WiredWX Hobby Weather ToolsLog in

 


Security Suite Removal Problem

2 posters

descriptionSecurity Suite Removal Problem EmptySecurity Suite Removal Problem16th August 2010, 4:02 pm

more_horiz
I've followed the online instructions on this site and other numerous sites on how to get rid of this annoying thing. I had it once in the past and the removal went fine. 1st try, about 30mins of a scan and it was gone for good. This time, I've done the removal process about 5 or 6 times already and the scan always comes up saying that nothing is infected. Sounds good right? Nope. After a restart of the computer, log in, and guess who's still here? Good old AV Security Suite. If anyone knows anyway to kill this thing for good, please help ASAP!!
Thanks in advance.

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem16th August 2010, 4:34 pm

more_horiz
OTL.TXT

OTL logfile created on: 8/16/2010 12:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Joseph\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 11.15 Gb Free Space | 5.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOEY
Current User Name: Joseph
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/16 12:19:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph\My Documents\Downloads\OTL.com
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2008/07/09 10:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/16 12:19:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph\My Documents\Downloads\OTL.com
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv2.exe -- (WUSB54Gv2SVC)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/06/02 14:56:10 | 002,862,428 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/09 10:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2006/05/26 21:01:52 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/05/26 21:01:48 | 001,799,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/05/26 21:01:36 | 000,030,448 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/03/07 14:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/07 14:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/06 13:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/01/24 21:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Joseph\LOCALS~1\Temp\ldiskl.sys -- (ldiskl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\GALA-NET\Rappelz\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2010/02/08 23:39:36 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/08 23:39:36 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/11/20 22:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/09/11 11:40:00 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2009/09/11 11:40:00 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2009/09/11 11:40:00 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009/09/04 12:12:00 | 000,030,240 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2009/08/27 04:00:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091009.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/27 04:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091009.008\NAVENG.SYS -- (NAVENG)
DRV - [2009/03/12 10:27:20 | 000,709,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/03/11 20:47:23 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/07/09 10:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/27 04:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 16:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/04/22 19:06:07 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/02/06 13:50:22 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/31 14:29:20 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/01/24 21:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 21:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/01/13 05:13:18 | 004,137,984 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/01 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/04/23 22:43:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSBGXP.sys -- (PRISM_A02)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2418376
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "PageRage Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA79}:1.0.21
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..extensions.enabledItems: {8b2ce701-de6a-2b8a-be09-8ad8401d5e4b}:4.6.6.6
FF - prefs.js..extensions.enabledItems: gamebox@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.6.0.15
FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/01 13:11:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 13:11:24 | 000,000,000 | ---D | M]

[2008/12/27 20:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Extensions
[2010/08/12 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\extensions
[2010/07/10 22:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/07/10 22:47:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/21 10:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010/04/03 10:26:33 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2010/04/03 10:26:50 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/05/13 18:47:13 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2010/05/04 18:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\extensions\gamebox@toolbar
[2010/07/10 22:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\extensions\personas@christopher.beard
[2010/05/13 18:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\extensions\plugin@yontoo.com
[2010/04/03 10:27:40 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\searchplugins\bing-ff.xml
[2010/04/21 12:06:34 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\searchplugins\conduit.xml
[2009/06/16 15:57:22 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\elaz1e5t.default\searchplugins\mywebsearch.xml
[2010/08/12 20:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/03 10:27:06 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{8b2ce701-de6a-2b8a-be09-8ad8401d5e4b}
[2009/09/13 13:14:22 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/12/27 14:18:10 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll

O1 HOSTS File: ([2010/08/16 11:29:10 | 000,000,733 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.rsbot.org/vb/
O1 - Hosts: 127.0.0.1 rsbot.org/vb/
O1 - Hosts: 127.0.0.1 85.25.184.47
O1 - Hosts: 127.0.0.1 www.rsbot.com
O1 - Hosts: 127.0.0.1 www.rsbot.com
O1 - Hosts: 127.0.0.1 www.rsbot.org
O1 - Hosts: 127.0.0.1 www.rsbot.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 www.virustotal.com
O1 - Hosts: 127.0.0.1 www.virusscan.jotti.org/
O1 - Hosts: 127.0.0.1 www.virusscan.jotti.org/en
O1 - Hosts: 127.0.0.1 www.virusscan.jotti.org/en
O1 - Hosts: 127.0.0.1 www.rsbots.net
O1 - Hosts: 127.0.0.1 rsbots.net
O1 - Hosts: 127.0.0.1 www.RSbots.net
O1 - Hosts: 127.0.0.1 www.AutoFighter.org
O1 - Hosts: 127.0.0.1 www.RSBotting.com
O1 - Hosts: 127.0.0.1 www.RSTrainers.com
O1 - Hosts: 127.0.0.1 www.CodeSpace.net
O1 - Hosts: 127.0.0.1 www.RsAutoCheats.com
O1 - Hosts: 127.0.0.1 www.XxBots.net
O1 - Hosts: 127.0.0.1 www.AutoFarmer.org
O1 - Hosts: 127.0.0.1 www.kMiner.org
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll (ChameleonTom)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\tbPag1.dll (Conduit Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 () - http://www.newgrounds.com/portal/layout04/r/ratings_+_launcher.gif
O24 - Desktop Components:1 () - http://www.ibuildergroup.com/Art/CFB-Graphics/water-dragon-blue.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Joseph\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joseph\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/15 13:53:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4f38e009-e803-11dd-915f-000f666b935e}\Shell - "" = AutoRun
O33 - MountPoints2\{4f38e009-e803-11dd-915f-000f666b935e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f38e009-e803-11dd-915f-000f666b935e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4f38e0b6-e803-11dd-915f-000f666b935e}\Shell - "" = AutoRun
O33 - MountPoints2\{4f38e0b6-e803-11dd-915f-000f666b935e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f38e0b6-e803-11dd-915f-000f666b935e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{52fba4fe-cd52-11dd-b462-000f666b935e}\Shell - "" = AutoRun
O33 - MountPoints2\{52fba4fe-cd52-11dd-b462-000f666b935e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52fba4fe-cd52-11dd-b462-000f666b935e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/16 11:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Desktop\Malwarebytes' Anti-Malware
[2010/08/16 11:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Desktop\backups
[2010/08/16 11:29:04 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Joseph\Desktop\HijackThis.exe
[2010/08/13 09:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Local Settings\Application Data\fhjdgfqtu
[2010/08/10 10:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\My Documents\Navicat
[2010/08/10 08:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Local Settings\Application Data\DarkDBEditor
[2010/08/10 07:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/10 07:33:57 | 000,000,000 | ---D | C] -- C:\Server 3.3.3a
[2010/08/02 11:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Desktop\Movies
[2010/07/31 17:32:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/16 11:46:54 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Joseph\NTUSER.DAT
[2010/08/16 11:46:53 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 11:40:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/16 11:40:51 | 000,352,917 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/16 11:40:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/16 11:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/16 11:28:26 | 000,886,272 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\System.Data.SQLite.DLL
[2010/08/16 11:27:43 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/16 11:25:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/16 11:25:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/16 11:20:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Joseph\Desktop\HijackThis.exe
[2010/08/16 09:55:12 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Joseph\Desktop\iExplore.exe
[2010/08/16 09:55:12 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Joseph\Desktop\Copy of iExplore.exe
[2010/08/16 09:44:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Joseph\ntuser.ini
[2010/08/12 22:20:02 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/08/12 14:36:23 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/08/12 03:27:25 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:26:30 | 032,782,368 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/08/12 03:26:30 | 000,382,316 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/08/12 03:10:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:09:03 | 000,501,682 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:09:03 | 000,441,546 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:09:03 | 000,071,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 00:27:12 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/12 00:27:11 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Joseph\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 20:04:34 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Joseph\My Documents\NJVS.xls
[2010/08/11 18:00:00 | 000,000,554 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for bob.job
[2010/08/10 07:44:38 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Navicat Lite.lnk
[2010/08/09 16:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/03 15:17:02 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Joseph\jagex_runescape_preferences.dat
[2010/08/03 15:16:31 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Joseph\jagex_runescape_preferences2.dat
[2010/08/01 13:15:36 | 000,000,840 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/31 17:34:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Joseph\jagex__preferences3.dat
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/16 12:01:45 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Joseph\Desktop\Copy of iExplore.exe
[2010/08/16 09:57:14 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Joseph\Desktop\iExplore.exe
