVTray.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\NASSelector.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\NASDriveMapper.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\HPEZBkup.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\HPMVCheck.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Red Chair Software\\Notmad Explorer\\notmgr.exe"=
"c:\\Program Files\\Red Chair Software\\Audigen Explorer\\audmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp
"3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
"3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [21/06/2006 7:12 PM 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/10/2009 9:48 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/10/2009 9:48 AM 360584]
R1 oxfwlf;oxfwlf;c:\windows\system32\drivers\OxFWLF.sys [02/12/2003 10:47 AM 12616]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [26/04/2008 7:56 AM 714112]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [26/04/2008 7:56 AM 1338560]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [18/10/2009 9:48 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18/10/2009 9:48 AM 285392]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [26/04/2008 7:56 AM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [14/07/2008 9:31 PM 256792]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [12/05/2009 9:28 PM 1432960]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [07/09/2006 8:16 PM 10112]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [26/04/2008 7:56 AM 33920]
S3 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [27/02/2007 8:53 PM 20480]
S3 ehMonitor;Media Center Monitor Service;c:\program files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe [07/09/2005 6:18 PM 49336]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;

S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [08/11/2009 10:43 PM 823296]
S3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [23/12/2005 3:17 PM 38528]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 7:35 AM 50704]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_X32.sys [03/09/2009 5:49 AM 17664]
S3 OxUSBLF;Oxsemi USB filter driver;c:\windows\system32\drivers\OxUSBLF.sys [31/05/2005 2:39 PM 7808]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 3:03 AM 7808]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);c:\windows\system32\drivers\p35u.sys [12/11/2006 8:34 AM 116448]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [17/06/2009 10:22 PM 30136]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [10/09/2007 11:45 PM 124832]
S4 gupdate1c99e16a3dd4ece;Google Update Service (gupdate1c99e16a3dd4ece);c:\program files\Google\Update\GoogleUpdate.exe [05/03/2009 8:47 PM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-29 13:19]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 04:46]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 04:46]

2008-12-08 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\B4BD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 14:13]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Documents%20and%20Settings/B4BD/Application%20Data/LastPass/iehome.html
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
TCP: {241E0D44-3E60-4164-9E31-0D7447F037D1} = 208.67.222.222,208.67.220.220
Handler: AutorunsDisabled\intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath - c:\documents and settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 14:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1956)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2696)
c:\windows\system32\WININET.dll
c:\appsnoinstall\volumouse\vlmshlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
.
Completion time: 2009-11-15 14:43
ComboFix-quarantined-files.txt 2009-11-15 22:43
ComboFix091101.txt 2009-11-01 20:39
ComboFix2.txt 2009-11-15 06:02
ComboFix3.txt 2009-11-15 04:51
ComboFix4.txt 2009-11-15 01:51
ComboFix5.txt 2009-11-15 22:26

Pre-Run: 34,553,495,552 bytes free
Post-Run: 34,497,843,200 bytes free

- - End Of File - - ADEFF2D621F920CE9BE0E6C4F9DE4E8E

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 05:53:05 PM »

[quote name=\'guestolo\' post=\'466332\' date=\'Nov 15 2009, 02:08 PM\']This should stop Outpost from interfering
Then run the following again, if you couldn't run it earlier

START>>RUN
Copy/paste the following then hit OK

combofix /u[/quote]

ComboFix didn't uninstall again. I had to use "suspend protection" to get Outpost to stop asking.

I'm updating Reader right now. Do you want the ComboFix log?

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 04:43:44 PM »

I deleted some media converter programs and time management tools that I haven't used. Let me know if you need a list.

Here's scan log-

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:30 on 15/11/2009 by B4BD (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Acronis Scheduler2 Service"=""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe""
"AcronisTimounterMonitor"=""C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe""
"AVG9_TRAY"="C:\PROGRA~1\AVG\AVG9\avgtray.exe"
"BlackBerryAutoUpdate"="C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background"
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe"
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe"
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe"
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe"
"Malwarebytes Anti-Malware (reboot)"=""C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript"
"OutpostFeedBack"=""C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup"
"OutpostMonitor"=""C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice"
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray.exe"
"TrueImageMonitor.exe"=""C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

-=End Of File=-

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 03:58:12 PM »

Sorry for the confusion there guestolo. I was editing my response to add that the Safe Mode issue always seemed to occur with a freeze at loading of the spdt driver and that's what was happening with SP3 the last few times when you replied earlier and then had to run out.

I didn't run the fix because I wasn't sure about the OTL situation. It had already booted after the last run and didn't request another run then so I wanted to check.

Anyway, here's the log from a fresh scan -

OTL logfile created on: 15/11/2009 12:43:51 PM - Run 3
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\B4BD\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 94.66 Gb Total Space | 32.21 Gb Free Space | 34.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 203.43 Gb Total Space | 24.25 Gb Free Space | 11.92% Space Free | Partition Type: NTFS
Drive F: | 230.85 Gb Total Space | 68.72 Gb Free Space | 29.77% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 465.15 Gb Total Space | 40.83 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive O: | 465.76 Gb Total Space | 211.62 Gb Free Space | 45.44% Space Free | Partition Type: NTFS
Drive P: | 465.15 Gb Total Space | 40.83 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
Drive Q: | 152.66 Gb Total Space | 101.93 Gb Free Space | 66.77% Space Free | Partition Type: NTFS
Drive R: | 931.51 Gb Total Space | 507.73 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
Drive S: | 465.15 Gb Total Space | 40.83 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
Drive T: | 465.15 Gb Total Space | 40.83 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
Drive U: | 465.15 Gb Total Space | 40.83 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
Drive V: | 465.15 Gb Total Space | 40.83 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
Drive X: | 465.15 Gb Total Space | 40.83 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
Drive Y: | 465.15 Gb Total Space | 40.83 Gb Free Space | 8.78% Space Free | Partition Type: NTFS

