Tech Support Forum banner
Status
Not open for further replies.
1 - 20 of 49 Posts

·
Registered
Joined
·
26 Posts
Discussion Starter · #1 ·
Hi everyone! A couple of days ago, my graphics drivers crashed for me whilst playing a game. Windows told me to restart, which I did. When I booted up the next day, I found that computer, whilst shutting down the previous night had BSOD'd and had restarted due to "spooldr.sys", which Windows told me was malware. Since then, my computer has restarted on it's own initiative several times. I am also sure that is trying to steal personal information, as I have had dialog boxes pop occasionally informing me that my Gmail handle does not match a password, for some unknown reason (Naturally, I have since changed all my passwords for critical/semi-critical websites since then.) I have attempted to find spooldr.sys using various instructions given to me by other websites, but many of them are a couple of years old, and I can't find any file called spooldr.sys, even after manually searching my C drive with Explorer, running a Threatfire, Spybot and an Avira scan. All of the antivirus programmes insist that my computer is clean (They are all up to date), but they're wrong. I'm completely clueless as to what to do.:4-dontkno

Here's DDS.txt



DDS (Ver_10-03-17.01) - NTFSx86
Run by anthony at 11:11:54.46 on 10/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.404 [GMT 1:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\program files\steam\steam.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Documents and Settings\anthony\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anthony\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Google Update] "c:\documents and settings\anthony\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [scheduler_monitor] c:\program files\reaconverter 5.5 pro\init_scheduler.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [FilterGate] c:\progra~1\filter~1\filtergate.exe /ASK
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [eTrustPPAP] "c:\program files\ca\etrust internet security suite\etrust pestpatrol anti-spyware\PPActiveDetection.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [AnonymityGateway] c:\program files\anonymity gateway\Anonymity Gateway.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\anthony\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\anthony\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PCProxy.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} - hxxp://ecos.bok.or.kr/miplatform/install/MiPlatform_Updater320_20070614_0910.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183823737750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - hxxp://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
TCP: {4631D7B6-AA33-4B9A-9A95-E4CF0AE7CFAE} = 192.168.0.1
TCP: {7D4EE33F-E18D-469A-A999-2088F675ADB7} = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anthony\applic~1\mozilla\firefox\profiles\ieg8uvz5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.facebook.com/home.php?
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\anthony\application data\mozilla\firefox\profiles\ieg8uvz5.default\extensions\{7378b8c2-fc38-41b8-a8c9-875d1f5b0a24}\components\NativeComponent.dll
FF - plugin: c:\documents and settings\anthony\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMiPlatformX320.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-1-14 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-1-14 59664]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-6-8 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-8 353672]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-6-8 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-6-8 151297]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2008-12-2 222456]
R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys [2004-5-17 17280]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2008-9-7 53307]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-6-8 52056]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-1-14 33552]
S3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\drivers\usbethmp.sys [2007-7-7 14342]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\plcmpr5.sys --> c:\windows\system32\PLCMPR5.SYS [?]
S3 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-07-20 11:49:06 0 d-----w- c:\documents and settings\anthony\Calibre Library
2010-07-20 11:48:54 0 d-----w- c:\docume~1\anthony\applic~1\calibre
2010-07-20 11:46:56 0 d-----w- c:\program files\Calibre2
2010-07-17 18:08:58 0 d-----w- c:\documents and settings\anthony\Library
2010-07-17 18:08:31 0 d-----w- c:\docume~1\alluse~1\applic~1\kinoma
2010-07-17 18:07:07 0 d-----w- c:\program files\Sony
2010-07-17 18:07:07 0 d-----w- c:\program files\common files\Sony Shared
2010-07-14 15:56:37 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-07-09 19:04:40 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2007-10-21 17:09:03 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2007-11-27 17:41:41 80 --sh--r- c:\windows\system32\F923F43713.dll

============= FINISH: 11:16:09.09 ===============

I can think of two places where the virus may have come from. One is a torrent (*Cough* :sigh:) for Abe's Oddyssee, which has since been deleted (It was not the game which I was playing when the graphics driver broke). But the other one, which I think is more likely is a problem with Java. For the past few months, upon starting up Firefox, every other day or so, I get told that there is an update to the Java Console to version 6.0.02.03 is available. I have updated it numerous times, only to be told the following day that the same update is available. Since FF worked fine, I thought nothing of it, but browsing through one of your threads with the same virus, it was found that the problem was a vulnerability with Java. Could that be the source of the problem?

Thanks a lot in advance.
 

Attachments

·
Registered
Joined
·
26 Posts
Discussion Starter · #2 ·
Bump, please.

I have to point out that my GMER log comes from a scan ran in Safe Mode, as my computer would spontaneously restart after a minute or two of scanning in a standard boot configuration, no doubt due to the infection. However, I was thankfully able to run the DDS scan in a standard boot.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello GusHolst,

No, the cracked game is the more likely source of the infection. Lets try another rootkit scanner.

Download RootRepeal from any of the links below:

http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe
http://rootrepeal.psikotick.com/RootRepeal.exe

Close any open programs, browsers, and disable AV and other protective programs.