[2010/08/11 20:04:34 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Joseph\My Documents\NJVS.xls
[2010/08/10 07:44:38 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Navicat Lite.lnk
[2010/08/10 07:44:32 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/07/31 17:34:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joseph\jagex__preferences3.dat
[2010/07/31 17:34:10 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Joseph\jagex_runescape_preferences2.dat
[2010/07/02 21:36:41 | 001,116,318 | ---- | C] () -- C:\Documents and Settings\Joseph\Application Data\nvdisp.exe
[2010/07/02 21:36:33 | 000,886,272 | ---- | C] () -- C:\Documents and Settings\Joseph\Application Data\System.Data.SQLite.DLL
[2010/07/02 21:36:26 | 001,783,923 | ---- | C] () -- C:\Documents and Settings\Joseph\Application Data\4irze2125DB.exe
[2010/07/02 21:36:22 | 001,116,318 | ---- | C] () -- C:\Documents and Settings\Joseph\Application Data\3irze2125DB.exe
[2010/04/06 11:26:57 | 000,015,460 | -HS- | C] () -- C:\Documents and Settings\Joseph\Local Settings\Application Data\K6sEH5Ir2Is
[2010/04/06 11:26:57 | 000,015,460 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is
[2010/02/08 23:39:36 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/02/08 23:39:36 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/02/02 21:51:11 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/02/02 21:51:11 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/02/02 21:51:11 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/25 14:25:25 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/06/06 11:09:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/11 20:47:23 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/12/27 18:07:07 | 000,005,069 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/07/21 15:05:52 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Joseph\Local Settings\Application Data\fusioncache.dat
[2007/07/21 09:49:03 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/07/21 09:48:44 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/07/21 09:48:16 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/07/21 09:43:52 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/22 18:55:48 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/04/22 18:55:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/04/22 18:55:31 | 000,001,512 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/03/24 02:56:05 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\gc.dll
[2007/02/19 14:26:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/12/13 21:43:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/12/13 21:43:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/11/19 23:02:42 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/11/12 19:05:01 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Joseph\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/12 13:50:09 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/10/13 20:12:19 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/08/23 14:53:58 | 000,000,199 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2006/08/22 22:57:23 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/18 14:43:22 | 000,002,025 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/07/23 13:11:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/07/23 13:04:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/07/23 12:42:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/23 12:42:43 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/07/23 12:42:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/07/23 11:50:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/07/22 19:29:39 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/04/18 11:40:07 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/04/18 11:40:06 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/03/11 20:47:23 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006/07/15 09:10:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/07/15 09:10:39 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/07/15 09:10:39 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2003/03/31 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/03/31 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[2006/08/06 15:06:16 | 000,004,608 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI64.sys
[2005/03/13 15:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2006/08/06 15:06:16 | 000,007,168 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DLPT64.sys
[2006/08/06 15:06:16 | 000,005,632 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEn64.sys
[2006/08/06 15:06:16 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2006/08/06 15:06:16 | 000,005,120 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMO64.sys
[2006/08/06 15:06:16 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys
[2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\hamachi.sys
[2003/03/31 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2003/03/31 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2003/03/31 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2005/01/01 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2003/03/31 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2003/03/31 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2003/03/31 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2003/03/31 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2003/03/31 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 01:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 01:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 01:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 01:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 01:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/07/09 10:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2004/01/07 17:04:00 | 000,339,488 | ---- | M] (Cisco-Linksys, LLC.) -- C:\WINDOWS\system32\WUSB20XP.sys
[2004/04/23 22:43:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) -- C:\WINDOWS\system32\WUSBGXP.sys


descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem16th August 2010, 4:35 pm

more_horiz
< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
[2009/09/04 12:12:00 | 001,416,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WdfCoInstaller01005.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2006/07/15 13:53:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/01 22:44:46 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2006/07/15 13:53:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/07/22 19:27:34 | 000,000,090 | ---- | M] () -- C:\GFX.log
[2006/07/15 13:53:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/22 19:33:48 | 000,000,224 | ---- | M] () -- C:\LAN.log
[2006/11/23 11:56:36 | 000,000,000 | RHS- | M] () -- C:\msdos.sys
[2006/11/12 14:59:32 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/27 14:59:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/16 11:40:02 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2006/07/22 19:29:43 | 000,000,206 | ---- | M] () -- C:\Realtek.log
[2010/08/16 12:04:59 | 000,000,382 | ---- | M] () -- C:\rkill.log
[2006/07/22 19:29:39 | 000,000,391 | ---- | M] () -- C:\RtlSetup.log
[2006/07/22 19:24:01 | 000,000,086 | ---- | M] () -- C:\SBDrv.log

< %PROGRAMFILES%\*. >
[2009/09/20 09:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\3.0.1.8874 US PTR Installer
[2010/07/11 09:15:30 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2006/10/11 21:45:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/14 11:06:07 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2006/07/23 12:51:13 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2006/10/11 17:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2006/10/11 17:56:55 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2008/12/27 14:00:07 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2009/07/09 16:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/03/12 17:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis
[2006/07/22 19:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/03/12 17:52:26 | 000,000,000 | ---D | M] -- C:\Program Files\Azureus
[2010/01/01 01:17:05 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2006/11/12 13:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2006/11/12 11:51:52 | 000,000,000 | ---D | M] -- C:\Program Files\Blubster
[2009/07/09 16:46:22 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/04/03 10:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\ChameleonTom
[2010/05/02 20:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/07/15 13:51:13 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/05/13 18:47:16 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/01/01 22:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/02/05 17:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2006/08/23 14:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Disney Interactive
[2010/05/11 18:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/12/27 16:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/09/13 15:28:52 | 000,000,000 | ---D | M] -- C:\Program Files\GALA-NET
[2010/05/02 20:45:50 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/03 18:52:48 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2009/12/10 18:24:48 | 000,000,000 | ---D | M] -- C:\Program Files\Gravity
[2007/07/21 09:50:50 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007/07/21 09:50:50 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2006/07/23 12:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\hp deskjet 930c series
[2006/12/03 15:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\id Software
[2010/08/12 13:00:19 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/08/12 03:05:55 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/07/23 11:55:31 | 000,000,000 | ---D | M] -- C:\Program Files\iolo
[2009/07/09 16:46:59 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/07/09 16:47:14 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/06/25 20:47:40 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/06/25 20:49:06 | 000,000,000 | ---D | M] -- C:\Program Files\JavaFX
[2010/02/08 07:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\Konami
[2006/11/12 12:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2008/12/27 14:06:03 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Media
[2009/10/12 15:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2007/04/22 19:06:05 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
[2010/04/09 00:56:41 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn Hamachi
[2006/11/12 11:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\MAIET
[2010/07/09 22:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/12/13 20:48:43 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2010/02/11 18:36:57 | 000,000,000 | ---D | M] -- C:\Program Files\MegaDev
[2008/12/27 15:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/07/23 12:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2006/07/23 12:41:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/07/23 12:41:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/12/27 16:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/08/12 03:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/05/03 18:52:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/08/01 13:11:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/03/04 15:36:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/12/27 15:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\msn
[2006/07/15 13:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/07/22 19:23:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/12/27 14:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2009/10/10 16:19:29 | 000,000,000 | ---D | M] -- C:\Program Files\NCSoft
[2008/12/27 15:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/13 21:31:53 | 000,000,000 | ---D | M] -- C:\Program Files\Nimbuzz
[2009/06/29 12:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\No-IP
[2009/09/25 18:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2009/09/25 18:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2009/12/25 10:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2006/11/12 12:16:47 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/11 22:57:56 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/07/03 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files\PageRage
[2009/06/01 10:24:24 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/01/01 01:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\Postal2STP
[2009/03/11 22:29:28 | 000,000,000 | ---D | M] -- C:\Program Files\PowerISO
[2010/08/10 07:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\PremiumSoft
[2009/12/17 21:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
[2009/07/09 16:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/07/22 19:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/03/17 19:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\REAPER
[2009/03/04 15:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/08/20 20:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Rockstar Games
[2010/04/08 15:33:27 | 000,000,000 | ---D | M] -- C:\Program Files\Runic Games
[2008/12/27 16:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/04/03 10:26:51 | 000,000,000 | ---D | M] -- C:\Program Files\Search Toolbar
[2006/07/23 12:40:07 | 000,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
[2009/03/16 17:33:13 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/03/16 17:30:29 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2009/10/10 15:45:08 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/16 11:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/06/25 20:48:11 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2006/12/13 20:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/10/10 15:48:38 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2008/12/27 16:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010/02/10 02:37:11 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2009/03/18 16:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Toontrack
[2006/12/13 21:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2010/07/12 21:07:40 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2010/07/14 00:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006/07/15 14:21:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/08/30 20:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
[2010/07/11 09:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/05/13 16:50:47 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2010/05/03 18:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2006/11/09 21:31:39 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/03/18 17:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2010/07/14 00:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\VTFEdit
[2008/12/27 15:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/12/27 15:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/08/11 13:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2006/07/15 13:54:06 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/06/16 15:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/05/13 18:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Client
[2006/11/12 13:50:05 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs
[2008/12/27 14:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\ZoneAlarmSB