Computer Name: BNMC01
Current User Name: B4BD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2009/11/14 08:21:11 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/14 08:21:10 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/11 05:33:41 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/08 07:26:24 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B4BD\Desktop\OTL.exe
PRC - [2009/10/18 09:48:30 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/18 09:48:30 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/18 09:48:28 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/10/18 09:48:28 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/18 09:48:28 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/18 09:48:27 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/23 16:41:30 | 01,270,080 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe
PRC - [2009/09/23 16:40:50 | 01,338,560 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe
PRC - [2009/08/31 11:25:16 | 00,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/15 12:00:34 | 00,031,744 | ---- | M] (NirSoft) -- C:\AppsNoInstall\volumouse\volumouse.exe
PRC - [2009/03/12 11:53:46 | 00,483,422 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/12 11:53:46 | 00,254,036 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe
PRC - [2008/10/30 23:00:00 | 00,266,752 | ---- | M] () -- C:\AppsNoInstall\notepad2\Notepad2.exe
PRC - [2007/10/30 19:51:44 | 00,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/10/30 19:11:48 | 00,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/10/30 19:07:40 | 00,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/10/30 19:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/10/30 19:06:42 | 02,595,616 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2005/12/12 14:03:54 | 00,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 14:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
PRC - [2004/08/10 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2002/03/19 16:30:00 | 00,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2009/11/08 07:26:24 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B4BD\Desktop\OTL.exe
MOD - [2009/03/15 12:00:00 | 00,007,168 | ---- | M] (NirSoft) -- C:\AppsNoInstall\volumouse\vlmshlp.dll
MOD - [2006/08/25 08:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 04:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004/08/10 04:00:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found -- -- (FirebirdServerMAGIXInstance)
SRV - [2009/10/18 09:48:28 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/10/18 09:48:27 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/23 16:40:50 | 01,338,560 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/19 20:03:33 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/03/26 05:19:12 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/12 11:53:46 | 00,254,036 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe -- (STacSV)
SRV - [2009/03/05 20:46:56 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c99e16a3dd4ece)
SRV - [2009/03/03 02:19:28 | 00,691,200 | ---- | M] (FileZilla Project) -- C:\Apps\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2008/12/23 07:35:20 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2008/09/01 11:53:13 | 00,380,536 | ---- | M] (Emsi Software GmbH) -- c:\program files\a-squared free\a2service.exe -- (a2free)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/06/24 05:58:41 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/06/03 19:33:35 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/15 11:58:12 | 00,823,296 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2008/04/15 16:59:38 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/10/30 19:51:44 | 00,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/10/30 19:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/02/27 20:53:58 | 00,020,480 | ---- | M] ( ) -- c:\Program Files\DVRMSToolbox\DVRMSFileWatcherService.exe -- (DVRMSFileWatcherService)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/09/13 13:25:56 | 00,491,520 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe -- (nlsvc)
SRV - [2006/06/14 13:10:04 | 00,495,616 | ---- | M] ( ) -- C:\WINDOWS\System32\LMabcoms.exe -- (lmab_device)
SRV - [2005/12/12 14:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/10/20 19:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe -- (McrdSvc)
SRV - [2005/10/20 19:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe -- (RMSvc)
SRV - [2005/09/07 18:18:34 | 00,049,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe -- (ehMonitor)
SRV - [2005/08/07 04:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo)
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/10 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2003/11/12 04:48:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/B4BD/Application%20Data/LastPass/iehome.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2007/12/28 07:07:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/04 05:31:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/09 09:42:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/09 19:10:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/11 05:33:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/11 05:33:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/20 20:50:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/12/28 08:25:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\Mozilla Thunderbird

[2008/08/02 09:58:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Extensions
[2008/08/02 09:58:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/06/14 04:04:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/09/11 20:36:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Extensions\[email protected]
[2009/07/05 20:52:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Extensions\[email protected]
[2008/04/04 20:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Extensions\[email protected]
[2009/02/21 21:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\extensions
[2009/02/21 21:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\extensions\[email protected]
[2009/02/21 21:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\extensions
[2006/02/13 20:44:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\extensions\{0cdfdd5e-eea6-45ff-b035-81243cf02efb}
[2006/02/13 20:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\extensions\{3143B27B-F7DE-49d8-BF08-C2E4DEA71DBB}
[2006/02/13 20:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\extensions\{44851136-3425-48cc-a957-5a29b9396a5f}
[2006/02/13 20:44:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\extensions\{8803789a-23eb-44b4-bd48-6762fd320242}
[2006/02/01 19:52:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}
[2006/02/01 19:53:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2006/02/13 20:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2009/02/21 21:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\extensions\[email protected]
[2009/11/15 06:39:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/11 05:33:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/18 18:21:48 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/14 19:39:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/11 07:13:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/01/08 11:42:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/09 09:43:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 05:24:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/08 19:31:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/11 05:33:40 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/11 05:33:40 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2007/03/02 05:17:24 | 00,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/07/26 15:03:34 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2007/09/05 15:03:36 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/01/17 03:18:04 | 00,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2008/12/28 08:25:14 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007/03/20 05:24:22 | 00,099,224 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
[2009/11/11 05:33:42 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2004/12/14 01:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2005/04/06 23:52:20 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2007/09/12 18:36:23 | 00,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2007/06/14 05:07:26 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2007/06/14 05:07:26 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2007/06/14 05:07:26 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2007/06/14 05:07:26 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2007/06/14 05:07:26 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2005/04/06 23:39:02 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2007/03/09 10:35:00 | 00,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll
[2006/02/23 07:16:00 | 00,034,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\upd62i9x.dll
[2006/02/23 07:16:00 | 00,045,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\upd62int.dll
[2009/06/16 23:35:40 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/06/16 23:35:40 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/16 23:35:40 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/06/16 23:35:40 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/06/16 23:35:40 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/06/16 23:35:40 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/06/16 23:35:40 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/06/16 23:35:40 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Documents and Settings\B4BD\Application Data\LastPass\LPBar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Documents and Settings\B4BD\Application Data\LastPass\LPBar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [$Volumouse$] C:\AppsNoInstall\volumouse\volumouse.exe (NirSoft)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/11/11 15:30:58 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\B4BD\Start Menu\Programs\Startup\AutorunsDisabled [2007/03/03 08:22:54 | 00,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra Button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1211239737950 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1229314090703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1217687312828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15034/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une sociÃ©tÃ© en nom collectif.)
O18 - Protocol\Handler\AutorunsDisabled\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une sociÃ©tÃ© en nom collectif.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/23 14:59:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=\"#E56717\"]========== Files/Folders - Created Within 14 Days ==========[/color]