  • Extract RootRepeal.exe from the zip archive.
  • Open
    on your desktop.
  • Click the
    tab.
  • Click the
    button.
  • Check all boxes
  • Click Ok
  • Check the box for your main system drive (Usually C:), and click Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the
    button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Let's see if this one will run for you. Please download Rootkit Unhooker and save it to your desktop.

Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning. Please click OK to continue:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
 

·
Registered
Joined
·
26 Posts
Discussion Starter · #6 ·
Hi Ried,

No, Rootkit Unhooker doesn't work either. It gets past the initial loading stage, then locks up, like RootRepeal did. I didn't manage to get to the UI for the program. When frozen, both of them were using exactly 50% of my CPU, and about 10,000 kb/s of my Memory Usage.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Try running it from Safe Mode.
 

·
Registered
Joined
·
26 Posts
Discussion Starter · #8 ·
Hi Riel,

Neither are working I'm afraid. Unhooker says there's a driver error, and doesn't even get to the loading stage, wheras Rootrepeal behaves just like it did in the normal configuration.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
This next tool won't show me rootkits, but it may give me a hint or a clue somewhere. Again, shut down any programs, close browsers, that disable all active protection programs before running the tool.

Download OTL to your desktop.

Double click the icon to start the tool.
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created, OTL.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.
 

·
Registered
Joined
·
26 Posts
Discussion Starter · #10 ·
Hi Riel,

OTL worked! Here's the logs:

OTL

OTL logfile created on: 14/08/2010 14:34:26 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\anthony\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 10.94 Gb Free Space | 8.55% Space Free | Partition Type: NTFS
Drive D: | 3.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A-XWIBI2CFW3ZT8
Current User Name: anthony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/14 14:31:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\anthony\Desktop\OTL.exe
PRC - [2010/06/16 22:33:45 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\anthony\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/05/10 09:27:58 | 000,906,656 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/15 00:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010/01/15 00:08:13 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2008/11/09 19:08:34 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/11/09 19:08:32 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/07/19 19:58:39 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/06/10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/28 12:43:40 | 002,097,488 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/01/04 14:27:08 | 000,587,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/08/10 12:37:08 | 005,331,456 | R--- | M] (Linksys) -- C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/16 21:17:16 | 001,941,784 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006/10/16 21:13:32 | 000,087,584 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/10/16 21:13:28 | 000,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/10/16 21:12:20 | 001,164,912 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2005/07/04 16:46:04 | 000,053,307 | ---- | M] () -- C:\Program Files\Linksys\WUSB300N\WLService.exe
PRC - [2004/12/02 19:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe


========== Modules (SafeList) ==========

MOD - [2010/08/14 14:31:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\anthony\Desktop\OTL.exe
MOD - [2010/01/15 00:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2008/04/14 01:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/14 01:11:48 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys\WUSB300N\WLService.exe WUSB300N.exe -- (WUSB300NSvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/04/28 14:21:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/01/15 00:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/11/09 19:08:34 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/11/09 19:08:32 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/06/10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008/01/04 14:27:08 | 000,587,096 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/11/30 13:27:22 | 000,558,592 | ---- | M] (ReaSoft) [On_Demand | Stopped] -- C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe -- (rcp_service)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/16 21:13:28 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PLCMPR5.SYS -- (PLCMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2010/01/31 19:24:11 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/01/31 19:23:58 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/01/15 00:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/15 00:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/15 00:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/05/31 19:49:01 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/31 19:48:31 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/31 19:48:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/04/23 11:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/25 23:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/18 15:44:00 | 006,308,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/10/25 14:08:58 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/10/25 14:08:57 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/25 14:08:49 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/14 07:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/03/01 10:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/01/30 11:57:50 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/07 18:27:38 | 000,499,456 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrvw245.sys -- (MRVW245)
DRV - [2006/08/14 14:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/03/17 17:10:00 | 001,163,264 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/12/08 12:54:52 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 12:54:44 | 000,142,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/03/09 07:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/11/22 15:58:31 | 000,014,342 | R--- | M] (Intellon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbethmp.sys -- (A_USBETHMP)
DRV - [2004/05/17 11:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\plcndis5.sys -- (PLCNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 32 D8 A1 89 CF CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/|http://www.facebook.com/home.php?"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.1.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: de-[email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}:5.2.4.8
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0b8
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/07 12:29:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/07 12:29:01 | 000,000,000 | ---D | M]