< %appdata%\*.* >
[2010/07/02 21:36:23 | 001,116,318 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\3irze2125DB.exe
[2010/07/02 21:36:28 | 001,783,923 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\4irze2125DB.exe
[2006/07/15 09:12:07 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Joseph\Application Data\desktop.ini
[2010/07/02 21:36:23 | 001,116,318 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\nvdisp.exe
[2010/08/16 11:28:26 | 000,886,272 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\System.Data.SQLite.DLL


< MD5 for: AGP440.SYS >
[2006/11/12 14:57:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/27 14:53:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/11/12 14:57:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/12/27 14:53:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/11/12 14:57:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/27 14:53:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/11/12 14:57:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/12/27 14:53:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2006/11/12 14:57:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/12/27 14:53:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2006/11/12 14:57:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/12/27 14:53:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2006/11/12 14:57:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/12/27 14:53:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2006/11/12 14:57:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/12/27 14:53:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 02:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 07:10:48

========== Files - Unicode (All) ==========
[2006/10/31 15:11:12 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2006/10/31 15:11:12 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2006/10/20 14:19:39 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
[2006/10/20 14:19:39 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
[2006/10/19 14:34:53 | 000,000,000 | ---D | M](C:\WINDOWS\??stem32) -- C:\WINDOWS\ѕуstem32
[2006/10/19 14:34:51 | 000,000,000 | ---D | C](C:\WINDOWS\??stem32) -- C:\WINDOWS\ѕуstem32
(C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
< End of report >

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem16th August 2010, 4:44 pm

more_horiz
MBAMLOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/16/2010 12:43:41 PM
mbam-log-2010-08-16 (12-43-41).txt

Scan type: Quick scan
Objects scanned: 158281
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem16th August 2010, 5:09 pm

more_horiz
Additional info:
This all started Friday the 13th. Coincidence? I think YES.