[2009/11/14 23:18:02 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/14 21:47:16 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/14 17:34:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/11 06:23:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/11/09 06:23:10 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/08 22:42:31 | 00,806,985 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwtvwnd.dll
[2009/11/08 22:42:31 | 00,294,968 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwpnp32.dll
[2009/11/08 22:42:31 | 00,213,066 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwdvbsubtitles.ax
[2009/11/08 22:42:31 | 00,204,871 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\HCWPsiParser.ax
[2009/11/08 22:42:31 | 00,176,197 | ---- | C] (Hauppauge Computer Works Inc.) -- C:\WINDOWS\System32\hcwmux.ax
[2009/11/08 22:42:31 | 00,118,851 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwNowNext.ax
[2009/11/08 22:42:31 | 00,106,559 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwTVDlg.dll
[2009/11/08 22:42:31 | 00,106,552 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwi2c32.dll
[2009/11/08 22:42:31 | 00,094,208 | ---- | C] (Hauppuage Computer Works) -- C:\WINDOWS\System32\hcwsstereo.ax
[2009/11/08 22:42:31 | 00,090,190 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\Bt848WST.DLL
[2009/11/08 22:42:31 | 00,081,920 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwSplit.ax
[2009/11/08 22:42:31 | 00,081,920 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwNull.ax
[2009/11/08 22:42:31 | 00,073,728 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwSnap.ax
[2009/11/08 22:42:31 | 00,073,728 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwFRead.ax
[2009/11/08 22:42:31 | 00,069,632 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwPP2PP.ocx
[2009/11/08 22:42:31 | 00,065,536 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwdlg.ocx
[2009/11/08 22:42:31 | 00,057,344 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwFWrit.ax
[2009/11/08 22:42:31 | 00,053,248 | ---- | C] (DScaler Project, see http://www.dscaler.org/) -- C:\WINDOWS\System32\HCWdlace.ax
[2009/11/08 22:42:31 | 00,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwutl32.dll
[2009/11/08 22:42:31 | 00,030,720 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwWinTVCI.dll
[2009/11/08 22:42:31 | 00,011,264 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwhook.dll
[2009/11/08 22:42:07 | 00,393,216 | ---- | C] (Snowbound Software Corporation (www.Snowbnd.com)) -- C:\WINDOWS\System32\hcwsnbd9.dll
[2009/11/08 21:36:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\WinTV
[2009/11/08 07:38:52 | 00,000,000 | ---D | C] -- C:\Fix
[2009/11/08 07:26:23 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\B4BD\Desktop\OTL.exe
[2009/11/05 06:18:37 | 00,096,256 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwcp.ax.hcw
[2009/11/03 20:33:01 | 00,000,000 | ---D | C] -- C:\found.000
[2009/11/03 06:35:52 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/11/03 05:38:44 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\B4BD\Desktop\RootRepeal.exe
[2009/11/02 19:30:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/02 19:29:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/02 19:29:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B4BD\Application Data\SUPERAntiSpyware.com
[2009/11/02 05:57:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/11/01 13:50:28 | 00,000,000 | ---D | C] -- C:\Hauppauge
[2008/01/04 14:36:51 | 00,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\B4BD\Application Data\ezplay.sys
[2008/01/04 14:36:27 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\B4BD\Application Data\pcouffin.sys
[2008/01/04 14:36:24 | 02,279,464 | ---- | C] (VSO Software SARL) -- C:\Program Files\PcSetup.exe
[2007/04/05 06:18:52 | 00,348,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2007/04/05 06:18:17 | 00,987,136 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabusb1.dll
[2007/04/05 06:18:17 | 00,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabpmui.dll
[2007/04/05 06:18:16 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabiobj.dll
[2007/04/05 06:18:16 | 00,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabinpa.dll
[2007/04/05 06:18:15 | 01,196,032 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabserv.dll
[2007/04/05 06:18:15 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabprox.dll
[2007/04/05 06:18:15 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabpplc.dll
[2007/04/05 06:18:14 | 01,052,672 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabip1.dll
[2007/04/05 06:18:14 | 00,557,056 | ---- | C] ( ) -- C:\WINDOWS\System32\LMablmpm.dll
[2007/04/05 06:18:14 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabpar1.dll
[2007/04/05 06:18:13 | 00,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabcomc.dll
[2007/04/05 06:18:13 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabcomm.dll
[2007/04/05 06:18:13 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabhcp.dll

[color=\"#E56717\"]========== Files - Modified Within 14 Days ==========[/color]

[2009/11/15 12:35:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/15 12:34:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/15 12:34:49 | 34,875,47392 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/15 12:32:00 | 22,020,096 | ---- | M] () -- C:\Documents and Settings\B4BD\ntuser.dat
[2009/11/15 12:31:36 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\B4BD\ntuser.ini
[2009/11/15 08:46:52 | 45,159,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/15 08:46:37 | 00,092,923 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/15 07:08:46 | 00,003,003 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/15 07:08:46 | 00,000,020 | ---- | M] () -- C:\WINDOWS\PM20.INI
[2009/11/14 21:58:50 | 00,000,277 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/14 21:20:04 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\B4BD\Desktop\SystemLook.exe
[2009/11/14 17:43:14 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/14 17:19:43 | 03,559,909 | R--- | M] () -- C:\Documents and Settings\B4BD\Desktop\ComboFix.exe
[2009/11/14 16:17:33 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\B4BD\Desktop\mbr.exe
[2009/11/14 06:19:26 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/13 20:05:23 | 00,843,167 | ---- | M] () -- C:\Documents and Settings\B4BD\Desktop\SecurityCheck.exe
[2009/11/12 05:59:25 | 00,001,840 | -H-- | M] () -- E:\Data\Default.rdp
[2009/11/11 09:20:49 | 00,291,840 | ---- | M] () -- C:\Documents and Settings\B4BD\Desktop\ftw126s4.exe
[2009/11/11 06:51:33 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/11/11 06:42:25 | 00,000,256 | ---- | M] () -- C:\Documents and Settings\B4BD\Desktop\pool.bin
[2009/11/11 06:08:05 | 03,762,218 | -H-- | M] () -- C:\Documents and Settings\B4BD\Local Settings\Application Data\IconCache.db
[2009/11/10 06:29:46 | 00,001,843 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2009/11/09 21:23:22 | 00,000,174 | ---- | M] () -- C:\Documents and Settings\B4BD\Desktop\Fix2.url
[2009/11/09 21:22:39 | 00,000,144 | ---- | M] () -- C:\Documents and Settings\B4BD\Desktop\Fix1.url
[2009/11/09 09:51:39 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/09 06:18:17 | 00,001,489 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinTV Radio.lnk
[2009/11/08 22:44:36 | 00,006,542 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2009/11/08 22:42:32 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/08 22:42:32 | 00,000,717 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/11/08 22:42:11 | 00,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinTV.lnk
[2009/11/08 07:26:24 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B4BD\Desktop\OTL.exe
[2009/11/05 06:18:26 | 00,000,489 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Install WinTV 7 CD 1.2a.lnk
[2009/11/04 20:35:54 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\B4BD\Desktop\CCleaner.lnk
[2009/11/04 08:23:51 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/03 06:40:43 | 00,197,676 | ---- | M] () -- C:\MGlogs.zip
[2009/11/03 05:41:39 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\B4BD\Desktop\settings.dat
[2009/11/01 22:01:09 | 00,000,674 | ---- | M] () -- C:\Documents and Settings\B4BD\Desktop\Shortcut to HijackThis.exe.lnk
[2009/11/01 16:35:55 | 00,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2009/11/01 16:35:55 | 00,000,005 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2009/11/14 21:20:04 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\SystemLook.exe
[2009/11/14 17:23:16 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/14 17:17:59 | 03,559,909 | R--- | C] () -- C:\Documents and Settings\B4BD\Desktop\ComboFix.exe
[2009/11/14 16:17:33 | 00,077,312 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\mbr.exe
[2009/11/13 20:05:21 | 00,843,167 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\SecurityCheck.exe
[2009/11/11 16:15:34 | 34,875,47392 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/11 09:20:48 | 00,291,840 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\ftw126s4.exe
[2009/11/11 06:23:09 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/11/10 06:36:50 | 00,000,725 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\Search Everything.lnk
[2009/11/10 06:29:45 | 00,001,843 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2009/11/10 05:43:20 | 00,000,256 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\pool.bin
[2009/11/09 21:22:48 | 00,000,174 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\Fix2.url
[2009/11/09 21:22:20 | 00,000,144 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\Fix1.url
[2009/11/08 22:46:05 | 00,001,489 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinTV Radio.lnk
[2009/11/08 22:43:17 | 00,046,680 | ---- | C] () -- C:\WINDOWS\System32\HCWTVServer.tlb
[2009/11/08 22:42:31 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\HCWChMgr.ocx
[2009/11/08 22:42:31 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2009/11/08 22:42:31 | 00,023,304 | ---- | C] () -- C:\WINDOWS\System32\HcwChDB.tlb
[2009/11/08 22:42:11 | 00,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinTV.lnk
[2009/11/08 22:41:31 | 00,006,542 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/11/05 06:18:37 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll.hcw
[2009/11/05 06:18:26 | 00,000,489 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Install WinTV 7 CD 1.2a.lnk
[2009/11/03 06:37:07 | 00,197,676 | ---- | C] () -- C:\MGlogs.zip
[2009/11/03 05:39:26 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\settings.dat
[2009/11/01 22:01:09 | 00,000,674 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\Shortcut to HijackThis.exe.lnk
[2009/11/01 17:48:01 | 00,001,473 | ---- | C] () -- C:\Documents and Settings\B4BD\Desktop\Media Center.lnk
[2009/09/03 05:49:04 | 00,017,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\OXUDIDRV_X32.sys
[2009/08/20 17:36:39 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/20 17:36:38 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/20 17:36:33 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/20 17:36:33 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/06 18:52:57 | 00,037,728 | ---- | C] () -- C:\Documents and Settings\B4BD\Application Data\Comma Separated Values (Windows).ADR
[2009/06/30 05:05:56 | 00,000,032 | ---- | C] () -- C:\WINDOWS\gca631.INI
[2009/05/12 21:28:34 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2009/05/09 06:43:00 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/20 06:13:54 | 00,872,448 | ---- | C] () -- C:\Documents and Settings\B4BD\Local Settings\Application Data\filesync.metadata
[2009/01/15 08:00:34 | 00,000,772 | ---- | C] () -- C:\Documents and Settings\B4BD\Application Data\KiwiLogFileViewer.ini
[2009/01/15 08:00:34 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\KiwiLogFileViewer.ini
[2009/01/11 21:50:03 | 00,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2009/01/09 15:25:19 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2008/12/23 07:33:18 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/11/25 21:20:43 | 00,000,035 | ---- | C] () -- C:\WINDOWS\dice.ini
[2008/11/24 06:26:59 | 00,000,247 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2008/11/15 09:50:34 | 00,001,293 | ---- | C] () -- C:\WINDOWS\MultiTimer.ini
[2008/11/03 06:04:53 | 00,000,026 | ---- | C] () -- C:\WINDOWS\COOWIZCK.INI
[2008/11/03 06:03:56 | 00,000,042 | ---- | C] () -- C:\WINDOWS\coowiz20.ini
[2008/10/02 02:53:12 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2008/10/02 02:53:12 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2008/08/15 21:31:27 | 00,000,018 | ---- | C] () -- C:\WINDOWS\phsrch5.ini
[2008/06/30 07:30:48 | 00,000,703 | ---- | C] () -- C:\WINDOWS\NewsRover.INI
[2008/06/10 21:05:07 | 00,000,023 | ---- | C] () -- C:\Documents and Settings\B4BD\Local Settings\Application Data\kodakpcd.ini
[2008/05/29 21:00:11 | 00,000,549 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/05/29 21:00:04 | 00,819,200 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/04/26 06:08:22 | 00,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2008/04/10 19:00:08 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008/03/26 03:27:37 | 00,000,525 | ---- | C] () -- C:\WINDOWS\my.ini
[2008/01/27 11:57:45 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/01/27 11:57:45 | 00,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2008/01/27 11:57:45 | 00,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2008/01/27 11:57:45 | 00,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2008/01/27 11:57:45 | 00,004,296 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Zune.ini
[2008/01/27 11:57:45 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008/01/27 11:57:45 | 00,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2008/01/27 11:57:45 | 00,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2008/01/27 11:57:45 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2008/01/27 11:57:45 | 00,002,175 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPhone.ini
[2008/01/27 11:57:45 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2008/01/27 11:57:45 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2008/01/27 11:57:45 | 00,001,878 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2008/01/27 11:57:45 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2008/01/27 11:57:45 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2008/01/27 11:57:45 | 00,001,739 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_AppleTV.ini
[2008/01/27 11:57:45 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2008/01/27 11:57:44 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2008/01/27 11:57:44 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2008/01/19 08:10:04 | 00,000,068 | ---- | C] () -- C:\WINDOWS\xpsyspad.ini
[2008/01/04 14:36:51 | 00,007,861 | ---- | C] () -- C:\Documents and Settings\B4BD\Application Data\ezplay.cat
[2008/01/04 14:36:51 | 00,001,103 | ---- | C] () -- C:\Documents and Settings\B4BD\Application Data\ezplay.inf
[2008/01/04 14:36:51 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\B4BD\Application Data\ezplay.ini
[2008/01/04 14:36:27 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\B4BD\Application Data\pcouffin.cat
[2008/01/04 14:36:27 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\B4BD\Application Data\pcouffin.inf
[2007/12/31 07:15:22 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\M05.Support.Mjpeg.dll
[2007/11/28 21:09:20 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIDIB4.dll
[2007/10/08 18:27:58 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/10/08 18:13:37 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\unsxkic.dll
[2007/10/08 18:13:37 | 00,027,650 | ---- | C] () -- C:\WINDOWS\System32\s3pitwa.dll
[2007/10/08 18:13:37 | 00,026,626 | ---- | C] () -- C:\WINDOWS\System32\tapiinh.dll
[2007/09/17 07:04:54 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/09/17 07:04:51 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/08/20 16:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/20 16:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/15 14:33:14 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/15 14:30:26 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/29 06:12:55 | 00,000,081 | ---- | C] () -- C:\WINDOWS\USRWIZ.INI
[2007/06/10 20:20:12 | 00,004,053 | ---- | C] () -- C:\WINDOWS\32bifax.ini
[2007/05/10 20:25:42 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/10 20:25:42 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/15 10:01:04 | 00,000,219 | ---- | C] () -- C:\WINDOWS\ngmap.ini
[2007/04/14 13:44:17 | 00,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/03/24 21:08:49 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/05 20:14:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pp.ini
[2007/03/05 13:34:28 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/18 07:57:03 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/02/18 06:57:10 | 00,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2007/02/18 06:57:09 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2007/02/18 06:56:29 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2007/02/11 05:19:33 | 00,001,178 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2007/01/12 20:10:40 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32&

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 11:40:42 AM »

[quote name=\'guestolo\' post=\'466323\' date=\'Nov 15 2009, 07:53 AM\']Can you get to safe mode?
Not sure what you mean about SP3, what is the problem?[/quote]

Yes I can usually get to Safe Mode, but it always asked about loading spdt before we removed it. Haven't tried since yet.

Haven't ever been able to get SP3 to work. Tried numerous times and have had varying results, but the last few tries the install halts when it's trying to reload after the first restart and hangs at the driver loading. I try every few months to see if anythings has changed.

I have been uninstalling a few apps to clean up the list of ones I don't use. I restarted so that I could follow your new instructions and when the desktop started to load, OTL loaded and halted the rest of the loading. I closed it without doing anything and everything carried on normally. Anything you want to run before we proceed?

I have to go out for a few hours. Will be back at it later.

Thanks for your help>

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 02:28:05 AM »

Here's the OTL Log-

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\WINDOWS\system32\drivers\sptd.sys moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPTD\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sptd\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPTD\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\sptd\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPTD\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sptd\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\ scheduled to be deleted on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: B4BD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 376858 bytes
->Java cache emptied: 3441647 bytes
->FireFox cache emptied: 901644 bytes
->Google Chrome cache emptied: 43139149 bytes
->Opera cache emptied: 601678 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65536 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->FireFox cache emptied: 13570837 bytes

User: MCX1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 59.25 mb

OTL by OldTimer - Version 3.1.4.0 log created on 11142009_231802

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\ not found.

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 15, 2009, 12:41:59 AM »

SystemLook log is below. I'll try the combofix uninstall again.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:33 on 14/11/2009 by B4BD (Administrator - Elevation successful)

========== filefind ==========

Searching for "sptd.sys"
C:\WINDOWS\system32\drivers\sptd.sys --a--- 717296 bytes [14:35 16/01/2008] [02:53 02/09/2008] (Unable to calculate MD5)

========== regfind ==========

Searching for "sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPTD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPTD\0000\Control]
"ActiveService"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sptd]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Enum]
"0"="Root\LEGACY_SPTD\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPTD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\sptd]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPTD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPTD\0000]
"Service"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPTD\0000\Control]
"ActiveService"="sptd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sptd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Enum]
"0"="Root\LEGACY_SPTD\0000"

-=End Of File=-

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 14, 2009, 11:58:13 PM »

Before I get too far - I ran the combofix uninstall - it ran a full scan, produced a report and left the executable on the desktop. PEV.exe also crashed again.

When i went into device manager catchme was there with the yellow asteric. Is this what you were expecting? I've stopped here for now.

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 14, 2009, 11:00:01 PM »

Not much here. The time stamp is current but I'm not sure it's right. There was just a short display of the command window and that's it. Should I have deleted the old log file first or does it matter?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 14, 2009, 09:52:36 PM »

I'm just making a TrueImage backup. Be about 30 min.

Tech Clinic / I have Hidden Kernel Modules that don't look right

« on: November 14, 2009, 09:25:27 PM »

During execution a crash message popped up "PEV.exe has encountered a problem...."

I just let everything keep going. After reboot the firewall started up again - I OK'd the popups while I suspended Outpost and let it finish. I noticed on the way by (I was on a phone call while it was running) that one of the windows I ok'd was to do with pev.cfxe

Here's the log -

ComboFix 09-11-15.01 - B4BD 14/11/2009 17:25.3.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.3326.2711 [GMT -8:00]
Running from: c:\documents and settings\B4BD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\B4BD\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.

2009-11-14 16:21 . 2009-11-09 17:51 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-14 16:21 . 2009-11-09 17:51 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-14 16:21 . 2009-11-09 17:51 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-14 16:21 . 2009-10-18 17:48 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-14 16:21 . 2009-11-09 17:51 3963672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-14 16:21 . 2009-10-24 07:05 496920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-14 14:12 . 2009-11-14 14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-11 14:48 . 2009-11-11 14:47 2124089 ----a-w- c:\temp\pictures.zip
2009-11-11 14:23 . 2009-11-11 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-09 17:50 . 2009-10-18 17:48 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-09 14:23 . 2009-11-09 14:24 -------- d-----w- C:\rsit
2009-11-09 06:42 . 2008-05-30 01:00 806985 ----a-w- c:\windows\system32\hcwtvwnd.dll
2009-11-09 06:42 . 2008-05-09 05:13 294968 ----a-w- c:\windows\system32\hcwpnp32.dll
2009-11-09 06:42 . 2008-04-22 22:53 163840 ----a-w- c:\windows\system32\hcwChDB.dll
2009-11-09 06:42 . 2008-03-26 22:54 30720 ----a-w- c:\windows\system32\hcwWinTVCI.dll
2009-11-09 06:42 . 2008-03-12 01:36 106552 ----a-w- c:\windows\system32\hcwi2c32.dll
2009-11-09 06:42 . 2004-06-08 08:03 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2009-11-09 06:42 . 2004-01-26 22:49 90190 ----a-w- c:\windows\system32\Bt848WST.DLL
2009-11-09 06:42 . 2003-11-07 20:45 106559 ----a-w- c:\windows\system32\hcwTVDlg.dll
2009-11-09 06:42 . 1999-04-28 00:26 11264 ----a-w- c:\windows\system32\hcwhook.dll
2009-11-09 06:42 . 2001-07-19 16:44 393216 ----a-w- c:\windows\system32\hcwsnbd9.dll
2009-11-08 15:38 . 2009-11-14 14:37 -------- d-----w- C:\Fix
2009-11-04 04:33 . 2009-11-04 04:33 -------- d-----w- C:\found.000
2009-11-03 14:37 . 2009-11-03 14:40 197676 ----a-w- C:\MGlogs.zip
2009-11-03 14:35 . 2009-11-03 14:40 -------- d-----w- C:\MGtools
2009-11-03 03:30 . 2009-11-03 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-03 03:29 . 2009-11-11 21:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-03 03:29 . 2009-11-11 21:38 -------- d-----w- c:\documents and settings\B4BD\Application Data\SUPERAntiSpyware.com
2009-11-02 13:57 . 2009-11-02 13:57 3584 ----a-r- c:\documents and settings\B4BD\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-11-02 13:57 . 2009-11-02 13:57 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-11-01 21:50 . 2009-11-09 05:32 -------- d-----w- C:\Hauppauge
2009-10-31 15:27 . 2009-01-28 19:52 142337 ----a-w- c:\windows\system32\Wait.exe
2009-10-31 15:27 . 2009-11-09 13:55 -------- d-----w- c:\program files\WinTV
2009-10-31 15:16 . 2009-11-11 21:39 363088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-25 18:46 . 2009-10-25 18:46 -------- d-----w- c:\documents and settings\B4BD\Application Data\AVG9
2009-10-24 16:08 . 2009-10-24 16:12 -------- d-----w- C:\I386
2009-10-24 07:06 . 2009-10-24 07:05 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-10-24 07:04 . 2009-10-18 17:48 842520 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-10-24 07:04 . 2009-10-24 07:04 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-10-23 04:23 . 2009-10-23 04:23 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-18 17:49 . 2009-10-20 03:13 -------- d-----w- C:\$AVG
2009-10-18 17:48 . 2009-11-09 17:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-18 17:48 . 2009-10-18 17:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-18 17:48 . 2009-10-18 17:48 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-18 17:48 . 2009-10-18 17:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-18 17:48 . 2009-11-14 16:22 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-18 17:48 . 2009-10-18 17:48 -------- d-----w- c:\program files\AVG
2009-10-18 17:48 . 2009-10-18 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 01:21 . 2009-02-20 04:46 -------- d-----w- c:\program files\Everything
2009-11-15 00:54 . 2006-02-20 14:24 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-14 16:05 . 2009-01-08 19:57 1 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-11 21:38 . 2006-02-16 04:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-11 17:36 . 2007-08-08 03:35 -------- d-----w- c:\program files\ESET
2009-11-11 14:22 . 2009-07-10 13:45 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-11 14:13 . 2006-02-07 05:19 -------- d-----w- c:\documents and settings\B4BD\Application Data\AdobeUM
2009-11-10 14:32 . 2006-10-09 21:22 -------- d-----w- c:\program files\TimeLeft3
2009-11-10 14:30 . 2008-12-04 15:11 -------- d-----w- c:\program files\StationRipper
2009-11-10 14:29 . 2009-08-16 16:58 -------- d-----w- c:\program files\r2 Studios
2009-11-09 06:24 . 2005-12-23 23:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-08 22:51 . 2007-09-19 05:21 -------- d-----w- c:\program files\Yahoo!
2009-11-08 22:51 . 2007-09-19 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO
2009-11-05 07:33 . 2009-06-06 18:53 -------- d-----w- c:\program files\TweakNow PowerPack 2009
2009-11-05 06:56 . 2007-03-02 13:45 -------- d-----w- c:\program files\WhatsRunning
2009-11-03 13:08 . 2007-11-21 05:35 -------- d-----w- c:\program files\EarthTime
2009-11-03 13:08 . 2007-01-06 01:01 -------- d-----w- c:\program files\Aurora Media Workshop
2009-11-02 13:56 . 2008-03-24 13:45 -------- d-----w- c:\program files\MSECache
2009-11-02 05:38 . 2009-06-12 05:26 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-02 05:09 . 2009-04-11 18:13 -------- d-----w- c:\program files\AML Registry Cleaner
2009-11-02 04:39 . 2007-06-12 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2009-11-02 04:38 . 2007-10-09 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G4
2009-11-02 00:50 . 2009-01-15 16:06 -------- d-----w- c:\program files\Kiwi CatTools3
2009-11-02 00:50 . 2007-05-28 15:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-02 00:49 . 2009-10-01 12:44 -------- d-----w- c:\program files\Syslogd
2009-10-31 05:22 . 2008-03-16 03:13 492164 ------w- c:\documents and settings\B4BD\Application Data\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\ISSetup.dll
2009-10-31 05:22 . 2008-03-16 03:13 460248 ----a-w- c:\documents and settings\B4BD\Application Data\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\setup.exe
2009-10-31 05:22 . 2008-03-16 03:13 164784 ----a-w- c:\documents and settings\B4BD\Application Data\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\_Setup.dll
2009-10-25 21:03 . 2009-08-04 15:26 -------- d-----w- c:\documents and settings\B4BD\Application Data\vlc
2009-10-25 15:44 . 2009-04-18 13:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 15:43 . 2009-08-23 14:08 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-23 03:23 . 2008-03-02 18:02 -------- d-----w- c:\documents and settings\B4BD\Application Data\Canon
2009-10-20 13:03 . 2009-09-24 12:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-20 03:40 . 2007-10-18 13:06 -------- d-----w- c:\program files\SmartWhois
2009-10-18 17:54 . 2005-12-24 02:23 213936 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 17:22 . 2009-10-12 17:22 -------- d-----w- c:\program files\DemoForge
2009-10-09 03:30 . 2006-06-21 14:29 -------- d-----w- c:\program files\Java
2009-10-09 03:29 . 2009-10-09 03:29 152576 ----a-w- c:\documents and settings\B4BD\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-04 22:25 . 2009-02-26 15:03 -------- d-----w- c:\program files\Opera
2009-09-22 05:05 . 2009-09-22 05:05 -------- d-----w- c:\program files\JRE
2009-09-22 05:04 . 2009-01-08 19:46 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-21 03:50 . 2009-07-06 04:52 -------- d-----w- c:\program files\Songbird
2009-09-14 18:44 . 2008-07-15 05:31 256792 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-09-10 21:54 . 2009-04-18 13:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-04-18 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 13:27 . 2009-09-03 13:27 10134 ----a-r- c:\documents and settings\B4BD\Application Data\Microsoft\Installer\{57A5EB05-1B4C-4133-9315-5ECDFC01C0F4}\ARPPRODUCTICON.exe
2009-08-29 00:36 . 2008-04-26 15:56 714112 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-08-18 04:27 . 2009-08-18 04:27 686080 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\56F.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2009-08-18 04:27 . 2009-08-18 04:27 568832 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\56F.tmp_\sun-pdfimport.oxt\msvcp90.dll
2009-08-18 04:27 . 2009-08-18 04:27 655872 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\56F.tmp_\sun-pdfimport.oxt\msvcr90.dll
2009-08-18 04:27 . 2009-08-18 04:27 583168 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\56F.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2009-08-18 04:27 . 2009-08-18 04:27 224768 ----a-w- c:\documents and settings\B4BD\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\56F.tmp_\sun-pdfimport.oxt\msvcm90.dll
2007-04-11 20:12 . 2008-01-04 22:36 2279464 ----a-w- c:\program files\PcSetup.exe
2006-02-23 15:16 . 2007-06-24 14:50 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 15:16 . 2007-06-24 14:50 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2006-05-03 09:06 . 2009-08-17 05:09 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-08-17 05:09 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-08-17 05:09 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-13_05.01.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-15 01:40 . 2009-11-15 01:40 16384 c:\windows\temp\Perflib_Perfdata_8a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"="c:\appsnoinstall\volumouse\volumouse.exe" [2009-03-15 31744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-14 2020120]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-09-24 1270080]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-09-23 436552]

c:\documents and settings\B4BD\Start Menu\Programs\Startup\AutorunsDisabled
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft3\TimeLeft.exe [2006-12-9 1026560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-9-15 221247]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-4-19 25214]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-18 17:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Media Center Diagnostic Kit\\MCDiag.exe"=
"c:\\Program Files\\Media Center Diagnostic Kit\\MCEHostRemote.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\Ikernel.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\HPMVTray.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\NASSelector.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\NASDriveMapper.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\HPEZBkup.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\HPMVCheck.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Red Chair Software\\Notmad Explorer\\notmgr.exe"=
"c:\\Program Files\\Red Chair Software\\Audigen Explorer\\audmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp
"3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
"3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [21/06/2006 7:12 PM 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/10/2009 9:48 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/10/2009 9:48 AM 360584]
R1 oxfwlf;oxfwlf;c:\windows\system32\drivers\OxFWLF.sys [02/12/2003 10:47 AM 12616]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [26/04/2008 7:56 AM 714112]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [26/04/2008 7:56 AM 1338560]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [18/10/2009 9:48 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18/10/2009 9:48 AM 285392]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [26/04/2008 7:56 AM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [14/07/2008 9:31 PM 256792]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [12/05/2009 9:28 PM 1432960]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [07/09/2006 8:16 PM 10112]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [26/04/2008 7:56 AM 33920]
S3 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [27/02/2007 8:53 PM 20480]
S3 ehMonitor;Media Center Monitor Service;c:\program files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe [07/09/2005 6:18 PM 49336]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;

S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [08/11/2009 10:43 PM 823296]
S3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [23/12/2005 3:17 PM 38528]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 7:35 AM 50704]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_X32.sys [03/09/2009 5:49 AM 17664]
S3 OxUSBLF;Oxsemi USB filter driver;c:\windows\system32\drivers\OxUSBLF.sys [31/05/2005 2:39 PM 7808]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 3:03 AM 7808]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);c:\windows\system32\drivers\p35u.sys [12/11/2006 8:34 AM 116448]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [17/06/2009 10:22 PM 30136]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [10/09/2007 11:45 PM 124832]
S4 gupdate1c99e16a3dd4ece;Google Update Service (gupdate1c99e16a3dd4ece);c:\program files\Google\Update\GoogleUpdate.exe [05/03/2009 8:47 PM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-29 13:19]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 04:46]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 04:46]

2008-12-08 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\B4BD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 14:13]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Documents%20and%20Settings/B4BD/Application%20Data/LastPass/iehome.html
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
TCP: {241E0D44-3E60-4164-9E31-0D7447F037D1} = 208.67.222.222,208.67.220.220
Handler: AutorunsDisabled\intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath - c:\documents and settings\B4BD\Application Data\Mozilla\Firefox\Profiles\ypiv51q7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 17:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B0841F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8b0841f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(2008)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WININET.dll
c:\appsnoinstall\volumouse\vlmshlp.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2009-11-14 17:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-15 01:51
ComboFix091101.txt 2009-11-01 20:39
ComboFix2.txt 2009-11-14 20:43
ComboFix3.txt 2009-11-13 05:05
ComboFix4.txt 2009-11-02 04:14
ComboFix5.txt 2009-11-15 01:23

Pre-Run: 34,928,881,664 bytes free
Post-Run: 34,871,250,944 bytes free

- - End Of File - - F7F7BCA5B08FBCD3F22102AA9B92F09E

Pages: [1] 2

TheTechGuide Forum

News:

Show Posts

Messages - Flim

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right

Tech Clinic / I have Hidden Kernel Modules that don't look right