[2008/06/17 22:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Extensions
[2010/08/10 11:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions
[2010/07/07 10:16:41 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/15 23:43:28 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/12/20 01:40:33 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/03/29 08:29:13 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
[2010/04/17 10:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/06/12 23:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2010/08/08 17:32:24 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2008/11/29 20:33:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{D0B1F8AA-514E-11D9-8DCF-D88E9B291984}
[2010/07/11 10:49:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/16 10:25:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/07 10:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/12/26 21:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/10 10:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\[email protected]
[2010/02/19 10:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\[email protected]
[2009/12/20 01:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\[email protected]
[2008/04/17 15:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\[email protected]
[2010/05/12 19:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\[email protected]
[2010/04/07 08:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\[email protected]
[2010/04/14 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\[email protected]
[2010/08/08 17:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\staged-xpis
[2008/10/10 23:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\[email protected]
[2008/06/30 10:28:54 | 000,001,146 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\bbc-news.xml
[2008/10/09 22:54:23 | 000,001,963 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\de-en-beolingus.xml
[2008/12/20 12:40:27 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\digg.xml
[2009/09/14 18:08:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-10.xml
[2009/10/09 19:21:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-11.xml
[2009/10/15 18:49:28 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-12.xml
[2009/11/02 18:00:29 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-13.xml
[2009/12/19 12:57:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-14.xml
[2010/01/07 12:34:55 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-15.xml
[2010/02/06 12:29:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-16.xml
[2010/03/24 18:08:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-17.xml
[2010/04/05 23:33:42 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-18.xml
[2010/06/25 18:41:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-19.xml
[2009/03/09 18:17:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-2.xml
[2010/06/30 17:22:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-20.xml
[2010/07/22 14:42:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-21.xml
[2010/08/07 12:43:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-22.xml
[2009/03/29 11:30:19 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-3.xml
[2009/04/23 22:20:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-4.xml
[2009/04/29 17:14:27 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-5.xml
[2009/06/13 16:38:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-6.xml
[2009/07/17 14:53:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-7.xml
[2009/07/28 15:21:27 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-8.xml
[2009/08/16 11:57:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin-9.xml
[2008/03/31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin.gif
[2008/03/31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin.src
[2009/02/21 15:36:31 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\icqplugin.xml
[2008/07/28 11:30:32 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\lastfm.xml
[2008/06/04 21:33:42 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\mininova.xml
[2008/01/15 22:48:53 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\uncyclopedia-english.xml
[2007/11/10 19:46:18 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\wikipedia-english.xml
[2008/06/25 12:04:53 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\searchplugins\youtube-video-search.xml
[2010/08/10 11:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/02 22:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2007/03/13 14:40:40 | 000,040,960 | ---- | M] (TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\CyAxCommon320.dll
[2007/03/19 11:06:18 | 000,167,936 | ---- | M] (TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\CyBaseLib320.dll
[2007/03/19 11:06:32 | 000,823,296 | ---- | M] (TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\CyClassLib320.dll
[2007/03/15 13:10:24 | 001,093,632 | ---- | M] (TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\CyComCtl320.dll
[2007/03/19 11:06:34 | 000,126,976 | ---- | M] (TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\CyFrameLib320.dll
[2007/03/13 14:33:54 | 000,106,496 | ---- | M] (TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\CyHttpAdp320.dll
[2007/03/06 18:15:42 | 000,933,888 | ---- | M] (TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\CyHttpLib320.dll
[2007/03/20 17:40:22 | 000,098,304 | ---- | M] (TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\CyMipApi320.dll
[2007/03/19 11:10:34 | 001,433,600 | ---- | M] (TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\CyPlatformLib320.dll
[2007/03/19 11:06:44 | 000,581,632 | ---- | M] (TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\CyScriptLib320.dll
[2007/03/22 21:01:24 | 000,212,992 | ---- | M] ( TOBESOFT) -- C:\Program Files\Mozilla Firefox\plugins\npMiPlatformX320.dll
[2007/09/28 19:57:26 | 006,275,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AnonymityGateway] C:\Program Files\Anonymity Gateway\Anonymity Gateway.exe File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eTrustPPAP] C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe File not found
O4 - HKLM..\Run: [FilterGate] C:\Program Files\FilterGate\filtergate.exe (FilterGate Ltd.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe File not found
O4 - HKLM..\RunOnce: [IERESETICONS] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\anthony\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Documents and Settings\anthony\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\PCProxy.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\PCProxy.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\PCProxy.dll ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} http://ecos.bok.or.kr/miplatform/install/MiPlatform_Updater320_20070614_0910.cab (CyMiInstaller320 Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183823737750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB (MSN Music Mediabar)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab (Creative Software AutoUpdate Support Package)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\anthony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\anthony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/07 14:27:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3c503a0d-91a3-11df-a6a7-001ee52728a8}\Shell\AutoRun\command - "" = G:\Windows\bin\eblSetup.exe -- File not found
O33 - MountPoints2\{e633d353-a293-11dd-aa1f-001ee52728a8}\Shell\AutoRun\command - "" = F:\SetupAssistant.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/14 14:31:48 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\anthony\Desktop\OTL.exe
[2010/08/13 14:55:35 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\anthony\Desktop\RootRepeal.exe
[2010/07/20 12:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anthony\Calibre Library
[2010/07/20 12:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anthony\Application Data\calibre
[2010/07/20 12:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2010/07/17 19:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anthony\My Documents\My Digital Editions
[2010/07/17 19:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anthony\Library
[2010/07/17 19:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anthony\My Documents\My Books
[2010/07/17 19:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2010/07/17 19:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/07/17 19:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2010/07/17 19:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anthony\Local Settings\Application Data\Sony Corporation
[2010/07/17 19:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/07/17 18:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anthony\Local Settings\Application Data\kinoma
[2002/04/11 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/14 14:31:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\anthony\Desktop\OTL.exe
[2010/08/14 13:39:51 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1659004503-839522115-1004UA.job
[2010/08/14 13:20:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/14 13:18:04 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/14 13:17:45 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/14 13:17:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/14 13:17:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/14 13:17:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/14 09:40:18 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\anthony\NTUSER.DAT
[2010/08/14 09:40:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\anthony\ntuser.ini
[2010/08/13 20:00:41 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\anthony\Desktop\RKUnhookerLE.EXE
[2010/08/13 14:55:37 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\anthony\Desktop\RootRepeal.exe
[2010/08/10 22:39:00 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1659004503-839522115-1004Core.job
[2010/08/10 11:19:38 | 000,006,726 | ---- | M] () -- C:\Documents and Settings\anthony\Desktop\Attach.zip
[2010/08/07 21:49:46 | 001,577,454 | -H-- | M] () -- C:\Documents and Settings\anthony\Local Settings\Application Data\IconCache.db
[2010/07/27 07:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/21 11:08:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/20 12:48:00 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2010/07/19 13:45:50 | 000,001,852 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/07/18 10:06:58 | 000,046,496 | ---- | M] () -- C:\Documents and Settings\anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/18 09:41:24 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/17 19:07:26 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Reader Library.lnk
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/13 20:00:41 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\anthony\Desktop\RKUnhookerLE.EXE
[2010/08/10 11:19:38 | 000,006,726 | ---- | C] () -- C:\Documents and Settings\anthony\Desktop\Attach.zip
[2010/08/09 16:43:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\anthony\Desktop\gmer.exe
[2010/07/20 12:48:00 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2010/07/19 14:13:19 | 000,495,104 | ---- | C] () -- C:\Documents and Settings\anthony\Desktop\lame_enc.dll
[2010/07/17 19:07:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Reader Library.lnk
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/31 19:24:11 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/01/31 19:23:58 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/18 19:37:58 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/14 00:26:12 | 000,000,704 | ---- | C] () -- C:\WINDOWS\System32\AmplusnetPrivacyTools.ini
[2009/07/14 00:26:11 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\PCProxy.dll
[2009/02/18 15:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/02/18 15:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/02/18 15:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/02/18 15:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/10 21:48:12 | 000,001,852 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/08 21:33:38 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/09/07 18:29:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/09/07 18:28:43 | 000,001,044 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/06/30 20:04:37 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/05/17 23:26:44 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/02 20:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2008/01/01 17:07:25 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\d3dxas.dll
[2007/11/30 21:50:06 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/27 18:41:32 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\F923F43713.dll
[2007/11/18 18:09:56 | 000,005,781 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/11/18 18:09:56 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/11/18 12:10:58 | 000,000,147 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/14 23:23:05 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2007/10/20 01:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/20 01:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/07/07 15:28:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/03 12:38:42 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\P17.DLL
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/12/19 23:00:30 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

EXTRAS

OTL Extras logfile created on: 14/08/2010 14:34:26 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\anthony\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 10.94 Gb Free Space | 8.55% Space Free | Partition Type: NTFS
Drive D: | 3.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A-XWIBI2CFW3ZT8
Current User Name: anthony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"12975:TCP" = 12975:TCP:*:Enabled:bibi.hamachi.cc

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\devolo\informer\devinf.exe" = C:\Program Files\devolo\informer\devinf.exe:*:Enabled:devolo MicroLink Informer -- (devolo AG)
"C:\Program Files\devolo\easyshare\easyshare.exe" = C:\Program Files\devolo\easyshare\easyshare.exe:*:Enabled:devolo MicroLink EasyShare -- (devolo AG)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\anthony\Desktop\Games\VIP\Victoria.exe" = C:\Documents and Settings\anthony\Desktop\Games\VIP\Victoria.exe:*:Enabled:Victoria -- (Paradox Entertainment)
"C:\Program Files\Steam\SteamApps\tsar_phalanxia\source sdk base 2007\hl2.exe" = C:\Program Files\Steam\SteamApps\tsar_phalanxia\source sdk base 2007\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25B932C7-EB2B-422E-910D-504FB00DAE43}" = Reader Library by Sony
"{25DD76DB-7288-4EC4-9592-0E6BF5F32E58}" = MiPlatform_InstallEngine320A
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3339B837-BCC7-49B4-8494-866EA7D2B14E}" = calibre
"{34A26F7A-B099-4435-8A83-51D6BCFA93E9}" = Freedom
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{51C65CD6-A344-41B5-81E2-3CCAC8024F68}" = Sibelius Scorch
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{52B50724-71C8-4413-97AC-D644EC42B0FD}" = Victoria - Revolutions
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A5AB07F-2E03-405D-8DAF-1DB38D1DE14A}" = MiPlatform_Updater320
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9987773E-4C0B-4A51-AF29-6C08CF58BFEA}" = Europa Barbarorum v1
"{9BCAC864-84C0-409F-8D12-364109622D18}_is1" = Europa Barbarorum 1.1
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9FB91959-6DC9-442B-8966-3FA6449D33AB}" = MagicCube5D
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AD3E68F5-D141-49C0-B002-28B48030B902}_is1" = Europa Barbarorum 1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD986BE5-01F9-4A21-A0FA-3D1A41A93648}" = MiPlatform320_ECOS4IE
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = MSN Music Mediabar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6B8ED44-CA4A-4702-924D-34596E5450DB}" = Crusader Kings
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}" = Linksys Wireless-N USB Network Adapter WUSB300N
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E05B1C38-AE31-4146-8D47-E5E71BEB8D9E}" = Immortal Cities
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCEEC706-B4DD-43EF-8B66-C1ABF72D4616}" = MiPlatforml320_ECOS
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Abdio PDF Editor v7.0 (Free Try)" = Abdio PDF Editor v7.0 (Free Try)
"Abe's Oddysee" = Abe's Oddysee
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AION" = ÓÀºãÖ®Ëþ
"All ATI Software" = ATI - Software Uninstall Utility
"Anonymity Gateway 3.0_is1" = Anonymity Gateway 3.0
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ATI Display Driver" = ATI Display Driver
"Baldur's Gate" = Baldur's Gate
"Conquest_is1" = Conquest 4.0
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Distant Worlds1.0.4.9" = Distant Worlds
"DivX Setup.divx.com" = DivX Setup
"dlanconf" = devolo MicroLink dLAN Configuration Wizard
"dslmon" = devolo MicroLink Informer
"EADM" = EA Download Manager
"easyclean" = devolo MicroLink EasyClean
"easyshare" = devolo MicroLink EasyShare
"EB Documentation_is1" = EB Documentation 1.1
"EB Trivial Script_is1" = EB Trivial Script 0.125
"Europa Barbarorum for Barbarian Invasion" = Europa Barbarorum for Barbarian Invasion 1.2.2.5
"EVEMon" = EVEMon
"FilterGate" = FilterGate
"Foxit Reader" = Foxit Reader
"Galactic Civilizations II - Ultimate Edition" = Galactic Civilizations II - Ultimate Edition
"GameSpy Arcade" = GameSpy Arcade
"Golden" = Golden Records
"GoldenEye Source" = GoldenEye: Source - HalfLife 2 Mod
"Heir to the Throne_is1" = Heir to the Throne
"HTML Help Workshop" = HTML Help Workshop
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"In Nomine_is1" = In Nomine 3.1
"Information Center" = Information Center
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{E05B1C38-AE31-4146-8D47-E5E71BEB8D9E}" = Immortal Cities
"LastFM_is1" = Last.fm 1.5.4.24567
"LogMeIn Hamachi" = LogMeIn Hamachi
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mother Of All Battles_is1" = Mother Of All Battles 3.2
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Addon Mod" = Network Addon Mod Version June 2009
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetupTemp.{6FF543AB-99B3-4120-902C-70A38314ABD8}" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Populous: The Beginning" = Populous: The Beginning
"Populous: The Beginning (Demo)" = Populous: The Beginning (Demo)
"PowerISO" = PowerISO
"ReaConverter 5.5 Pro_is1" = ReaConverter 5.5 Pro
"Recruitment Viewer_is1" = Recruitment Viewer 0.9
"Rural Highway Mod" = Rural Highway Mod 3.0
"Sean O'Connor's Windows Games_is1" = Sean O'Connor's Windows Games
"Steam App 10600" = Empire: Total War - Special Forces Unit
"Steam App 12900" = Audiosurf
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Switch" = Switch Sound File Converter
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Total Realism for Warlords Gold" = Total Realism for Warlords Gold
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"UnrealTournament" = Unreal Tournament
"VeryPDF PDF Editor v2.2_is1" = VeryPDF PDF Editor v2.2
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/08/2010 11:39:25 | Computer Name = A-XWIBI2CFW3ZT8 | Source = Google Update | ID = 20
Description =

Error - 10/08/2010 12:39:27 | Computer Name = A-XWIBI2CFW3ZT8 | Source = Google Update | ID = 20
Description =

Error - 10/08/2010 13:39:26 | Computer Name = A-XWIBI2CFW3ZT8 | Source = Google Update | ID = 20
Description =

Error - 10/08/2010 14:39:27 | Computer Name = A-XWIBI2CFW3ZT8 | Source = Google Update | ID = 20
Description =

Error - 13/08/2010 10:13:17 | Computer Name = A-XWIBI2CFW3ZT8 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 13/08/2010 10:39:46 | Computer Name = A-XWIBI2CFW3ZT8 | Source = Google Update | ID = 20
Description =

Error - 13/08/2010 11:39:27 | Computer Name = A-XWIBI2CFW3ZT8 | Source = Google Update | ID = 20
Description =

Error - 13/08/2010 15:36:54 | Computer Name = A-XWIBI2CFW3ZT8 | Source = Application Error | ID = 1000
Description = Faulting application TFService.exe, version 4.10.1.14, faulting module
msvcr80.dll, version 8.0.50727.4053, fault address 0x000173d0.

Error - 13/08/2010 15:39:27 | Computer Name = A-XWIBI2CFW3ZT8 | Source = Google Update | ID = 20
Description =

Error - 14/08/2010 08:39:27 | Computer Name = A-XWIBI2CFW3ZT8 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 14/08/2010 09:26:49 | Computer Name = A-XWIBI2CFW3ZT8 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 14/08/2010 09:27:49 | Computer Name = A-XWIBI2CFW3ZT8 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 14/08/2010 09:28:49 | Computer Name = A-XWIBI2CFW3ZT8 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 14/08/2010 09:29:49 | Computer Name = A-XWIBI2CFW3ZT8 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 14/08/2010 09:30:50 | Computer Name = A-XWIBI2CFW3ZT8 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 14/08/2010 09:31:50 | Computer Name = A-XWIBI2CFW3ZT8 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 14/08/2010 09:32:50 | Computer Name = A-XWIBI2CFW3ZT8 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 14/08/2010 09:33:50 | Computer Name = A-XWIBI2CFW3ZT8 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 14/08/2010 09:34:50 | Computer Name = A-XWIBI2CFW3ZT8 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 14/08/2010 09:35:50 | Computer Name = A-XWIBI2CFW3ZT8 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Thanks for the bump. :)

I'm not finding the source in any of these logs. Let's see if an online scanner reveals anything for us. Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.

Is the system still restarting with that same error? Have you gotten any more error messages from Gmail since changing the password?
 

·
Registered
Joined
·
26 Posts
Discussion Starter · #13 ·
Hi Riel,

The system hasn't restarted since with the exact same message from Windows popping up (That the system error was caused by spooldr.sys), but it restarted every time I tried to run GMER when it wasn't in Safe Mode and a few other times as well at random intervals. There have been no more error messages from Windows, although it's clear something is wrong.

Umm, it turns out the error message came from Googletalk, which was trying to log into my account automatically after I'd changed the password, which is a bit embarrassing :embarased.

Happily though, the EST scan worked! Here's the log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ddafc01c9fdf3a42a0768a5165a41501
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-15 03:47:58
# local_time=2010-08-15 04:47:58 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777179 100 0 68942978 68942978 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 100 74 33096212 50167418 0 0
# scanned=260066
# found=2
# cleaned=0
# scan_time=8005
C:\Documents and Settings\anthony\Local Settings\Temp\CSM8E.tmp a variant of Win32/Adware.Mongoose.A application 00000000000000000000000000000000 I
C:\Documents and Settings\anthony\Local Settings\Temp\pkg_1235111090\HSS-1.12-install-w3i-158.exe a variant of Win32/HotSpotShield application 00000000000000000000000000000000 I
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
 

·
Registered
Joined
·
26 Posts
Discussion Starter · #15 ·
Hi Riel,

Here is the log from C:\Combofix.txt:



ComboFix 10-08-15.02 - anthony 16/08/2010 11:30:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.715 [GMT 1:00]
Running from: c:\documents and settings\anthony\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\anthony\Favorites\Online Security Test.url
c:\program files\Internet Explorer\SET54.tmp
c:\program files\Internet Explorer\SET55.tmp
c:\program files\Internet Explorer\SET57.tmp
C:\test.txt
c:\windows\settings.reg
c:\windows\system32\Data

.
((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-15 13:26 . 2010-08-15 13:26 -------- d-----w- c:\program files\ESET
2010-07-20 11:49 . 2010-08-08 10:28 -------- d-----w- c:\documents and settings\anthony\Calibre Library
2010-07-20 11:48 . 2010-07-20 21:18 -------- d-----w- c:\documents and settings\anthony\Application Data\calibre
2010-07-20 11:46 . 2010-07-20 11:47 -------- d-----w- c:\program files\Calibre2
2010-07-17 18:08 . 2010-07-17 18:08 -------- d-----w- c:\documents and settings\anthony\Library
2010-07-17 18:08 . 2010-07-17 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\kinoma
2010-07-17 18:08 . 2010-07-17 18:08 -------- d-----w- c:\program files\DIFX
2010-07-17 18:07 . 2010-07-17 18:08 -------- d-----w- c:\documents and settings\anthony\Local Settings\Application Data\Sony Corporation
2010-07-17 18:07 . 2010-07-17 18:08 -------- d-----w- c:\program files\Sony
2010-07-17 18:07 . 2010-07-17 18:07 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-07-17 17:26 . 2010-07-17 17:26 -------- d-----w- c:\documents and settings\anthony\Local Settings\Application Data\kinoma

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 10:16 . 2008-12-31 13:31 -------- d-----w- c:\documents and settings\anthony\Application Data\Hamachi
2010-08-16 10:08 . 2008-05-28 13:51 -------- d-----w- c:\program files\Steam
2010-08-14 13:32 . 2007-07-13 18:37 -------- d-----w- c:\documents and settings\anthony\Application Data\Xfire
2010-08-09 15:41 . 2007-11-27 17:48 -------- d-----w- c:\documents and settings\anthony\Application Data\uTorrent
2010-08-08 16:16 . 2010-08-08 16:17 3137024 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2010-07-23 20:39 . 2007-07-13 18:37 -------- d-----w- c:\program files\Xfire
2010-07-23 15:48 . 2009-09-19 18:17 -------- d-----w- c:\program files\Common Files\BioWare
2010-07-23 15:46 . 2009-04-29 22:20 -------- d-----w- c:\program files\Paradox Interactive
2010-07-18 09:06 . 2007-07-11 15:43 46496 ----a-w- c:\documents and settings\anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 19:35 . 2009-01-10 16:56 5302113 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-08 19:34 . 2010-07-08 19:35 2964992 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2010-07-05 22:51 . 2010-07-06 09:09 2961920 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2010-07-04 22:46 . 2010-07-05 14:17 2967040 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2010-07-02 20:46 . 2010-07-02 20:46 -------- d-----w- c:\documents and settings\anthony\Application Data\Code Force Limited
2010-07-02 19:04 . 2010-06-02 10:37 -------- d-----w- c:\program files\MediaMonkey
2010-06-29 21:55 . 2010-06-30 16:09 2928640 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2010-06-25 23:08 . 2010-06-26 08:34 2923520 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2010-06-24 14:50 . 2010-06-24 14:51 2916352 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2010-06-22 18:25 . 2010-06-22 18:26 2912256 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2010-06-19 23:53 . 2010-06-20 09:24 2908672 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2010-06-19 17:12 . 2010-05-21 23:28 -------- d-----w- c:\documents and settings\anthony\Application Data\gtk-2.0
2010-06-17 19:45 . 2010-06-17 19:45 -------- d-----w- c:\program files\Freedom
2010-06-14 14:31 . 2007-07-07 13:25 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-11 02:44 . 2010-06-11 02:45 2902016 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2010-06-07 15:59 . 2010-06-07 19:17 2879488 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2010-06-05 15:41 . 2010-06-05 15:43 2877440 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2010-05-29 01:12 . 2010-05-29 09:59 2850304 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2010-05-26 22:25 . 2010-05-27 17:39 2847232 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2010-05-25 22:05 . 2010-05-25 22:11 2851840 ----a-w- c:\windows\Internet Logs\xDB51.tmp
2010-05-21 13:14 . 2009-10-02 15:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2007-10-21 17:09 . 2007-10-21 17:08 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2007-03-13 13:40 . 2007-03-13 13:40 40960 ----a-w- c:\program files\mozilla firefox\plugins\CyAxCommon320.dll
2007-03-19 10:06 . 2007-03-19 10:06 167936 ----a-w- c:\program files\mozilla firefox\plugins\CyBaseLib320.dll
2007-03-19 10:06 . 2007-03-19 10:06 823296 ----a-w- c:\program files\mozilla firefox\plugins\CyClassLib320.dll
2007-03-15 12:10 . 2007-03-15 12:10 1093632 ----a-w- c:\program files\mozilla firefox\plugins\CyComCtl320.dll
2007-03-19 10:06 . 2007-03-19 10:06 126976 ----a-w- c:\program files\mozilla firefox\plugins\CyFrameLib320.dll
2007-03-13 13:33 . 2007-03-13 13:33 106496 ----a-w- c:\program files\mozilla firefox\plugins\CyHttpAdp320.dll
2007-03-06 17:15 . 2007-03-06 17:15 933888 ----a-w- c:\program files\mozilla firefox\plugins\CyHttpLib320.dll
2007-03-20 16:40 . 2007-03-20 16:40 98304 ----a-w- c:\program files\mozilla firefox\plugins\CyMipApi320.dll
2007-03-19 10:10 . 2007-03-19 10:10 1433600 ----a-w- c:\program files\mozilla firefox\plugins\CyPlatformLib320.dll
2007-03-19 10:06 . 2007-03-19 10:06 581632 ----a-w- c:\program files\mozilla firefox\plugins\CyScriptLib320.dll
2007-09-28 18:57 . 2007-09-28 18:57 6275816 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2007-11-27 17:41 . 2007-11-27 17:41 80 --sh--r- c:\windows\system32\F923F43713.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Steam"="c:\program files\steam\steam.exe" [2010-05-08 1238352]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"Google Update"="c:\documents and settings\anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-17 133104]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"FilterGate"="c:\progra~1\FILTER~1\filtergate.exe" [2004-03-05 921600]
"P17Helper"="P17.dll" [2006-03-17 81408]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\anthony\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-31 625952]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2010-7-9 3493776]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\devolo\\informer\\devinf.exe"=
"c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\anthony\\Desktop\\Games\\VIP\\Victoria.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tsar_phalanxia\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12975:TCP"= 12975:TCP:bibi.hamachi.cc

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [14/01/2010 23:45 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [14/01/2010 23:46 59664]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [02/12/2008 22:29 222456]
R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys [17/05/2004 11:21 17280]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [07/09/2008 18:29 53307]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [14/01/2010 23:46 33552]
S3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\drivers\usbethmp.sys [07/07/2007 15:43 14342]
S3 Normandy;Normandy SR2; [x]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [30/11/2007 13:27 558592]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1659004503-839522115-1004Core.job
- c:\documents and settings\anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-17 20:40]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1659004503-839522115-1004UA.job
- c:\documents and settings\anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-17 20:40]

2010-08-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\PCProxy.dll
TCP: {4631D7B6-AA33-4B9A-9A95-E4CF0AE7CFAE} = 192.168.0.1
TCP: {7D4EE33F-E18D-469A-A999-2088F675ADB7} = 192.168.2.1
DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} - hxxp://ecos.bok.or.kr/miplatform/install/MiPlatform_Updater320_20070614_0910.cab
FF - ProfilePath - c:\documents and settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.facebook.com/home.php?
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\anthony\Application Data\Mozilla\Firefox\Profiles\ieg8uvz5.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - plugin: c:\documents and settings\anthony\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMiPlatformX320.dll
FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKLM-Run-eTrustPPAP - c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
HKLM-Run-AnonymityGateway - c:\program files\Anonymity Gateway\Anonymity Gateway.exe
AddRemove-Abdio PDF Editor v7.0 (Free Try) - c:\progra~1\Abdio\ABDIOP~1\UNWISE.EXE
AddRemove-Abe's Oddysee - c:\program files\Abe's Oddysee\Uninst.isu
AddRemove-Anonymity Gateway 3.0_is1 - c:\program files\Anonymity Gateway\unins000.exe
AddRemove-Heir to the Throne_is1 - c:\program files\Paradox Interactive\Europa Universalis III\unins000.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-In Nomine_is1 - c:\program files\Paradox Interactive\Europa Universalis III\unins000.exe
AddRemove-Information Center - c:\program files\Online Add-on\icun.exe
AddRemove-NSSSetupTemp.{6FF543AB-99B3-4120-902C-70A38314ABD8} - c:\program files\Common Files\Symantec Shared\NSSSetup\{6FF543AB-99B3-4120-902C-70A38314ABD8}_2_0_1\NSSSetup.exe
AddRemove-Populous: The Beginning - c:\program files\Bullfrog\Populous\Uninst.isu
AddRemove-Populous: The Beginning (Demo) - c:\program files\Bullfrog\Populous Demo\Uninst.isu
AddRemove-Total Realism for Warlords Gold - c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Mods\Total Realism\uninstall.exe
AddRemove-Universal Document Converter_is1 - c:\program files\Universal Document Converter\unins000.exe
AddRemove-UnrealTournament - c:\unrealtournament\System\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 11:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000007CD29417AD7F73CA15 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-1659004503-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A8F38020-08F1-1E23-F62D-E7111315FB55}*]
"dahamapb"=hex:64,62,67,6b,6f,6a,6a,61,6a,69,6a,69,62,68,6f,6a,66,64,62,65,6e,
70,67,62,62,66,63,66,66,70,64,63,6e,68,6f,6e,69,64,62,6f,00,00
"iacpilooeabggcennj"=hex:6b,61,6f,62,62,6d,6d,6f,6b,6a,67,69,65,69,63,6a,66,68,
69,61,6f,6c,00,00
"haekoklakdnjemke"=hex:69,61,62,63,63,64,6f,6c,68,68,69,6c,6c,6f,6a,69,6e,69,
00,01

[HKEY_USERS\S-1-5-21-1085031214-1659004503-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:89,1c,56,64,32,34,5b,3b,cc,bb,b9,71,47,47,f9,94,0d,dd,05,20,ef,
e1,5c,60,20,b6,8b,e1,27,cc,f7,f2,d5,99,b9,ee,47,b3,71,d4,ab,e9,7f,c6,88,58,\
"rkeysecu"=hex:9d,1b,be,34,a3,0f,11,eb,a8,c4,ea,b9,7a,dc,33,69
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\relog_ap.dll
c:\windows\system32\PCProxy.dll
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2010-08-16 12:04:12
ComboFix-quarantined-files.txt 2010-08-16 11:04

Pre-Run: 11,587,784,704 bytes free
Post-Run: 19,766,030,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B2F66B9E1985E92EA10D8DF3E833C0F8
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
How is the system behaving now?
 

·
Registered
Joined
·
26 Posts
Discussion Starter · #17 ·
Hi Riel,

There isn't much difference.I tried running GMER again, and although I got further with it than earlier before, my system still restarted spontaneously. The game which I referred to at the beginning (Not the cracked one) also froze after about twenty minutes of use.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Gmer causing a crash is not unusual - that does not indicate anything is wrong with your system.

What game are you referring to? I don't see you mentioning any game by name.
 

·
Registered
Joined
·
26 Posts
Discussion Starter · #19 ·
Hi Riel,

Oh OK then, I was a bit concerned when GMER crashed on me, so it's reassuring to hear that.

The game was Sid Meier's Pirates (Great game by the way :grin:). It's not cracked, and I haven't had any problems with it before.

Otherwise, my system appears to be a bit more stable, but it's hard to tell. I'm obviously not going to start logging on to sensitive websites until I've got the all clear from you.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
I'll take your word for it that it's a great game. :grin:

I'm not finding any malware here. The finding by Eset were cleared when you ran ComboFix.

You might want to talk to the folks in our Gaming section and see if they have any ideas for you as to why you're having troubles with the game.
 
1 - 20 of 49 Posts
Status
Not open for further replies.
Top