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem16th August 2010, 11:48 pm

more_horiz
Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
    2010/07/02 21:36:41 | 001,116,318 | ---- | C] () -- C:\Documents and Settings\Joseph\Application Data\nvdisp.exe
    [2010/07/02 21:36:33 | 000,886,272 | ---- | C] () -- C:\Documents and Settings\Joseph\Application Data\System.Data.SQLite.DLL
    [2010/07/02 21:36:26 | 001,783,923 | ---- | C] () -- C:\Documents and Settings\Joseph\Application Data\4irze2125DB.exe
    [2010/07/02 21:36:22 | 001,116,318 | ---- | C] () -- C:\Documents and Settings\Joseph\Application Data\3irze2125DB.exe
    [2010/04/06 11:26:57 | 000,015,460 | -HS- | C] () -- C:\Documents and Settings\Joseph\Local Settings\Application Data\K6sEH5Ir2Is
    [2010/04/06 11:26:57 | 000,015,460 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is

    :commands
    [emptytemp]
    [purity]
    [resethosts]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem17th August 2010, 1:10 pm

more_horiz
OTL:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
C:\Documents and Settings\Joseph\Application Data\System.Data.SQLite.DLL moved successfully.
C:\Documents and Settings\Joseph\Application Data\4irze2125DB.exe moved successfully.
C:\Documents and Settings\Joseph\Application Data\3irze2125DB.exe moved successfully.
C:\Documents and Settings\Joseph\Local Settings\Application Data\K6sEH5Ir2Is moved successfully.
C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 119176 bytes

User: All Users

User: bob
->Temp folder emptied: 7191388 bytes
->Temporary Internet Files folder emptied: 648954 bytes
->Java cache emptied: 13425895 bytes
->FireFox cache emptied: 48885697 bytes
->Flash cache emptied: 5328 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: frankie
->Temp folder emptied: 524683995 bytes
->Temporary Internet Files folder emptied: 21756228 bytes
->Java cache emptied: 4848571 bytes
->Flash cache emptied: 47343 bytes

User: joe
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Joseph
->Temp folder emptied: 1216218603 bytes
->Temporary Internet Files folder emptied: 2601349638 bytes
->Java cache emptied: 40911515 bytes
->FireFox cache emptied: 40009753 bytes
->Google Chrome cache emptied: 40486927 bytes
->Flash cache emptied: 133188 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 6612710 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 472832 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1456142 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8012136 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77502042 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 55429765 bytes

Total Files Cleaned = 4,492.00 mb

C:\WINDOWS\ѕуstem32\ѕуstem32 folder moved successfully.
Folder move failed. C:\WINDOWS\ѕуstem32 scheduled to be moved on reboot.
C:\WINDOWS\System32\sуmbols folder moved successfully.
C:\Program Files\WіnSxS folder moved successfully.
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.10.0 log created on 08172010_085328

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT07140.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT07143.TMP not found!
Folder move failed. C:\WINDOWS\ѕуstem32 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem17th August 2010, 4:24 pm

more_horiz
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem17th August 2010, 5:27 pm

more_horiz
LOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/17/2010 12:43:10 PM
mbam-log-2010-08-17 (12-43-10).txt

Scan type: Quick scan
Objects scanned: 150584
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem17th August 2010, 5:27 pm

more_horiz
I think it's gone. 3 resets and it hasn't popped up.

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem17th August 2010, 6:58 pm

more_horiz
So Security Suite is gone but I can't connect to anything besides the internet. World of Warcraft can't connect, steam can't connect. Any ideas?

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem18th August 2010, 9:46 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Security Suite Removal Problem CF_download_FF

    Security Suite Removal Problem CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Security Suite Removal Problem Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Security Suite Removal Problem Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionSecurity Suite Removal Problem EmptyRe: Security Suite Removal Problem

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum